Here we will have a step-by-step guide to opening your locally served site through NGINX to the Tor network on Ubuntu so you can access it through any Tor browser on any of the available platforms. Let's see how to open your local NGINX website to the Tor network!
If you want to learn more about Tor and specifically about how exactly the architecture of this solution works you can check out our previous post at: What are Tor and the Onion services.
- To get started, update Linux
sudo apt update sudo apt upgrade
- Install Tor
sudo apt install tor
- Install Web Server - NGINX
sudo apt install nginx
- Start a web server - NGINX, check if it works - active
sudo systemctl enable nginx sudo systemctl start nginx sudo systemctl status nginx
- Start Tor, check if it works - active
sudo systemctl enable tor sudo systemctl start tor sudo systemctl status tor
In case a problem occurs and Tor does not start properly and will not shut down either, you can use the command below to kill all Tor processes and restart them. You can also use "&" at startup to run this startup process in the background in the terminal after which you can continue to use the terminal:
sudo killall tor sudo tor &
- Check if Tor changes the computer's IP address
For this you can use any command through which you can request data from a website, we will use cURL. If you do not have cURL, you can quickly install it with the command:
sudo apt install curl
Then, via Tor and its service located at the address and port below, we send a request to the site ifconfig.me to check if our public IP address has changed:
sudo curl -x socks5h://localhost:9050 ifconfig.me
Without Tor, our public address is as shown here: 22.214.171.124, and when going through Tor's service, it gives us a random address, in this case, becoming: 126.96.36.199.
- Upload website files to server
The place where NGINX locally serves the website files is located at
/var/www/html. Here you can transfer your static files as well as one main
index.html file of your website.
It serves them at
localhost, which you can type in any web browser to view your site:
- Opening the Onion (hidden) service
If your site is not refreshed then you can type the command below to restart the NGINX service:
sudo systemctl restart nginx
- Opening the Onion (hidden) service
In order to open our site, which is only served to us locally, to the Tor network, we need to configure the
torrc file. Inside of it, we can choose which port on the computer will wait for traffic coming from other computers in the Tor network, and then it will redirect it to our localhost NGINX webserver to serve them our website files and over the internet. Go to the address below and via the nano the command we can directly configure the file:
sudo nano /etc/tor/torrc
In that file, scroll down to the two lines below and delete the "#" on them, which will uncomment them, after which anyone who accesses our site with our Tor address and port 80 will actually be redirected directly to our localhost address and our local port 80 where NGINX is serving the website files.
/var/lib/tor/hidden_service will contain files related to our Onion hidden service, such as the randomly generated Tor ".onion" URL of the site as well as the secret key associated with it that allows us to actually use that address.
By reading the
hostname file, we get the address that we insert into the Tor web browser:
After entering the address in the Tor browser our static files will then be served to us through Tor.
By clicking on the Tor icon, we see information about the path that Tor uses to access our new server through multiple computers within the Tor network that can be anywhere in the world.
It is also possible to create a dynamic site with any of the standard functionalities that every day "clearnet" sites have, like an active connection with a database.
This would require more advanced port configuration, either in a
torrc file, or NGINX configuration and request filtering management for various other computer services running on different local ports.
Due to the way in which
.onion addresses are generated, it is not possible to select them manually but, there are programs that use a brute-force like a method to generate a large number of addresses in which the first few letters can be chosen and selected through filtering those generated addresses.
One of the most popular software is, for example, mkp224o.