Setting Up a Tor Hidden Service on Ubuntu (Without Any Control Panel And With Webmin)

This guide will walk you through configuring a Tor hidden service on a Linux Ubuntu server running in VirtualBox on your laptop or PC. We’ll also install and configure essential software (Nginx, PHP, and MySQL) and include steps for additional security hardening.

The two configurations covered here are:

1. Setting up a Tor hidden service without any control panel, where you’ll manually configure the server through terminal commands.
2. Setting up a Tor hidden service with Webmin, which provides a web-based interface for easier server management.

---

Prerequisites

• VirtualBox Installed: Download and install VirtualBox from the official website.
• Ubuntu Server ISO: Download the ISO image for Ubuntu Server from Ubuntu’s website.

Initial Setup: VirtualBox & Ubuntu Installation

1. Create a New Virtual Machine:
   • Open VirtualBox, select New, and name your VM (e.g., “Ubuntu Tor Server”).
   • Choose Linux and Ubuntu (64-bit).
   • Allocate memory (RAM). 2GB is recommended, but since you have 32GB, you can allocate more if needed.
   • Create a virtual hard disk (at least 10GB, dynamically allocated).
2. Install Ubuntu:
   • Start the VM, select the Ubuntu ISO, and proceed with the installation.
   • Follow on-screen instructions to set up a minimal Ubuntu server.
   • Note: Ensure SSH is installed during setup for remote access if needed.
3. Update and Secure the Server:
   • Once Ubuntu is installed, open a terminal and update packages:

sudo apt update && sudo apt upgrade -y

Option 1: Configuring a Tor Hidden Service on Ubuntu Without a Control Panel

Step 1: Install Tor

1. Add the Tor repository:

sudo apt install -y gnupg apt-transport-https
echo “deb [arch=amd64] https://deb.torproject.org/torproject.org $(lsb_release -cs) main” | sudo tee /etc/apt/sources.list.d/tor.list
wget -qO- https://deb.torproject.org/torproject.org/tor.gpg | sudo gpg –dearmor -o /usr/share/keyrings/tor-archive-keyring.gpg
sudo apt update

Install Tor:

sudo apt install -y tor deb.torproject.org-keyring

Enable and start Tor:

sudo systemctl enable tor
sudo systemctl start tor

Step 2: Configure Tor for a Hidden Service

1. Open the Tor configuration file:

sudo nano /etc/tor/torrc

Add the following configuration to enable a hidden service on your server:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

• HiddenServiceDir: This is the directory where Tor stores your hidden service’s private key and hostname.
• HiddenServicePort: This maps port 80 on your hidden service (onion) to port 80 on localhost.

Save the file, then restart Tor to apply changes:

sudo systemctl restart tor

Get your .onion address:

sudo cat /var/lib/tor/hidden_service/hostname

Copy this address as it will be the URL to access your hidden service.

Step 3: Install Nginx

1. Update package lists and install Nginx:

sudo apt install -y nginx

Configure Nginx for Tor by setting it to listen only on localhost (127.0.0.1).

• Open a new server block configuration file:

sudo nano /etc/nginx/sites-available/hidden_service

Add the following configuration:

server {
listen 127.0.0.1:80;
server_name localhost;

root /var/www/html; index index.php index.html index.htm; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # Ensure correct PHP version }

}

Enable the new configuration and restart Nginx:

sudo ln -s /etc/nginx/sites-available/hidden_service /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

Step 4: Install PHP and MySQL

1. Install PHP and its MySQL extension:

sudo apt install -y php php-fpm php-mysql

Install MySQL server:

sudo apt install -y mysql-server

Secure MySQL:

sudo mysql_secure_installation

Verify and restart services:

sudo systemctl restart php7.4-fpm
sudo systemctl restart mysql

Option 2: Configuring Tor Hidden Service with Webmin

Step 1: Install Tor (Repeat Steps 1-2 from Option 1)

Step 2: Install Webmin

1. Add Webmin to the source list:

echo “deb http://download.webmin.com/download/repository sarge contrib” | sudo tee /etc/apt/sources.list.d/webmin.list
wget -q http://www.webmin.com/jcameron-key.asc -O- | sudo apt-key add –
sudo apt update

Install Webmin:

sudo apt install -y webmin

1. Access Webmin in a browser by navigating to https://<your_local_ip>:10000.

Step 3: Install Nginx, PHP, and MySQL Through Webmin

1. Navigate to Un-used Modules > Nginx Webserver and install Nginx from Webmin’s interface.
2. For PHP and MySQL:
   • Go to Software Packages within Webmin.
   • Search for and install php, php-mysql, and mysql-server.

Step 4: Configure Tor and Hidden Service on Webmin

1. In Webmin, open Servers > Nginx Webserver to set up your server block similar to the terminal-based instructions.
2. Under Networking > Network Configuration > Network Interfaces, configure your Nginx server to bind only to 127.0.0.1.

Step 5: Webmin Security Hardening

1. Restrict IP access under Webmin Configuration > IP Access Control.
2. Disable unnecessary Webmin modules.
3. Use SSL: Under Webmin Configuration > SSL Encryption, ensure SSL is enabled.

Security Hardening Tips

1. Enable UFW (Uncomplicated Firewall):
   • Set firewall rules to restrict access:

sudo ufw allow 80/tcp
sudo ufw allow 10000/tcp # For Webmin
sudo ufw enable

Log Monitoring: Regularly check logs for suspicious activity.

Secure SSH (if accessible):

• Use key-based authentication.
• Change the default SSH port and disable root login.

File Permissions: Lock down permissions in the /var/www/html directory:

sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 750 /var/www/html


Regular Updates: Keep your software up-to-date, especially Webmin and Tor.

To install a PHP website with a MySQL database on your Ubuntu server (configured as a Tor hidden service), I’ll walk you through the process using two approaches:

1. Terminal-only setup (without Webmin)
2. Webmin setup (using Webmin’s web interface)

Prerequisites Recap

Assuming you’ve already installed Tor, Nginx, PHP, and MySQL on your Ubuntu server as outlined in the previous setup guide. Now, let’s proceed to set up the PHP website and MySQL database.

---

Approach 1: Installing a PHP Website and MySQL Database Using Terminal

Step 1: Setting Up the MySQL Database

1. Log into MySQL:

sudo mysql -u root -p

• Enter the root password for MySQL you set during the installation.

Create a Database and User:

• Create a new database for your website:

CREATE DATABASE your_database_name;

• Create a new MySQL user and grant privileges:

CREATE USER ‘your_username’@’localhost’ IDENTIFIED BY ‘your_password’;
GRANT ALL PRIVILEGES ON your_database_name.* TO ‘your_username’@’localhost’;
FLUSH PRIVILEGES;

• Replace your_database_name, your_username, and your_password with appropriate values for your setup.

Exit MySQL:

EXIT;

Step 2: Preparing the Website Files

1. Create a Directory for Your Website:
   • By default, Nginx serves files from the /var/www/html directory. You can either use this default directory or create a specific folder for your website, such as /var/www/your_website.

sudo mkdir -p /var/www/your_website

Upload Your PHP Website Files:

• Copy your website files (PHP, HTML, etc.) to /var/www/your_website. If you’re working on a local machine, you can use scp (secure copy) to transfer files.
• Ensure the web server has permissions to access these files:

sudo chown -R www-data:www-data /var/www/your_website
sudo chmod -R 755 /var/www/your_website

Step 3: Configure Nginx to Serve the PHP Website

1. Create a New Nginx Configuration File:
   • Open a new configuration file:

sudo nano /etc/nginx/sites-available/your_website

• Add the following configuration, customizing it for your website’s directory:

server {
listen 127.0.0.1:80;
server_name localhost;

root /var/www/your_website; index index.php index.html index.htm; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # Ensure this matches your PHP version }

}

Enable the New Configuration:

• Link the file to sites-enabled to activate it:

sudo ln -s /etc/nginx/sites-available/your_website /etc/nginx/sites-enabled/

Test and Restart Nginx:

• Test the Nginx configuration to ensure there are no syntax errors:

sudo nginx -t

sudo nginx -t

If successful, restart Nginx to apply changes:

sudo systemctl restart nginx

Step 4: Test the PHP Website

1. Create a Test PHP File:
   • Create a phpinfo.php file to test if PHP is working:

echo “” | sudo tee /var/www/your_website/phpinfo.php

1. Access the test file by navigating to your Tor hidden service address (e.g., http://your_hidden_service.onion/phpinfo.php) to confirm that PHP and MySQL are correctly configured.
2. Connect the PHP Application to the Database:
   • Edit your website’s PHP configuration files to include the database name, username, and password created earlier.
   • Verify that your PHP code is able to connect to the database by testing queries and database interactions.

---

Approach 2: Installing a PHP Website and MySQL Database Using Webmin

For this approach, we’ll leverage Webmin’s web interface to set up MySQL and configure Nginx for your PHP website.

Step 1: Access Webmin

• Access Webmin in your browser by navigating to https://<your_local_ip>:10000.
• Log in with the credentials you set during Webmin’s installation.

Step 2: Set Up the MySQL Database

1. Open the MySQL Module in Webmin:
   • Navigate to Servers > MySQL Database Server.
2. Create a New Database:
   • Under Create Database, enter a name for your new database (e.g., your_database_name) and click Create.
3. Create a New MySQL User:
   • Under User Permissions, click Create a new user.
   • Enter a username (e.g., your_username) and a password, then assign Permissions to allow access to your new database.
   • Click Create to save the user.
4. Confirm Database Access:
   • You should see the database and user listed, confirming they were created successfully.

Step 3: Upload Website Files

1. Navigate to File Manager:
   • In Webmin, go to Others > File Manager.
2. Upload Website Files:
   • Go to /var/www/your_website (or create this directory if it doesn’t exist).
   • Use the Upload button to add your PHP and HTML files to this directory.
3. Set Permissions:
   • Ensure www-data has ownership of the files. You can set this in the File Manager, or use the following command in terminal:

sudo chown -R www-data:www-data /var/www/your_website

Step 4: Configure Nginx Using Webmin

1. Open the Nginx Module:
   • Go to Servers > Nginx Webserver in Webmin.
2. Add a New Server Block:
   • Under Create Virtual Host, set:
     • Listen on address: 127.0.0.1
     • Port: 80
     • Document Root: /var/www/your_website
     • Server Name: localhost
   • Save the settings.
3. Edit PHP Configuration:
   • Go to Edit Directives in the Nginx module for your new virtual host.
   • Add or edit the PHP configuration section as shown below:

location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}

1. Apply Changes:
   • Save and apply your configuration in Webmin, and restart Nginx using the Apply Changes button.

Step 5: Test and Secure Your PHP Website

1. Access the PHP Test Page:
   • Like in the terminal setup, create a test phpinfo.php file and access it to verify your setup.
2. Set Database Connection in PHP:
   • Ensure your PHP configuration files point to the database by setting the database name, username, and password in your PHP code.

---

Security Hardening

General Security Tips

1. Firewall:
   • Restrict access to only necessary ports (80 for the website and 10000 for Webmin).
   • For example:

sudo ufw allow 80/tcp
sudo ufw allow 10000/tcp
sudo ufw enable

Disable Unnecessary Modules in Webmin:

• Disable any unused Webmin modules to reduce your server’s attack surface.

Keep Software Up-to-Date:

• Regularly update your system, Tor, and Webmin to ensure you have the latest security patches:

sudo apt update && sudo apt upgrade -y

1. Backup Regularly:
   • Use automated backups for both your website files and MySQL database.
2. Limit Webmin Access:
   • Restrict Webmin to be accessible only locally (127.0.0.1) if using a VPN or SSH tunnel.

This guide provides a step-by-step setup to deploy a PHP website on your Ubuntu server, both through terminal commands and Webmin’s interface. For security, using Webmin can simplify management but introduces additional considerations, so careful configuration is necessary for protecting your hidden service.

Conclusion
Setting up a Tor hidden service on Ubuntu within VirtualBox offers a private, secure hosting environment. However, running Webmin on a Tor hidden service has potential security implications, so careful configuration and monitoring are essential.