How to create a hidden service in the Tor network in Debian Jessie with Nginx

Saturday April 23, 2016 ()

Dark web - onion service

(This is for educational purposes only!)

With hidden service also known as "dark web", "dark net" or "deep web", it is possible for servers to hide their locations while offering various kinds of services. Users connect to these hidden services without knowing the network identity.

This demonstration is a basic guide on how to create a hidden service on the Tor network. The configuration was made only with a VirtualBox virtual machine with Debian 8 (Jessie) x64. There would be no difference however when configured on an actual server or VPS.

We are assuming you already have a Debian 8 running, can SSH into the server, and familiar with the basic Linux commands.

Install Tor

From this point on, you must be logged in as root.

Update /etc/apt/sources.list to include the Tor Project repository before you can fetch Tor. Using your text editor, edit this file to add the following to the end of the file:

deb jessie main
deb-src jessie main

Then add the gpg key used to sign the packages by running the following commands at your command prompt:

gpg --keyserver --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -

Finally install and run Tor with the following commands.

apt-get update
apt-get install tor

Configure Tor

The Tor configuration file is /etc/tor/torrc. This file is full of information we don't need right now, so replace the contents of this file with the following. This is a minimum configuration.

DataDirectory /var/lib/tor
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80

Now reload Tor with this configuration using the following command:

/etc/init.d/tor reload

Find out the hidden service hostname using the cat command. This is the address of our hidden service used in accessing our "dark net".

cat /var/lib/tor/hidden_service/hostname

For the system we have created on our virtual box, this value is m42bz3bxws67v43x.onion.

Install and configure Nginx

Enter the following command to install Nginx:

apt-get install nginx

This installs Nginx and creates document root at /usr/share/nginx/html/ and config files at /etc/nginx/.

Now edit /etc/nginx/sites-enabled/default and replace its contents with the following:

server {
	root /usr/share/nginx/html/;
	index index.html index.htm;
	server_name m42bz3bxws67v43x.onion; # replace this with your own

As with the regular web server, you can change the location of the document root, only make sure you also change the root entry in the server block in line 3 above.

Replace the server_name with your own hostname (*.onion) in line 5 above. This is the same hostname you give to parties that you want to access the hidden service.

Restart Nginx

/etc/init.d/nginx restart

At this point we have Tor and Nginx running.

Finally install Tor Browser

Note that our hidden service, also called "onion service" in Tor speak, is accessible only through the Tor browser. It is available in Windows, Linux, and Mac. Follow the link below to download and install the browser.

Once installed, enter your hostname (the 16 characters followed by the .onion) in the address bar of the Tor browser to access your hidden service. You should see the Nginx welcome notice.

Now you are ready create you pages. Upload your pages and other files to the document root in /usr/share/nginx/html/. You may also need to change file permissions in this directory:

chmod -R 755 /usr/share/nginx/html

That's it. Good Luck.


Comments (How to create a hidden service in the Tor network in Debian Jessie with Nginx)