Docker containers seems ideal for running Tor hidden services, since they can easily be made very clean, containing little identifying data that can leak. Identifying it from the outside should be difficult.
To run a hidden web server we need two containers:
- A simple webserver, not exposing any ports towards the Internet.
- A TOR hidden service server, which should only be a hidden service. Not a relay!