Setting up a Tor hidden service (also known as a .onion domain) on your VPS allows you to create an anonymous website that can only be accessed through the Tor network. This can enhance privacy and security, making your website more resistant to censorship and surveillance.
In this tutorial, we’ll guide you through the process of setting up a Tor domain on your VPS, covering the installation of Tor, configuring the hidden service, and testing the setup.
Prerequisites
- A VPS running Ubuntu 20.04 or later (other Linux distributions can be used, but the instructions may vary).
- Root access or sudo privileges on the VPS.
- Basic knowledge of Linux command-line operations.
Step 1: Install and Configure Tor
1.1 Update Your System
Before installing Tor, make sure your VPS is up to date. Run the following commands:
1.2 Install Tor
Tor is available from the default Ubuntu repositories, but you can also install it from the Tor Project’s official repository for the latest version.
- Add the Tor repository:
- Install Tor:
1.3 Start and Enable Tor Service
To ensure Tor starts automatically on system boot and is currently running, use the following commands:
Verify that Tor is running with:
Step 2: Configure the Tor Hidden Service
Once Tor is installed and running, you’ll need to configure it to create a Tor hidden service (a .onion domain). This involves editing the Tor configuration file.
2.1 Edit Tor Configuration File
- Open the Tor configuration file for editing:
- Set up the hidden service:
Scroll to the end of the file and add the following configuration to specify the hidden service:
- HiddenServiceDir: This is the directory where Tor will store the hidden service files, including the private key and the .onion address.
- HiddenServicePort: This defines the port to which Tor should forward traffic. Here, it's set to forward HTTP traffic (port 80) to your local web server (also on port 80). If you're running a different service, change the port accordingly.
2.2 Restart Tor
After saving the configuration file, restart Tor to apply the changes:
Step 3: Set Up a Web Server
For your .onion domain to serve content, you need a web server. Apache or Nginx are commonly used, but here we will cover the installation of Apache.
3.1 Install Apache Web Server
- Install Apache:
- Start and enable Apache to run on boot:
3.2 Verify Apache
Ensure Apache is working by opening your VPS IP address in a browser (http://your-vps-ip). You should see the default Apache page.
Step 4: Retrieve Your .Onion Address
Once Tor is configured with the hidden service, Tor will generate your .onion address.
- Find the .onion address:
After restarting Tor, the hidden service directory will contain the generated hostname file, which holds the .onion address.
This will output something like:
This is your Tor domain that you can use to access your website anonymously through the Tor network.
Step 5: Test Your Tor Domain
To test your hidden service:
-
Download and install Tor Browser on your local machine from the official Tor Project website.
-
Open Tor Browser and enter your .onion address (e.g.,
exampleonionaddress.onion
) into the browser’s address bar. -
You should see the default Apache page or whatever content you’ve configured on your web server.
Step 6: Optional: Secure Your .Onion Domain with SSL (HTTPS)
While Tor provides a level of anonymity and encryption, you can still add an extra layer of security by setting up SSL to serve content over HTTPS.
6.1 Install Certbot and SSL Certificate
- Install Certbot:
- Obtain an SSL certificate:
Certbot can automatically configure SSL for your Apache server. However, Certbot does not issue certificates for .onion addresses, as these are unique to the Tor network and not recognized by traditional certificate authorities. So, SSL certificates won’t apply to your .onion domain directly.
You can still manually set up SSL certificates for services hosted on your regular domain (like .com
or .org
), but onion services are encrypted by default through Tor.
Step 7: Secure Your Hidden Service
- Set Permissions for Tor Hidden Service Directory:
Ensure the hidden service directory has correct permissions to protect your Tor private key and configurations.
- Configure Firewall:
It’s crucial to restrict non-Tor traffic from accessing your service to ensure privacy. For this, configure your firewall to allow connections only from Tor.
For example, if using UFW (Uncomplicated Firewall), you can deny all external traffic except for the Tor network:
Step 8: Maintain and Update Your Tor Hidden Service
- Regularly check Tor logs to ensure there are no issues with your hidden service:
- Monitor your web server to make sure it’s running smoothly and that your .onion domain is accessible.
Conclusion
By following these steps, you’ve successfully set up a Tor hidden service with a .onion domain on your VPS. This allows you to run an anonymous website that can only be accessed through the Tor network, offering additional privacy and protection against censorship.
Always ensure your system is up to date, monitor logs for any issues, and consider implementing extra security measures, such as firewall configurations and regular updates to your server software, to ensure the ongoing security of your hidden service.