How to Set Up a Tor Domain on VPS

Setting up a Tor hidden service (also known as a .onion domain) on your VPS allows you to create an anonymous website that can only be accessed through the Tor network. This can enhance privacy and security, making your website more resistant to censorship and surveillance.

In this tutorial, we’ll guide you through the process of setting up a Tor domain on your VPS, covering the installation of Tor, configuring the hidden service, and testing the setup.


Prerequisites

  • A VPS running Ubuntu 20.04 or later (other Linux distributions can be used, but the instructions may vary).
  • Root access or sudo privileges on the VPS.
  • Basic knowledge of Linux command-line operations.

Step 1: Install and Configure Tor

1.1 Update Your System

Before installing Tor, make sure your VPS is up to date. Run the following commands:

 
sudo apt update sudo apt upgrade -y

1.2 Install Tor

Tor is available from the default Ubuntu repositories, but you can also install it from the Tor Project’s official repository for the latest version.

  1. Add the Tor repository:
 
sudo add-apt-repository ppa:torproject/tor-browser -y sudo apt update
  1. Install Tor:
 
sudo apt install tor -y

1.3 Start and Enable Tor Service

To ensure Tor starts automatically on system boot and is currently running, use the following commands:

 
sudo systemctl enable tor sudo systemctl start tor

Verify that Tor is running with:

 
sudo systemctl status tor

Step 2: Configure the Tor Hidden Service

Once Tor is installed and running, you’ll need to configure it to create a Tor hidden service (a .onion domain). This involves editing the Tor configuration file.

2.1 Edit Tor Configuration File

  1. Open the Tor configuration file for editing:
 
sudo nano /etc/tor/torrc
  1. Set up the hidden service:

Scroll to the end of the file and add the following configuration to specify the hidden service:

 
# Set up the hidden service HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80
  • HiddenServiceDir: This is the directory where Tor will store the hidden service files, including the private key and the .onion address.
  • HiddenServicePort: This defines the port to which Tor should forward traffic. Here, it's set to forward HTTP traffic (port 80) to your local web server (also on port 80). If you're running a different service, change the port accordingly.

2.2 Restart Tor

After saving the configuration file, restart Tor to apply the changes:

 
sudo systemctl restart tor

Step 3: Set Up a Web Server

For your .onion domain to serve content, you need a web server. Apache or Nginx are commonly used, but here we will cover the installation of Apache.

3.1 Install Apache Web Server

  1. Install Apache:
 
sudo apt install apache2 -y
  1. Start and enable Apache to run on boot:
 
sudo systemctl enable apache2 sudo systemctl start apache2

3.2 Verify Apache

Ensure Apache is working by opening your VPS IP address in a browser (http://your-vps-ip). You should see the default Apache page.


Step 4: Retrieve Your .Onion Address

Once Tor is configured with the hidden service, Tor will generate your .onion address.

  1. Find the .onion address:

After restarting Tor, the hidden service directory will contain the generated hostname file, which holds the .onion address.

 
sudo cat /var/lib/tor/hidden_service/hostname

This will output something like:

 
 
exampleonionaddress.onion

This is your Tor domain that you can use to access your website anonymously through the Tor network.


Step 5: Test Your Tor Domain

To test your hidden service:

  1. Download and install Tor Browser on your local machine from the official Tor Project website.

  2. Open Tor Browser and enter your .onion address (e.g., exampleonionaddress.onion) into the browser’s address bar.

  3. You should see the default Apache page or whatever content you’ve configured on your web server.


Step 6: Optional: Secure Your .Onion Domain with SSL (HTTPS)

While Tor provides a level of anonymity and encryption, you can still add an extra layer of security by setting up SSL to serve content over HTTPS.

6.1 Install Certbot and SSL Certificate

  1. Install Certbot:
 
sudo apt install certbot python3-certbot-apache -y
  1. Obtain an SSL certificate:

Certbot can automatically configure SSL for your Apache server. However, Certbot does not issue certificates for .onion addresses, as these are unique to the Tor network and not recognized by traditional certificate authorities. So, SSL certificates won’t apply to your .onion domain directly.

You can still manually set up SSL certificates for services hosted on your regular domain (like .com or .org), but onion services are encrypted by default through Tor.


Step 7: Secure Your Hidden Service

  1. Set Permissions for Tor Hidden Service Directory:

Ensure the hidden service directory has correct permissions to protect your Tor private key and configurations.

 
sudo chown -R debian-tor:debian-tor /var/lib/tor/hidden_service/ sudo chmod 700 /var/lib/tor/hidden_service/
  1. Configure Firewall:

It’s crucial to restrict non-Tor traffic from accessing your service to ensure privacy. For this, configure your firewall to allow connections only from Tor.

For example, if using UFW (Uncomplicated Firewall), you can deny all external traffic except for the Tor network:

 
sudo ufw default deny incoming sudo ufw allow from 127.0.0.1 to any port 80 sudo ufw enable

Step 8: Maintain and Update Your Tor Hidden Service

  1. Regularly check Tor logs to ensure there are no issues with your hidden service:
 
sudo tail -f /var/log/tor/log
  1. Monitor your web server to make sure it’s running smoothly and that your .onion domain is accessible.

Conclusion

By following these steps, you’ve successfully set up a Tor hidden service with a .onion domain on your VPS. This allows you to run an anonymous website that can only be accessed through the Tor network, offering additional privacy and protection against censorship.

Always ensure your system is up to date, monitor logs for any issues, and consider implementing extra security measures, such as firewall configurations and regular updates to your server software, to ensure the ongoing security of your hidden service.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Powered by WHMCompleteSolution