Rob's web

Tor

Tor, short for "The Onion Router," is free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide, volunteer overlay network that consists of more than seven thousand relays.

Using Tor makes it more difficult to trace a user's Internet activity. Tor protects personal privacy by concealing a user's location and usage from anyone performing network surveillance or traffic analysis. It protects the user's freedom and ability to communicate confidentially through IP address anonymity using Tor exit nodes.

Prerequisites

Installing

# dnf install tor

Configuration

torrc

You can find the file in /etc/tor.

Edit tor config file:

vi /etc/tor/torrc

Uncomment or add following lines:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

You can change hidden_service with the title of you website.

Start tor with command:

# systemctl start tor
# systemctl enable tor

Now your tor hidden service is ready to use. You need to run your web application on 127.0.0.1:80

For every extra tor-server add:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

hidden_service needs to be changed to your webs name.

Your onion URL

To see the URL of your tor hidden service, run

# cat /var/lib/tor/hidden_service/hostname

Make sure to make a backup of folder "/var/lib/tor/" as it contains keys for this .onion domain. If you lost it, you will lose your domain name. So it is very important you keep the files safe.

Starting the tor deamon

# systemctl start tor
# systemctl enable tor

Creating a vhost

You need to make a vhost with the .onion name.

For this example you have a website running as www.example.com.

See also vhosts for more information.

Change www.example.com with your websites url you want to run via tor.

# cd /etc/httpd/conf/vhosts.d
# cp vhost.con <your.onion>.conf
# vi <your.onion>.conf

Enter the code below or change it as below.

<VirtualHost 127.0.0.1:80>
    ServerName <your .onion>

    ServerAdmin webmaster@example.com

    CustomLog /var/log/httpd/<your .onion>-access_log combined
    ErrorLog /var/log/httpd/<your .onion>-error_log
    DirectoryIndex index.html index.php
  
    DocumentRoot /srv/www/vhosts/www.example.com/httpsdocs
    <Directory "/srv/www/vhosts/www.example.com/httpsdocs">
        Options +Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

We don't need a 443 section.

After making your .onion site you must restart apache.

# httpd -t    //If there are errors first fix them and then retest.
# systemctl restart httpd

You can create a onion site that has no normal version. This site is only accessible over TOR.

.htaccess

When you have a .htaccess file there might be a danger that a redirect to the normal URL happens.

You must remove redirect URL-parts that redirect to a https version. So remove the https://wwww.example.com part.

Creating the defaulthost

The onion sites also need a default to trap unwanted traffic.

# cd /etc/httpd/conf
# vi default.conf
<VirtualHost 127.0.0.1:80>
        ServerName server5.onion

        Redirect 301 / https://server5.robkalmeijer.nl/
</VirtualHost>
.......
# httpd -t
# systemctl restart httpd

Advertising your hidden service

There are many ways we can accomplish this but the main one is to inject our onion link into the HTTP headers sent to the client. But there are some conditions which need to be met first:

You can find some code snippets for nginx, Apache and Caddy from the official Tor Project website.

Next open /etc/httpd/conf/vhosts.d/www.example.com.conf en add in the 443 section:

Header set Onion-Location "http://<your .onion>%{REQUEST_URI}s"
# httpd -t    //If there are errors first fix them and then retest.
# systemctl restart httpd

When www.example.com is opened in the Tor-browser it will show a notice button that links to the tor version.

Onion linak available

Your website is now accesseble via www.example.com and your.onion.

If your website is an wordpress site you have a problem.

Backup

The /var/lib/tor directory must be included in your backup script.

Links