Hosting a website on TOR (Linux)

NOTE: This method of getting vanity is only applicable to V2. I will soon update this blog for V3. Only work around to test is Downgrade your browser.

I had a lot of guys asking How can I host a website on TOR with my own custom domain name?. There are some issues invloved while hosting a TOR website. The solutions to those problems are already available on the internet but not in one place. I thought why not I solve all those errors myself and give a proper and streamline solution to this question?.

In this tutorial I will be using:

• Raspberry Pi running Raspbian (I am using lite version you are free to use any)
• An ethernet cable.
• Micro SD Card (32 GB recommended)
• Micro SD Card reader
• Micro USB Cable to bake the Pi 😜
• And a bunch of Linux Commands

Cook the Pi:

Download the Raspberry Pi Imager from here. Now install Raspberry Pi Imager and launch it.

Raspberry Pi Imager welcome screen

Now select the Operating System you want to install on your Pi (Adding ingredients to the Pi). The page should look something like this:

Choose OS Screen (Raspberry Pi Imager)

Once you select the OS, select your Storage.

Storage Selection Screen

Once done we have to setup some basic configurations on Pi, for example Connection Settings, SSH and Hostname etc.

Setup:

Now you will a gear icon for settings to setup some basic configurations. Now I will go walkthrough those settings with Raspberry Pi Imager automated method and also Manual method becuase sometimes Raspberry Pi images method doesn’t work and being an old school person I like the manual method.

Raspberry Pi Imager method:

Advanced Options

Configure all the settings according to your specifications. Once configurations are done, save these configurations and start the baking process 😋 (Burning process).

As soon as the Pi is cooked (Flashing is done) serve it by inserting the SD Card in the Pi and connecting the USB cable to the power source. If you have added the wireless ingredient in it (enabled wireless in the advanced options), you should be able to discover the Pi on the table (on your network).

Problem:

The problem with wireless method is that it will be a bit difficult to discover the Pi on the network. You might need to scan the whole network with a network discovery tool such as Angry IP scanner or namp.

But unfortunately my Pi wasn’t discovered on the network. So I will be using the manual method, for that we will need an ethernet cable.

Manual Method (Headless Mode) :

• Take out the SD Card from the Pi.
• Insert the Card back into SD Card reader and connect it to your system

Once connected you should see the a new boot partition on your system.

Raspberry Pi partition

• Now go to this partition and create a new file with “ssh” name having no file extension.
• Now connect the raspberry Pi to your computer via ethernet cable
• Use your ssh client to connect to Pi. I am using Putty. This is called Headless Mode.
• Use your raspberry Pi hostname as Hostname and leave the ssh port as default i.e. Port 22.
• In my case it looks something like this:

Connecting to raspberry Pi.

Connection to Raspberry Pi

With ifconfig Command we can see that if our Pi is connected to our wireless network and find it’s IP address, but like I said earlier the automated method gives issues sometimes as you can see our Pi is not connected to the Wireless network.

Command output

Now configure the Wifi to get access the internet and get rid of this ethernet cable too.

Wireless Configuration:

• Enter the command “sudo raspi-config”.

Raspberry Pi configuration

• Here you can configure other system settings too.
• Select “System Options” in the list.
• Then select “Wireless LAN”.
• Enter your SSID and Password.
• Use “ifconfig” command again to check your wireless connection.

Raspberry Pi wireless connection

• Note your IP and disconnect the Ethernet cable (if you want to).
• Reconnect using the wireless IP.

Hosting your website:

Installing Packages:

• Run “sudo apt update” Command to update your packages
• You can leave it as it is or run “sudo apt upgrade” to upgrade the packages as well.
• Now run “sudo apt install tor”.

Configurations:

• Edit the “torrc” file. “sudo nano /etc/tor/torrc”

torrc file

Once the file is open. scroll down until you found the following lines and uncomment them.

Lines to be uncommented

• Press Ctrl+S to save the changes and Ctrl+X close the text editor.
• Now use “sudo service tor restart” to restart the tor services and load these configurations.
• Use “sudo service tor status” just to make sure tor service is up and running.

Tor service status

• Once this is done, Tor will assign you a random Onion address.
• Use “sudo cat /var/lib/tor/hidden_service/hostname”.
• If you don’t see this file and directory. Create these manually
• “sudo mkdir /var/lib/tor”
• “sudo mkdir /var/lib/tor/hidden_service”
• “sudo touch /var/lib/tor/hidden_service/hostname”
• Now change the ownership and permissions
• “sudo chown -R raspi /var/lib/hidden_service/”
• “sudo chmod 700 /var/lib/hidden_service/hostname”
• Now restart the tor service using “sudo systemctl restart tor”
• You should be able to get a hostname, “sudo cat /var/lib/tor/hidden_service/hostname”

• Next we install a web server you can use any web server you want. I will go with nginx because apache web server throws some undervoltage error on raspberry pi but it should work normally on Desktop.
• Start the nginx service with “sudo service nginx start”

Nginx start and status

• Now visit the onion address you got from hostname file and you should see your page.

Dark Webpage

A Pinch of hardening to Nginx:

We are going to make some changes to nginx configuration file.

• Do “sudo nano /etc/nginx/nginx.conf”.
• Uncomment the lines:

Configuration file

You can further customize your website by editing the file /var/www/html/index.nginx-debian.html

Setup Your Custom Domain:

• Once you are done with the above steps. You can create a custom domain name.
• I will be using this freely available tool on github. Thanks to the author.

git clone https://github.com/ReclaimYourPrivacy/eschalot

Download eschalot

# apt install libssl-dev -y
# cd eschalot
# make
# ./edchslot -vct6 -p daniel (look for the help to understand the syntax)

• This program will give you a private key.

cd /var/lib/tor/hidden_service
rm hostname
sudo systemctl restart tor

• A new hostname file will be generated with your custom domain name.

All of the above configurations only work for vanity on Onion V2 and doesn’t work on Onion V3.

The next section will explain to solve this issue and get a vanity on Onion V3 but that is a little time consuming and the name will not be as short as Onion V2 but still it’s a good initiative for exploration and learning.

Vanity on Onion V3:

• Download the following project from github thanks to the author(s) for the efforts.

git clone https://github.com/cathugger/mkp224o.git
sudo apt install autoconf libsodium-dev
cd mkp224o
./autogen
./configure
make
./mkp224o -S 5 -d onions daniel

This will save the matching domain names to the Onions directory. Now change your directory to the Onions and you will find other directories ending with “.onion”. Change the directory with any domain name you would like and copy the files from it.

cd <domainname.onion>
cp * /var/lib/tor/hidden_service
systemctl start tor
systemctl start nginx

Once this is done, you should be able to visit your website through the custom domain name.

Conslusoin:

The main idea of the article was to experice something and play with raspberry Pi. For the time being this article is only intended for script kiddies and noobs but later on it will be updated with some theories and more descriptions. I am hoping you must have learned something new. It will be very helpful if you drop a problem in the comment box so I can make another article about it and help others to solve the problem more efficiently.