Install Tor and Nginx

install-tor-and-nginx-on-centos7.md

Installation

Linux

1. Download latest version Minimal ISO CentOS from https://www.centos.org/
2. Install centos with minimal required hardware configuration
   • CPU - 1
   • RAM - 1GB
   • HDD - 20GB
3. optional Create an additional user with the administrator privilages (ex: myuser)

Packages

1. Update and prepare packages

   • sudo yum update -y
   • sudo yum install epel-release -y

2. Install nginx and tor

   • sudo yum install nginx tor -y

Configuration

1. Configure nginx to listen on port 9000. Port 80 will be used by tor. (You can also manually edit /etc/nginx/nginx.conf file if desired.)

   • sudo sed -i 's/listen \+80 default_server/listen 9000 default_server/' /etc/nginx/nginx.conf
   • sudo sed -i 's/listen \+\[\:\:\]\:80 default_server/listen [::]:9000 default_server/' /etc/nginx/nginx.conf

2. Enable and start nginx. Check status. Status should be active (running) shown in green color.

   • sudo systemctl enable nginx
   • sudo systemctl restart nginx
   • sudo systemctl status nginx

3. Configure Tor. (you can replace hidden_service_01 with the desired name)

   • sudo sed -i 's/\#HiddenServicePort 22 127\.0\.0\.1\:22/#HiddenServicePort 22 127.0.0.1:22\n\nHiddenServiceDir \/var\/lib\/tor\/hidden_service_01\/\nHiddenServicePort 80 127.0.0.1:9000/' /etc/tor/torrc - add hidden service.
   • Default configuration is currently not compatible with SELinux (enforcing mode). The service runs tor on the first launch and then after service restart or system reboot tor does not start anymore. The following configuration needs to be set up in order to make it work (configuration changes are suggested by Michael Hampton: https://serverfault.com/a/891043/93635)
     • sudo sed -i 's/User toranon/#User toranon/' /usr/share/tor/defaults-torrc - remove user definition from default config
     • sudo mkdir /etc/systemd/system/tor.service.d; sudo touch /etc/systemd/system/tor.service.d/override.conf - create overriden configuraiton file
     • echo -e '[Service]\nUser=toranon\nGroup=toranon\nPermissionsStartOnly=no\n' | sudo tee --append /etc/systemd/system/tor.service.d/override.conf - write data to overriden configuration file

4. Enable and start tor. Check status. Status should be active (running) shown in green color.

   • sudo systemctl enable tor
   • sudo systemctl restart tor
   • sudo systemctl status tor

5. Find out tor hidden service URL. (you can replace hidden_service_01 with the desired name)

   • sudo cat /var/lib/tor/hidden_service_01/hostname

6. Open tor browser and navigate to the generated .onion URL

install-tor-and-nginx-on-ubuntu.md

Installation

Linux

1. Download the latest version of Ubuntu from https://www.ubuntu.com/
2. Install centos with minimal required hardware configuration
   • CPU - 1
   • RAM - 1GB
   • HDD - 20GB
3. For demo the username will be myuser

Packages

1. Update and prepare packages

   • sudo apt-get update -y
   • sudo apt-get upgrade -y

2. Install nginx

   • sudo apt-get install nginx -y

3. Install tor

   • sudo touch /etc/apt/sources.list.d/tor.list
   • echo 'deb http://deb.torproject.org/torproject.org xenial main' | sudo tee --append /etc/apt/sources.list.d/tor.list
   • echo 'deb-src http://deb.torproject.org/torproject.org xenial main' | sudo tee --append /etc/apt/sources.list.d/tor.list
   • sudo gpg --keyserver keys.gnupg.net --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
   • sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
   • sudo apt update -y
   • sudo apt upgrade -y
   • sudo apt-get update -y
   • sudo apt-get upgrade -y
   • sudo apt install tor deb.torproject.org-keyring -y

Configuration

1. Configure nginx to listen on port 9000. Port 80 will be used by tor. (You can also manually edit /etc/nginx/sites-enabled/default file if desired.)

   • sudo sed -i 's/listen \+80 default_server/listen 9000 default_server/' /etc/nginx/sites-enabled/default
   • sudo sed -i 's/listen \+\[\:\:\]\:80 default_server/listen [::]:9000 default_server/' /etc/nginx/sites-enabled/default

2. Enable and start nginx. Check status. Status should be active (running) shown in green color.

   • sudo systemctl enable nginx
   • sudo systemctl restart nginx
   • sudo systemctl status nginx

3. Configure Tor. (you can replace hidden_service_01 with the desired name)

   • sudo sed -i 's/\#HiddenServicePort 22 127\.0\.0\.1\:22/#HiddenServicePort 22 127.0.0.1:22\n\nHiddenServiceDir \/var\/lib\/tor\/hidden_service_01\/\nHiddenServicePort 80 127.0.0.1:9000/' /etc/tor/torrc

4. Enable and start tor. Check status. Status should be active (running) shown in green color.

   • sudo systemctl enable tor
   • sudo systemctl restart tor
   • sudo systemctl status tor

5. Find out tor hidden service URL. (you can replace hidden_service_01 with the desired name)

   • sudo cat /var/lib/tor/hidden_service_01/hostname

6. Open tor browser and navigate to the generated .onion URL

Hi, I love how clearly you have laid out all this.
But I am having a problem with the nginx configuration on Centos 7.
I copied the 2 lines of code you supplied to the terminal, but the nginx.conf file does not update with any new code.
I'm new to all this, so any advice would be appreciated.

@HubGrit, When you install nginx, by default it listens to port 80. The following lines in /etc/nginx/nginx.conf file make this happen (these entries are on line 39/40):

listen 80 default_server;
listen [::]:80 default_server;

This needs to be changed from 80 to 9000 (or any other port except 80) so that it looks like this:

listen 9000 default_server;
listen [::]:9000 default_server;

The following commands, the ones you are referring to, make the above mentioned change:

sudo sed -i 's/listen \+80 default_server/listen 9000 default_server/' /etc/nginx/nginx.conf
sudo sed -i 's/listen \+\[\:\:\]\:80 default_server/listen [::]:9000 default_server/' /etc/nginx/nginx.conf

The first line changes the first listen config address (IPv4) and the second line changes the second listen config (IPv6). You can manually edit the config file to change these values.

I have just tested these commands with the latest versions of software and I can confirm that they work and update the config as it should be. These command do not give any output, they just execute and quit. Maybe that was the reason of the confusion.

Apologies, my bad, I just did a fresh VM install and the nginx.conf is as it should be. The nginx.conf file I had before had no server {..} section in it(don't know how that happened), so there was no server listener lines to update with your code. Thank you, I would not have realised something had gone wrong without you.

My onion site now works and I can view it from another device on a different network.
I tried onionscan on my site, but got the error "Unknown hidden service type". I get the same error message if i do onionscan somemadeupaddress,onion , but another valid onion address produces an onionscan report successfully.
So this made me wonder if my website needs to be published to tor listener nodes or something?
Any advice would be appreciated.

Would like to warn people that this guide does not address configuration regarding security/privacy if you are trying to create a Tor site that keeps you as the admin anonymous as possible.

For an older (but still very relevant) guide, see: https://www.bentasker.co.uk/documentation/linux/307-building-a-tor-hidden-service-from-scratch-part-1