The Tor network is a revolutionary piece of software. With a single program, it is now possible to browse and view the Web anonymously. This makes Tor an essential tool for users who want to preserve their privacy when browsing a website. It is also possible to use Tor for hosting a local web server online to make it incredibly helpful for privacy-conscious users who want to share information publicly without revealing themselves.
Note: find out what Tor and onion routing are first before you proceed.
Why Host Your Website Over Tor?
One of the biggest advantages of hosting over Tor is that its connection also goes through intermediary nodes similar to the Tor Browser. A visitor checking out your website will not be able to know where you are hosting it from.
Aside from that, you also do not need to forward any ports to make your Tor-only website work. This makes hosting simple and accessible even in highly restricted networks. For example, a machine under a Carrier-Grade NAT network can still publish a website directly through Tor.
Requirements
Before you can install both Nginx and Tor, you need to first make sure that you have the following resources ready:
- An Internet connection that does not restrict Tor for both incoming and outgoing requests. This allows you to broadcast your website through the Tor network.
- A machine that can handle the website you are hosting. In most cases, a dual core desktop with 4GB of RAM should be enough for a basic website.
- Root access to your hosting machine, as configuring Tor requires you to access system files.
The below image shows how to host an Nginx Tor-only website on an Ubuntu 22.04 LTS machine.
Installing Nginx and Tor
Open a terminal. Type the following command to install Nginx and Tor:
sudo apt install nginx tor wget
Configuring Firewall
Once you have installed both packages in your system, you can secure your server by configuring your firewall to only accept incoming connections from the Tor network by typing the following commands in the terminal:
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT sudo iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT sudo iptables -I INPUT -m state --state NEW -p tcp --dport 9050 -j ACCEPT
The first two commands open both the HTTP and HTTPS ports in your system, while the last command explicitly opens the SOCKS port for the Tor network. This approach ensures that Tor will be able to properly redirect any traffic that is going to your machine.
Creating a Tor Service for Your Website
Next, you need to create a hidden service entry for your web server. This is a service-specific configuration that will allow you to broadcast in the Tor network.
First, switch to your root account. You can do that by running the following command:
sudo -i
Once you are inside root, create your hidden service by editing the “/etc/tor/torrc” file. In my case, I am opening this file through GNU Nano.
nano /etc/tor/torrc
Find the “location-hidden services” section by pressing Ctrl + W, then typing “location-hidden.”
You will see a couple of examples that demonstrate how to create your own Tor hidden service. For the most part, however, you only need to set two options: HiddenServiceDir and HiddenServicePort.
The HiddenServiceDir option tells Tor where it should save the configuration files for your hidden service. The HiddenServicePort option tells Tor how it should redirect any requests to your hidden service.
The following lines of code will create a new hidden service for your webserver:
HiddenServiceDir /var/lib/tor/nginx-tor-service/ HiddenServicePort 80 127.0.0.1:80 HiddenServicePort 443 127.0.0.1:443
Reload the Tor daemon to apply your new settings by running the following commands:
systemctl enable tor
systemctl restart torTip: learn how to use Tor with your VPN connection.
Creating a Simple Website Using Nginx
Once a Tor hidden service is up and running, start setting up your webserver. Create a new configuration file through the touch command:
sudo touch /etc/nginx/sites-available/nginx-tor-service
Edit your new Nginx configuration file as a basic web server. For example, the following block of code will deploy a simple web server at port 80:
server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; server_name 4tth4kzmipldb5elklravakdwlnte3ck6m5ahl73nfbe6ni67zmyvxyd.onion; location / { try_files $uri $uri/ =404; } }
- The two
listenvariables set both the ports and host that this server configuration should listen to. In this case, Nginx listens at port 80 on both IPv4 and IPv6. - The
rootvariable sets the location where Nginx will look for the files on your webserver. - The
server_namevariable contains the domain name of your server. Find it by runningsudo less /var/lib/tor/nginx-tor-service/hostname. - The
locationvariable contains functions on how Nginx deals with the files in your website’s root. In this example, it only sets the 404 error for any missing files.
Create a symbolic link for your new configuration file to “/etc/nginx/sites-enabled.”
sudo ln -s /etc/nginx/sites-available/nginx-tor-service /etc/nginx/sites-enabled/
Lastly, enable your new website by restarting Nginx:
sudo systemctl enable nginx sudo systemctl restart nginx
Accessing Your Website Over Tor
With both Tor and Nginx up and running, check whether your website is accessible from the Tor network. (Need to find more websites in the dark web? Check out these search engines.) First, download the latest Tor browser binary:
wget https://www.torproject.org/dist/torbrowser/11.5.7/tor-browser-linux64-11.5.7_en-US.tar.xz
Extract the browser’s files in the current directory by running the following command:
tar xvf ./tor-browser-linux64-11.5.7_en-US.tar.xz cd ./tor-browser_en-US
Also, make sure that the Tor browser binary has the right execution bits:
sudo chmod +x ./start-tor-browser.desktop
Run and install Tor Browser on your machine by running the following command:
./start-tor-browser.desktop --register-app
Lastly, browse to your new Tor website by typing its domain name in the address bar.
Frequently Asked Questions
Is it possible to host a game server using Tor?
Yes, but running a Tor game server will result in a very poor gaming experience. For example, running a Minetest server over Tor will have a latency between 1000 and 5000 milliseconds.
While there are ways to speed up your Tor connections, the developers of Tor did not design the network to work in low-latency applications. Because of that, Tor is mostly helpful in publishing webpages and applications that do not depend on low latency.
I am trying to host an FTP website but can't access it through Tor.
This issue is most likely due to a missing configuration in the “/etc/tor/torrc” file. To properly host a new service over Tor, make sure that the proper ports are open both in your firewall and torrc.
For example, add HiddenServicePort 21 127.0.0.1:21 and HiddenServicePort 22 127.0.0.1:22 to create an open FTP and SFTP port in your machine.
Is it possible to host my website over SSL in Tor?
It is important to note that SSL is not a hard requirement when securing your Tor website. By default, Tor already encrypts your connections as soon as you load the Tor browser, so any website you visit on Tor is end-to-end encrypted.
If you want, obtain an SSL certificate for your Tor website, though the process can be tricky, as there are only a handful of certificate authorities that actively issue TLS for .onion domains.
Image credit: Unsplash. All alterations and screenshots by Ramces Red.
Our latest tutorials delivered straight to your inbox
