Static Website as Tor Hidden Service on Raspberry Pi
Jump to navigation
Jump to search
Goal: To run a static website and serve it as an onion site. This HOWTO does not cover RPi installation, it assumes Minimal_Raspbian_Installation you already have a minimal setup up and running. The choice to have a static site is for sake of simplicity, it could be expanded of course, but the risks of leaking information about the host will increase.
Local HTTP server
as root
:
- Install nginx on the RPi
apt install nginx
- In the browser from another computer on the network, check that you the default HTML page is properly served at: http://192.168.1.XXX (you should see a small "Welcome to nginx!" text).
- create a non-default mini static website:
mkdir /var/www/partyvan echo "OHAI" > /var/www/partyvan/index.html
- disable nginx default site
rm /etc/nginx/sites-enabled/default
- create new nginx site config
/etc/nginx/sites-available/partyvan
with:
server { listen 80 default_server; listen [::]:80 default_server; root /var/www/partyvan; index index.html; server_name partyvan; location / { try_files $uri $uri/ =404; } }
- Enable site
ln -s /etc/nginx/sites-available/partyvan /etc/nginx/sites-enabled/ service nginx reload
- In the browser from another computer on the network, check that you the default HTML page is properly served: http://192.168.1.XXX (you should see a small "OHAI" text).
Tor setup
Note: This is only valid for RPi2 and later.
- Add the Tor deb repos to
/etc/apt/sources.list
. At time of writing, stable Raspbian is based on Buster:
deb https://deb.torproject.org/torproject.org buster main deb-src https://deb.torproject.org/torproject.org buster main
- Add the GPG keys used to sign the packages from the Tor repos:
curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
- Install Tor
apt install tor deb.torproject.org-keyring
- Edit
/etc/tor/torrc/
and in the section about hidden services, add:
# Partyvan site HiddenServiceDir /var/lib/tor/partyvan/ HiddenServicePort 80 127.0.0.1:80
- Restart Tor, this will generate the keys for the partyvan hidden service
service tor restart
- If everything went well, there should be a
/var/lib/tor/partyvan/
folder with notably both public and private keys for the service (backup!) and the hostname information to reach the hidden service from onionland. To know the onion address of partyvan, simply do:
cat /var/lib/tor/partyvan/hostname
- You will get something like
c7phl5mrjy34...onion
, if you paste this address in your Tor browser, torified browser or whatever you use, you should see the partyvan site!