Setting up an anonymous website or hidden service/server in Tor network is actually easier than setting up a normal web server as Tor router will nicely breach through your firewall and NAT. The regular server requires domain and hostname (DNS), public IP address and firewall rules besides the web server software (Apache, Nginx, IIS). Hidden service, on the other hand, requires only Tor router program and web server software. When you create the hidden service first time, the Tor router generates .onion domain name for you based on the private key of the hidden service.

How to setup Tor Server (Hidden Service) in Ubuntu?
In order to setup Tor Server, you need first install Tor base software. Tor Project maintains repositories for the major Linux distributions. In this example, I am using Ubuntu Server 16.04 LTS.
Setup Tor repositories and install Tor
Add following entries in to the /etc/apt/sources.list file. It is recommended to use official Tor Project repositories as Official Ubuntu repositories might not be up-to-date.
1 2 | deb http://deb.torproject.org/torproject.org stretch main deb-src http://deb.torproject.org/torproject.org stretch main |
Then you need to add gpg keys which are used to sign the packages.
1 2 | gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add - |
Finally, install the software with the following commands.
1 2 | sudo apt-get update sudo apt-get install tor deb.torproject.org-keyring |
Tor should start automatically, but you can check it with the following command.
1 | sudo service tor status |
Setup Hidden Service
Technically Hidden Web Server does not differ from normal Web Server behind the proxy. Instead of using Apache or Nginx as a reverse proxy, we use Tor Router in that position. In order to setup “Tor reverse proxy”, edit /etc/tor/torrc file and remove comment from HiddenServiceDir and HiddenServicePort directives. In this example, my web server is listening on port 8080.
############### This section is just for location-hidden services ### ## Once you have configured a hidden service, you can look at the ## contents of the file ".../hidden_service/hostname" for the address ## to tell people. ## ## HiddenServicePort x y:z says to redirect requests on port x to the ## address y:z. HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:8080 #HiddenServiceDir /var/lib/tor/other_hidden_service/ #HiddenServicePort 80 127.0.0.1:80 #HiddenServicePort 22 127.0.0.1:22
Your server can host multiple Hidden Services, just setup each one in its own directory.
After setting up required changes in torrc -file, restart Tor service by running following command.
1 | sudo service tor restart |
When you restart the tor service, the Tor creates the required encryption key and hostname file into the configured directory.
root@###:/# ls -l /var/lib/tor/hidden_service/ total 8 -rw------- 1 debian-tor debian-tor 23 Sep 3 11:37 hostname -rw------- 1 debian-tor debian-tor 891 Sep 3 11:19 private_key root@###:/#
The hostname file contains the Tor address for the hidden service.
root@###:/# cat /var/lib/tor/hidden_service/hostname ie4fmpv2obd2iy2t.onion
Example Nginx configuration for Hidden Service
server { server_name ie4fmpv2obd2iy2t.onion; #Server listens hidden service name listen 8080; # Listen port 8080 access_log /var/log/nginx/hidden-access.log; # Access Log Location error_log /var/log/nginx/hidden-error.log; # Error Log Location root /var/www/html/hiddensite; # Site root directory index index.php index.html index.htm; # Search for index.php/html/htm }