Tor
Tor, short for "The Onion Router," is free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide, volunteer overlay network that consists of more than seven thousand relays.
Using Tor makes it more difficult to trace a user's Internet activity. Tor protects personal privacy by concealing a user's location and usage from anyone performing network surveillance or traffic analysis. It protects the user's freedom and ability to communicate confidentially through IP address anonymity using Tor exit nodes.
Pre requirements
- Running webserver with vhosts.
- Have a Tor-browser installed on your workstation.
Installing
yum install epel-release yum install tor
Configuration
torrc
You can find the file in /etc/tor.
Edit tor config file:
vi /etc/tor/torrc
Uncomment or add following lines:
HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80
You can change hidden_service with the title of you website.
Restart tor with command:
systemctl restart tor
Now your tor hidden service is ready to use. You need to run your web application on 127.0.0.1:80
For every extra tor-server add:
HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80
hidden_service needs to be changed.
Your onion URL
To see the URL of your tor hidden service, run
cat /var/lib/tor/hidden_service/hostname
Make sure to make a backup of folder "/var/lib/tor/" as it contains keys for this .onion domain. If you lost it, you will lose your domain name. So it is very important you keep the files safe.
Starting the tor deamon
systemctl start tor systemctl enable tor
The last command makes it autostart after reboot.
Creating a vhost
You need to make a vhost with the .onion name.
For this example you have a website running as www.example.com.
See also vhosts for more information.
Change www.example.com with your websites url you want to run via tor.
cd /etc/httpd/conf/vhosts.d (cp vhost.con <your .onion>.conf) vi <your .onion>.conf
Enter the code below or change it as below.
<VirtualHost 127.0.0.1:80>
ServerName <your .onion>
ServerAdmin webmaster@example.com
CustomLog /var/log/httpd/<your .onion>-access_log combined
ErrorLog /var/log/httpd/<your .onion>-error_log
DirectoryIndex index.html index.html.var index.htm index.php
DocumentRoot /srv/www/vhosts/www.example.com/httpsdocs
<Directory "/srv/www/vhosts/www.example.com/httpsdocs">
Options +Indexes +FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
We don't need a 443 section.
Some problems
When you have a .htaccess file there might be a danger that a redirect to the normal URL happens.
You must remove redirect URL-parts that redirect to a https version. So remove the https://wwww.example.com part.
After making your .onion site you must restart apache.
httpd -t //If there are errors first fix them and then retest. systemctl restart httpd
Advertising your hidden service
There are many ways we can accomplish this but the main one is to inject our onion link into the HTTP headers sent to the client. But there are some conditions which need to be met first:
- The Onion-Location value must be a valid URL with http: or https: protocol and an .onion hostname
- The webpage defining the Onion-Location header must be served over HTTPS
- The webpage defining the Onion-Location header must not be an onion site.
You can find some code snippets for nginx, Apache and Caddy from the official Tor Project website.
Next open /etc/httpd/conf/vhosts.d/www.example.com.conf en add in the 443 section:
Header set Onion-Location "http://<your .onion>%{REQUEST_URI}s"
httpd -t //If there are errors first fix them and then retest. systemctl restart httpd
When www.example.com is opened in the Tor-browser it will show a notice button that links to the tor version.
