Installation
Tor
- Install the dependency
sudo apt install apt-transport-https
- Create/edit
/etc/apt/sources.list.d/tor.list
deb [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org <DIST> main
deb-src [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org <DIST> main
Change <DIST>
to the output of lsb_release -c
- Add the GPG key from TOR
wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg >/dev/null
- Update and install TOR
sudo apt update
sudo apt install tor deb.torproject.org-keyring
NGINX
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
| sudo tee /etc/apt/preferences.d/99nginx
sudo apt update
sudo apt install nginx
Configuration
TOR
Edit the torrc file
sudo nvim /etc/tor/torrc
Uncomment the following lines
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
This will redirect request coming in from port 80
from to 127.0.0.1:80
NGINX
Create a new site config
cp /etc/nginx/sites-available/default /etc/nginx/sites-available/xx.onion
server {
listen 80 default_server;
listen [::]:80 default_server;
error_page 404 /404.html;
location /404.html {
internal;
}
root /var/www/<name>;
index index.html;
server_name <name>.onion;
location / {
try_files $uri $uri/ =404;
}
}
If you use a differnt port in the torrc file, change the listen
directive to match the port.
To enable the site:
ln -s /etc/nginx/sites-available/xx.onion /etc/nginx/sites-enabled/xx.onion
rm /etc/nginx/sites-enabled/default
nginx -s reload
- Website will live at
/var/www/[html/]
as per NGINX config - Your hidden service config will be at
/var/lib/tor/hidden_service/
as per torrc config
NGINX 404
Create a 404.html page and place it in the root of the website’s directory
sudo nvim /etc/nginx/sites-available/xxx
Add the following lines to the server block
error_page 404 /404.html;
location /404.html {
internal;
}
This will serve the 404.html in the root of the website’s directory when a 404 error occurs.
Reload NGINX to apply the changes
sudo systemctl reload nginx
References
- https://support.torproject.org/apt/tor-deb-repo/↗
- https://nginx.org/en/linux_packages.html#Ubuntu↗
- https://community.torproject.org/onion-services/setup/↗
- https://www.cyberciti.biz/faq/howto-nginx-customizing-404-403-error-page/↗
- https://serverfault.com/questions/1062957/is-server-name-really-needed-for-default-server-nginx↗