Let’s Make A TOR Website
Preamble
What could be more intriguing, bizarre, eccentric and kinky rather than creating your own website, your visit card that will be accessible only on mainstream “DeEp wEb”?
Today, I want to help you with creating your own TOR website.
The first part will be dedicated to manual configuration of the server. If the articles are successful, I will review other optional features TOR project provides, as multiple sites with TOR, Operational security, best practices, etc. Also automated deployment with terraform.
Before we start, I would like to ask you to subscribe to my Patreon to make me able to create more content.
Let’s go!
TOR Who?
Guys, don’t pretend like you don’t know what TOR is. I ain't going to tell you what is that because you already know. Don’t waste my time.
For archeologists who found my laptop in 5 million years with somehow this medium page cached. If you somehow don’t know what is TOR, it’s just an anonymous network. It also provides the ability to hide your websites, so they will be visible only on this anonymous network.
TOR Docs
TOR provides you with good, complete documentation. We will work according to this documentation.
Installing TOR
Regarding the documentation, we must have TOR installed on our Linux machine.
Before that, we need to configure our apt TOR repo to be linked to the newest TOR version.
I will show you all the process on Ubuntu “Jammy”. So keep in mind, that sequence could differ based on OS. As a side note, I use an AWS free-tier account to maintain it.
- Install apt-transport-https package.
sudo apt install apt-transport-https
2. Add actual information about TOR package to apt repo list.
Put the next lines to/etc/apt/sources.list.d/tor.list
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org <DISTRIBUTION> main
Instead of <DISTRIBUTION> paste, your current OS distribution.
To achieve that, simply use lsb_release -c
command. In my case, it was “jammy”.
3. Sign the key.wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg — dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
4. Finally, you can update the list of your apt repos. Run sudo apt update
5. Install TOR service with apt install tor deb.torproject.org-keyring
Setting up a local web server
Right after installing tor, we must set up our local web server. I’m going to use nginx in this case.
6. Install nginx. sudo apt install nginx
7. Check whether your website is alive. Browse for your server’s IP address.
Configuring TOR service
8. After successful tor service installation on your Linux server, edit /etc/tor/torrc
file.
You will want to change the next lines (photo related):
By the way, HiddenServiceDir can take any path you want your tor website and related information to be stored.
9. Restart your TOR service with sudo systemctl restart tor
10. Move to directory with your tor website. You can see the hostname, public key, secret key, etc.
The other files are your Onion Service keys, so it is imperative that these are kept private. If your keys leak, other people can impersonate your Onion Service, deeming it compromised, useless, and dangerous to visit.
DO NOT SHOW PRIVATE KEYS TO OTHER PEOPLE, OTHERWISE YOUR SITE COULD BE COMPROMIZED BY OTHER PEOPLE
To find out the .onion
link of your website, do cat hostname
Checking the website
11. Open your browser. Ready. Steady. GO! Search for the link! Yes! We found it! Our super secret “Welcome to nginx” OG page inside the TOR network.
Congratulations!
Today, we have done a web server that will be accessible on the TOR network.
Thanks for reading!
I would be grateful if you support me on PayPal!
My beloved supporters
Special thanks to VIP Jay Dohe for supporting me on Patreon!