How to Set Up a Tor Hidden Service on Ubuntu Server

How to Set Up a Tor Hidden Service on Ubuntu Server

By Category :

How to Set Up a Tor Hidden Service on Ubuntu Server with Nginx, PHP, MySQL, and Uploading a Website (Complete Guide)

Creating a Tor hidden service on an Ubuntu server ensures anonymity for both server operators and users. This guide will walk you through the entire process: setting up Tor, installing a LEMP stack (Linux, Nginx, MySQL, PHP), creating a MySQL database and user, uploading a website, and connecting it to the database. It also includes tips for securing your hidden service for maximum safety.

Step 1: Prerequisites

Before starting, make sure you have:

  1. Ubuntu Server: A fresh installation of Ubuntu Server (20.04 or newer is recommended).
  2. Sudo or Root Access: Administrative privileges.
  3. Virtualization: If running locally, use VirtualBox or similar software for isolation.
  4. Basic Understanding: Familiarity with SSH and basic server management.

Step 2: Update and Secure Your Server

  1. Update Packages: Update the system to ensure all packages are current: sudo apt update && sudo apt upgrade -y
  2. Install Utilities: Install basic tools for server management: sudo apt install curl wget ufw unzip -y
  3. Enable a Firewall: Configure the Uncomplicated Firewall (UFW) to allow SSH: sudo ufw allow OpenSSH sudo ufw enable sudo ufw status

Step 3: Install Tor

  1. Add the Tor Repository: Add the Tor repository for installation: echo "deb [arch=amd64] https://deb.torproject.org/torproject.org $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/tor.list wget -qO - https://deb.torproject.org/torproject.org/keys.asc | sudo gpg --dearmor -o /usr/share/keyrings/tor-archive-keyring.gpg
  2. Install Tor: Update and install Tor: sudo apt update sudo apt install tor -y
  3. Start and Enable Tor: Ensure Tor starts automatically: sudo systemctl start tor sudo systemctl enable tor

Step 4: Configure Tor Hidden Service

  1. Edit Tor Configuration: Open the Tor configuration file: sudo nano /etc/tor/torrc
  2. Add Hidden Service Configuration: Append the following lines to configure the hidden service: HiddenServiceDir /var/lib/tor/hidden_service/HiddenServicePort 80 127.0.0.1:80
    • HiddenServiceDir: Directory to store the Tor service keys.
    • HiddenServicePort: Maps .onion address to the local server.
  3. Restart Tor: Restart Tor to apply the configuration: sudo systemctl restart tor
  4. Retrieve .onion Address: Check your .onion address: sudo cat /var/lib/tor/hidden_service/hostname Save this address for future use.

When configuring multiple Onion services (hidden services) on the same server, you must use a unique internal port for each service, while you can use the same external port. Here’s how it works:

  1. Internal Port: This is the port your local server (e.g., Apache or Nginx) listens on. Each Onion service must have a unique internal port so that Tor can correctly route traffic to the appropriate service.
  2. External Port: This is the port that Tor network users see and use when accessing your Onion service. You can use the same external port for all Onion services because each service has its unique .onion address.

Example:

HiddenServiceDir /var/lib/tor/hidden_service1/
HiddenServicePort 80 127.0.0.1:8081

HiddenServiceDir /var/lib/tor/hidden_service2/
HiddenServicePort 80 127.0.0.1:8082

In this case, service1 forwards to port 8081, and service2 forwards to port 8082 on the localhost.

Nginx Configuration

In the Nginx configuration, you need to ensure that Nginx listens on these internal ports and routes the traffic to the appropriate services. For example:

server {
listen 8081;
server_name hidden1.onion;

location / {
proxy_pass http://127.0.0.1:3000;
}

}

server {
listen 8082;
server_name hidden2.onion;

location / {
proxy_pass http://127.0.0.1:4000;
}

}

Here, Nginx listens on ports 8081 and 8082 for the hidden services hidden1.onion and hidden2.onion respectively, and forwards requests to the respective backend applications running on ports 3000 and 4000.

Why Different Internal Ports?

  • Tor cannot forward traffic from multiple hidden services to the same port on localhost, as it would create a conflict.
  • Each hidden service needs a dedicated internal port to uniquely route the traffic to the appropriate application.

Notes

  • The external port for the hidden service (e.g., 80 or 443) can be the same for all services, as this is what clients see when connecting through Tor.
  • The internal port (defined in torrc and used by Nginx or the backend service) must be unique for each hidden service.

Step 5: Install Nginx

  1. Install Nginx: Install the Nginx web server: sudo apt install nginx -y
  2. Start and Enable Nginx: Ensure Nginx is running: sudo systemctl start nginx sudo systemctl enable nginx
  3. Test Nginx: Verify Nginx by checking http://127.0.0.1 or running: curl -I http://127.0.0.1

Step 6: Install PHP

  1. Install PHP and Extensions: Install PHP and required modules for Nginx: sudo apt install php-fpm php-mysql -y
  2. Configure Nginx for PHP: Edit the default Nginx configuration: sudo nano /etc/nginx/sites-available/default Modify the server block to include: location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; }
  3. Reload Nginx: Restart Nginx to apply changes: sudo systemctl reload nginx

Step 7: Install MySQL

  1. Install MySQL: Install MySQL Server: sudo apt install mysql-server -y
  2. Secure MySQL: Run the security script: sudo mysql_secure_installation Set a strong root password and disable test databases.
  3. Create a Database and User: Log in to MySQL: sudo mysql -u root -p Run the following commands to create a database and user: CREATE DATABASE my_website; CREATE USER 'my_user'@'localhost' IDENTIFIED BY 'strong_password'; GRANT ALL PRIVILEGES ON my_website.* TO 'my_user'@'localhost'; FLUSH PRIVILEGES; EXIT;

Step 8: Upload and Connect Your Website

  1. Prepare Website Files: Organize your website files, including PHP scripts, in a folder.
  2. Upload Files: Use SCP or SFTP to transfer files: scp -r /path/to/your/website/* username@yourserver:/var/www/html/
  3. Set Permissions: Ensure the web server can access the files: sudo chown -R www-data:www-data /var/www/html/
  4. Connect the Website to MySQL: Modify your website’s configuration file (e.g., config.php) to include: <?php $host = "127.0.0.1"; $user = "my_user"; $password = "strong_password"; $database = "my_website"; $connection = new mysqli($host, $user, $password, $database); if ($connection->connect_error) { die("Connection failed: " . $connection->connect_error); } ?>
  5. Test Website: Open the Tor Browser and navigate to your .onion address to ensure everything works.

Step 9: Hardening the Server

  1. Restrict Access: Set permissions on critical directories: sudo chmod -R 700 /var/lib/tor/hidden_service/
  2. Disable Root Login: Edit /etc/ssh/sshd_config to disable root login: PermitRootLogin no
  3. Limit SSH Access: Only allow SSH connections from trusted IPs: sudo ufw allow from <trusted-ip> to any port 22
  4. Install Fail2Ban: Protect against brute-force attacks: sudo apt install fail2ban -y
  5. Monitor Logs: Regularly check logs for suspicious activity: sudo tail -f /var/log/nginx/access.log /var/log/nginx/error.log
  6. Enable AppArmor: Restrict application privileges: sudo apt install apparmor apparmor-utils -y sudo aa-enforce /etc/apparmor.d/*

Conclusion

This comprehensive guide showed you how to set up a Tor hidden service on Ubuntu, configure a LEMP stack, upload a website, and connect it to a MySQL database. By following the hardening tips, you ensure your server is secure and operates safely on the Tor network.

With careful configuration, a Tor hidden service can provide anonymous and reliable web hosting for your needs.

/ / / / /
Author :

0 thoughts on “How to Set Up a Tor Hidden Service on Ubuntu Server

Leave a Reply

program9 social network
molly9 SEO agency
server5 web hosting
molly9 free blogs
blog5 free blogs
web analytics
seo reports tool
hetzner cloud