How do you set up an onion service (formerly Hidden Service)?

Setting up an onion service (formerly known as a Hidden Service) allows you to host a website or service anonymously on the Tor network. Here's how you can do it:

1. Set Up Your Web Server or Service

First, you need a web server (like Apache or Nginx) or any service you want to make accessible via Tor. This could be running on your computer or a dedicated server.

• Install and configure your web server: Ensure it's properly configured and serving the content you want to make available.

2. Configure Your Tor Onion Service

This involves editing your torrc file (Tor configuration file) to define the onion service.

Locating the torrc File:

• Linux: Typically located in /etc/tor/torrc or /usr/local/etc/tor/torrc.
• macOS: Usually found in /usr/local/etc/tor/torrc (if installed via Homebrew) or within the Tor Browser bundle's data directory.
• Windows: Usually located in the Tor Browser's Data\Tor directory.

Editing the torrc File:

Add the following lines to your torrc file. You may need to create these directories if they don't already exist. Replace /path/to/your/hidden/service/directory/ and 80 with the actual path and port:

HiddenServiceDir /path/to/your/hidden/service/directory/
HiddenServicePort 80 127.0.0.1:80

Explanation:

• HiddenServiceDir: Specifies the directory where Tor will store the private key and hostname for your onion service. Make sure this directory is only accessible by the user running the Tor process.
• HiddenServicePort: Specifies the virtual port (the port users connect to on the onion service) and the local port on your server that Tor will forward traffic to. In this example, traffic to port 80 on the onion service is forwarded to port 80 on the local machine (127.0.0.1). If your web server is listening on a different port, adjust accordingly.

Example torrc configuration:

HiddenServiceDir /home/user/onion_service/
HiddenServicePort 80 127.0.0.1:8080

In this example, the hidden service directory is /home/user/onion_service/, and connections to the onion service on port 80 are forwarded to port 8080 on the local machine.

3. Obtain Your Onion Address

After configuring torrc, restart the Tor service. Tor will then generate a private key and your onion address (a 16-character or 56-character .onion address, depending on the Tor version used).

Finding Your Onion Address:

Look for a file named hostname within the HiddenServiceDir you specified in your torrc file. This file will contain your onion address.

Example:

If HiddenServiceDir is /home/user/onion_service/, then the file /home/user/onion_service/hostname will contain the .onion address (e.g., example123456789.onion).

4. Security Considerations

• Never expose the private key. Keep the HiddenServiceDir secure and only accessible to the Tor process.
• Run your web server locally. Forwarding traffic to 127.0.0.1 (localhost) is best practice to avoid exposing your server's public IP address.
• Implement HTTPS on your web server. While Tor provides anonymity, it doesn't encrypt traffic between your web server and the Tor client. Using HTTPS will ensure encrypted communication within the onion service.
• Regularly update Tor. Keep your Tor software up-to-date to benefit from the latest security patches.

5. Testing

• Open Tor Browser.
• Enter your .onion address in the address bar.
• If everything is configured correctly, you should see your website.