How to Setup Anonymous Website in Tor Network

Posted on by Wrecked Security

Setting up an anonymous website or hidden service/server in Tor network is actually easier than setting up a normal web server as Tor router will nicely breach through your firewall and NAT. The regular server requires domain and hostname (DNS), public IP address and firewall rules besides the web server software (Apache, Nginx, IIS). Hidden service, on the other hand, requires only Tor router program and web server software. When you create the hidden service first time, the Tor router generates .onion domain name for you based on the private key of the hidden service.

Hidden Service vs Normal Service.

How to setup Tor Server (Hidden Service) in Ubuntu?

In order to setup Tor Server, you need first install Tor base software. Tor Project maintains repositories for the major Linux distributions. In this example, I am using Ubuntu Server 16.04 LTS.

Setup Tor repositories and install Tor

Add following entries in to the /etc/apt/sources.list file. It is recommended to use official Tor Project repositories as Official Ubuntu repositories might not be up-to-date.

1
2
deb http://deb.torproject.org/torproject.org stretch main
deb-src http://deb.torproject.org/torproject.org stretch main

Then you need to add gpg keys which are used to sign the packages.

1
2
gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Finally, install the software with the following commands.

1
2
sudo apt-get update
sudo apt-get install tor deb.torproject.org-keyring

Tor should start automatically, but you can check it with the following command.

1
sudo service tor status

Setup Hidden Service

Technically Hidden Web Server does not differ from normal Web Server behind the proxy. Instead of using Apache or Nginx as a reverse proxy, we use Tor Router in that position. In order to setup “Tor reverse proxy”, edit /etc/tor/torrc file and remove comment from HiddenServiceDir and HiddenServicePort directives. In this example, my web server is listening on port 8080.

############### This section is just for location-hidden services ###

## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080

#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80 127.0.0.1:80
#HiddenServicePort 22 127.0.0.1:22

Your server can host multiple Hidden Services, just setup each one in its own directory.

After setting up required changes in torrc -file, restart Tor service by running following command.

1
sudo service tor restart

When you restart the tor service, the Tor creates the required encryption key and hostname file into the configured directory.

root@###:/# ls -l /var/lib/tor/hidden_service/
total 8
-rw------- 1 debian-tor debian-tor  23 Sep  3 11:37 hostname
-rw------- 1 debian-tor debian-tor 891 Sep  3 11:19 private_key
root@###:/#

The hostname file contains the Tor address for the hidden service.

root@###:/# cat /var/lib/tor/hidden_service/hostname
ie4fmpv2obd2iy2t.onion

Example Nginx configuration for Hidden Service

server {
    server_name ie4fmpv2obd2iy2t.onion; #Server listens hidden service name
    listen 8080; # Listen port 8080

    access_log /var/log/nginx/hidden-access.log; # Access Log Location
    error_log /var/log/nginx/hidden-error.log; # Error Log Location

    root /var/www/html/hiddensite; # Site root directory
    index index.php index.html index.htm; # Search for index.php/html/htm
}

 

Leave a Reply

Your email address will not be published. Required fields are marked *