How to host a Tor .onion site on a Debian Server (nginx + tor)

How to host a Tor .onion site on a Debian Server (nginx + tor)

Posted on

This information will stroll you thru the method of setting the server for internet hosting a static web site on the Darkish Internet. This may be achieved by means of the usage of Tor Hidden Providers. To maintain issues easy and safe, we’ll use static recordsdata.

This text is designed for and examined on a distant Debian-based server. This server needs to be adequately protected previous to being utilized in manufacturing.


The packages of Tor in Ubuntu or Debian’s default repositories aren’t at all times updated. Tor maintains its personal repositor. That repository should be added.
sources.record: Earlier than you may purchase Tor, it’s essential to first configure our package deal repository. First, it’s essential to decide the identification of your distribution. lsb launch -c or cat /and so forth/debian model are simple instructions to execute. Go to the Debian web site if you’re uncertain concerning your Debian model. Ask Wikipedia about Ubuntu.

For creating a brand new file it’s best to run the next traces to /and so forth/apt/sources.record

sudo nano /and so forth/apt/sources.record

To the top of the file, append the next:

deb stretch predominant
deb-src stretch predominant

Add your gpg key utilizing the instructions beneath at your command immediate. Then your packages are signed.

gpg --keyserver keys.gnupg.web --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
[email protected]:~# gpg --keyserver keys.gnupg.web --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: /root/.gnupg/trustdb.gpg: trustdb created
gpg: key EE8CBC9E886DDD89: public key " archive signing key" imported
gpg: Whole quantity processed: 1
gpg: imported: 1
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

Execute the replace.

sudo apt-get replace

Then set up Tor in your server

sudo apt-get set up tor

Notice: In case you run the final command, chances are you’ll acquire the next: tor : Relies upon: libevent-2.0-5 (>= 2.0.10-stable), nonetheless it isn’t installable. Then it’s best to repair it manually  : wget ; apt set up ./libevent-2.0-5_2.0.21-stable-3_arm64.deb ; rm ./libevent-2.0-5_2.0.21-stable-3_arm64.deb

The Hidden Service

To activate our hidden service, we should change the Tor configuration file. To start, we’ll create a backup copy of this configuration file.

sudo cp /and so forth/tor/torrc /and so forth/tor/OLD.torrc

Additionally you can also make adjustments to your configuration file.

sudo vi /and so forth/tor/torrc

All Tor buyer providers, relays, and hidden providers are deactivated and commented out by default. Allow us to start by activating the hidden service. Find the realm dedicated to secret providers. It’ll resemble this.

############### This part is only for location-hidden providers ###
## After you have configured a hidden service, you may have a look at the
## contents of the file ".../hidden_service/hostname" for the handle
## to inform individuals.
## HiddenServicePort x y:z says to redirect requests on port x to the
## handle y:z.
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80
#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80
#HiddenServicePort 22

Then uncommented the next traces:

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80

That is how the hidden providers part ought to seem now.

############### This part is only for location-hidden providers ###
## After you have configured a hidden service, you may have a look at the
## contents of the file ".../hidden_service/hostname" for the handle
## to inform individuals.
## HiddenServicePort x y:z says to redirect requests on port x to the
## handle y:z.
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80
#HiddenServiceDir /var/lib/tor/other_hidden_service/
#HiddenServicePort 80
#HiddenServicePort 22

Then tor is restarted by:

sudo service tor restart

Additionally, consider the Tor standing

sudo systemctl standing tor
[email protected]θd3: # systemctl standing tor
tor.service - Anonymizing overlay community for TCP (multi-instance-master)
Loaded: loaded (/lib/systemd/system/tor.service; enabled; vendor preset: enabled)
Energetic: lively (exited) since Thu 2020-11-12 13:14:57 UTC; 7s in the past
Course of: 11664 ExecStart=/bin/true (code=exited, standing=0/SUCCESS)
Foremost PID: 11664 (code=exited, standing=0/SUCCESS)
Nov 12 13:14:57 nød3 systemd[1]: Beginning Anonymizing overlay community for TCP (multi-instance-master)... 
Nov 12 13:14:57 nød3 systemd[1]: Began Anonymizing overlay community for TCP (multi-instance-master).

Tor ought to have generated a few recordsdata. Step one is to create a hostname file. Open it to acquire your .onion handle.

sudo cat /var/lib/tor/hidden_service/hostname

The file I contained contains 6ad4242dqvoc7e7jgh5laivs2fs7l4u2ej2gscaxtc5wbxlskow4vqd.onion. One thing comparable needs to be in your file. The opposite file accommodates a non-public and public key pair. Open it up and look inside.

sudo ls -lrt /var/lib/tor/hidden_service/
[[email protected]θd3:/var/lib/tor/hidden_service# ls -lrt 
complete 16 
-rw------- 1 debian-tor debian-tor 96 Nov 12 13:14 hs_ed25519_secret_key 
-rw------- 1 debian-tor debian-tor 64 Nov 12 13:14 hs_ed25519_public_key
-rw------- 1 debian-tor debian-tor 63 Nov 12 13:14 hostname
drwx--S--- 2 debian-tor debian-tor 4096 Nov 12 13:14 approved shoppers

If it turns into important sooner or later, you may switch your server to a brand new machine utilizing these two recordsdata. Make a replica of those recordsdata and hold them secure.


For this mission, nginx is a superb internet server. So  Nginx needs to be put in as.

sudo apt-get set up nginx

Notice your server should have a firewall put in. I counsel the Uncomplicated  Firewall (UFW). In case you require help with UFW, see A Information to the Easy Firewall (UFW) for Linux. Enable HTTP visitors with the next command.

sudo ufw permit 'Nginx HTTP'

Confirm that your server’s IP handle is operational by visiting it.
Take away this rule if every little thing is working correctly. After that, restart the firewall.

sudo ufw deny 'Nginx HTTP'
sudo ufw reload


Disable undesirable data sharing by enhancing the principle Nginx configuration file.

sudo vi /and so forth/nginx/nginx.conf

Add the next to the http block:

server_name_in_redirect off;
server_tokens off;
port_in_redirect off;

Now restart the Nginx server by following command.

sudo systemctl restart nginx

Internet Server Root Listing

Create a listing to retailer our internet server recordsdata.

sudo mkdir /var/www/dark_net

Create and edit a file referred to as index.html on your web site.

sudo nano /var/www/dark_net/index.html

Add no matter you need inside. We don’t require actual HTML; as an alternative, we require one thing distinctive in the meanwhile.

Welcome to my web page

Permissions should be set so the file could be simply accessed by Nginx.

sudo chmod 755 /var/www/dark_net

Take away Nginx Default

Delete the default web site.

sudo rm /and so forth/nginx/sites-enabled/default
sudo rm /and so forth/nginx/sites-available/default

Add Obtainable Website

Creating a brand new web site within the available-sites listing.

sudo nano /and so forth/nginx/sites-available/dark_net

Inside, insert the next on your occasion’s root and server identify variables.

server {
pay attention;
root /var/www/dark_net/;
index index.php index.html;
server_name 6ad4242dqvoc7e7jgh5laivs11s734u2ej2gscaxtc5wbxlskow4vqd.onion; 

Notice: Add your individual .onion handle in server_name and Protected the file.

Including the given web site to the site_enabled record.

sudo ln -s /and so forth/nginx/sites-available/dark_net/and so forth/nginx/sites-enabled/

Then Nginx sever is restarted.

sudo systemctl restart nginx

Tor Browser

Entry the Tor Browser (which you’ll obtain right here) and navigate to your beforehand generated .onion handle. If functioning of the system is correct, then the beforehand created dummy index.html web page will likely be proven.
Subsequently, you now have an internet site right here on Darkish Internet. Any paperwork situated contained in the /var/www/darkish internet listing could be accessible on-line. In case you are utilizing a static web site builder, that is the situation the place the end result will likely be saved.

offshore vps