Hello guys, in this post we will take a look overview about Tor network and learn how to setup your own hidden service(s) from scratch where we also install nginx as prefered web server. If you already has a website running, skip installing nginx, and skip the web server configuration.

What is Tor

Tor or The Onion Routing is a network that has multiple transport encryption that bounce through multiple anonymous relay to your request server. This enchance the anonymity of the user when browsing using Tor.

What about Tor Hidden Service?

Tor hidden service or most people called "darkweb" or "darknet" or what ever they called it is a web services that serves within the tor network and has .onion extension tld. This URL can only be connected within the tor network itself.

Prerequisite

You'll need a web server to host your dark web hidden service. If you don't have a web server, consider using my referral link DigitalOcean. Sign up using that link will grant you 50$ free credit on sign up which can be use for 30 days for free. Enjoy!

Setup

1. Go to your remote server, and install nginx and tor packages.

$ sudo apt install tor nginx -y

1. Setting up Nginx

Nginx enabled site configuration file available at /etc/nginx/sites-enabled/*.conf . Whatever config in this folder will be included in nginx.conf.

What is important in this nginx configuration is that to make sure your website is on the right web root (e.g. `/var/www/html/index.html), and the listing port is correct. If you can access the webpage on your browser. you're good to go.

If you have an web application running on different port (not nginx service) this is also fine, you can just use Tor to redirect the traffic to your local listening service port.

2. Setting up Tor

1. Edit the torrc configs

$ sudo nano /etc/tor/torrc

2. Find the section where it says "This section is just for location-hidden services". We are going to edit some configs to enable the hidden service.

Uncomment both these:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

The HiddenServiceDir is where your hidden service (your website) located. The HiddenServicePort is where the connection from outsite connects to your hidden service through port 80 and specify the address to your web by changing the 127.0.0.1:80 with [localhost]:[your-webserver-listener-port]

HiddenServicePort x y:z says to redirect requests on port x to the
address y:z.

Change the config to:

HiddenServiceDir /var/lib/tor/[hidden-service-name]/
HiddenServicePort 80 127.0.0.1:80

The hidden service name can be anything such as "myblog" or whatever.

If you have another hidden services just uncomment below config to enable another hidden service. Note that the listening port should be different with other hidden services to avoid conflict.

Once you restart the service, the folder of the hidden service will be created for you.

$ sudo systemctl restart tor.service

3. Your hidden service is now running. To get the .onion link, go to `/var/lib/tor/[your-hidden-service]' and you'll find two files within this directory.

4. The hostname is your .onion link where you should tell everyone to visit your hidden service. If you wish to edit the hostname, don't edit the name directly as it linked to the private key. However there is a way to get your prefered onion name and will discuss in the next section.

5. The private_key is important. If you plan to keep the hidden service for a long run, you should keep it safe somewhere else.

Get custom .onion url

To get custom .onion link, you will need to use a tool such as scallion, shallot or eschalot These tool can help make .onion link customization by brute forcing hash until meet your specified regex.

Testing

To test your new hidden service, start your web server and tor service. On your host, connect to Tor network. and browse to the onion url see if you get the page of your website.

If you have any question, please let me know down in the comment section below. Thank you. Hopefully this short guide helps you successfully build your own hidden service.