What are Tor and Onion services

Tor (The Onion Routing project) is a free, open-source privacy network for enabling anonymous communication by directing Internet traffic through a network of more than 7,000 volunteer users to disguise the location and behavior of users from anyone monitoring or analyzing the network. In this post, we are committed to starting the talk about what are Tor and onion services for a better understanding of the part of the internet not accessible to everyone.

Servers configured to receive incoming connections only via Tor are called Onion services (hidden services).

Instead of revealing the server’s IP address, and thus its location, the Onion service is accessed through its Onion address via the Tor browser.

Below we see an example of Facebook using an .onion address to allow its users to log in through the Tor network as an alternative to their regular “clearnet” website:

Facebook Onion Address

The Tor network understands these addresses by searching for their corresponding public keys and introductory points from a distributed hash table within the network.

We will use this functionality to, for free of charge, set up a simple static site on the Tor network located on our local machine but served to anyone on the internet through the Tor network.

We will be able to access this site from any other desktop computer or even any phone via the Tor browser.

Tor Browser

But first, how exactly will the architecture of our project look and work?

We will have three main important points of interest here:

  1. The Tor network itself

    In order for any of this to work we first require software which will connect us to the Tor network.

    For advanced developers it is possible to implement the Tor protocol and merge it into your project with only the minimum features required for such communication but, for our and most other uses just downloading the official browser for your platform of choice is going to be enough.

    The moment you open the Tor browser it will automatically connect to the Tor network and you can continue using it like any other browser.

    Screenshot taken from
  2. The listener entry point on our local machine

    This is the first part of the project which you will have to set up yourself. Thankfully, it is very simple to do so and you can do it with minimum configuration requirements.

    Given that we are using the Tor browser which handles most things automatically, here we are only required to edit the “torrc” configuration file in order for the Tor browser to be able to listen and forward specific requests locally that we get from the Tor network.

    The “torrc” file can be found at “Browser/TorBrowser/Data/Tor” inside your Tor browser directory.
    Below you see an example of a torrc file:

    The only important two lines here are the last two:
    a) HiddenServiceDir
    Here we need to specify the directory in which Tor is going to save the public and private (secret) keys of our website’s .onion address.

    Your private key should NOT be shared with anyone because anyone who has it, along with the public key, which is simply your .onion URL address, would be able to steal that domain from you and use it himself.

    b) HiddenServicePort
    On this line we specify on which port the Tor software should listen for traffic, and then forward incoming requests that are sent to your .onion website elsewhere on your local machine.

    In our case that will also be port 80 on localhost.
  3. The local server
    And finally we have our website files which are served locally on our machine to our specific port.
    This port will be connected to the Tor network through the torrc configuration noted above.

So now whenever someone sends a request to our specific .onion URL address, the Tor network will forward it to our local computer where it will sort the requests and forward them as required to other services running locally.

In our case, the request is going to go straight to localhost where our site is being served and then return those files all the way back in reverse through the Tor network. 

For a step-by-step guide on how to achieve this on a Linux Ubuntu machine, you can check out our guide at How to open your local NGINX website to the Tor network.

Share this post

Share this link via

Or copy link