39

I have heard a lot about creating darknet sites lately. I also use the Tor browser frequently.

The tor service is running in my Debian server at home, and it was installed with: 

sudo apt-get install tor

I have an idea how the Tor network works and also use torify once in a while, in Linux, and MacOS, for doing some tests with ssh and wget over the Tor network.

I have noticed the lines in /etc/tor/torrc

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80

However, how to go from there? How are .onion sites/names created?
What are the basics about setting up such a service in Linux?

Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232

1 Answers1

49

Creating an .onion service in the Tor network is as simple as editing /etc/tor/torrc and adding:

HiddenServiceDir /var/lib/tor/www_service/
HiddenServicePort 80 127.0.0.1:80

After restarting the tor service with

sudo service tor restart

or

sudo service tor reload

The directory will be created automagically, and inside the new directory, two files are generated, hostname and private_key.

The hostname file has a somewhat random name inside, which is your address in the .onion network. 

$sudo cat /var/lib/tor/www_service/hostname
xyew6pdq6qv2i4sx.onion

The names are generated in negotiation with the actual Tor network, which also explains why sites/services in the Tor network have such strange names.

There appears to be scripts for getting (using brute force?) a slighter less random name, I got an impression the added complexity is not worth the extra effort.

So actually, what you have configured now, is that all visits to in the Tor network to http://xyew6pdq6qv2i4sx.onion/ will be forwarded to a daemon listening to 127.0.0.1:80 (localhost:80) on your server.

Now we can setup a web daemon to answer for that IP adress:port and only binding for localhost e.g. it does not answers requests in the local network, and in any public IP address in the "regular" Internet.

For instance, using nginx, change the default server configuration in /etc/nginx/sites-enabled/default to:

server {
    listen 127.0.0.1:80 default_server;
    server_name xyew6pdq6qv2i4sx.onion;
    ...
}

Install some pages, and voilá, you have a darknet site.

The actual part of installing the service per se, is not the most difficult part however. Care must be taken for not to leak informations of the real machine in:

  • the security setup of the server;
  • the daemon providing the service;
  • the firewalling/iptables rules.

Special care must be taken of DNS leaks too, either via dnscrypt or tor.

See the answer at resolving DNS via Tor for more information.

Such setup can be either used to setup somewhat anonymous sites, or more interestingly yet, due to the properties of arriving as a reverse proxy configuration, to setup a temporary service/download files from a network where there are no firewall rules, or public IP addresses/NAT available to setup a proper www site in the Internet at large.

Obviously, there is so much more to talk about security concerns, however it is out of scope of this question.

For multiple services in the same host, please see the related question: How to set up multiple Tor hidden services in the same host?

For an introduction to the theme, have a look at: Setting up a hidden service with NGinx and Onionshop Guide: How To Set Up a Hidden Service?

If having problems opening .onion sites with FireFox, see: Visiting darknet/ Tor sites with Firefox

Rui F Ribeiro
  • 56,709
  • 26
  • 150
  • 232