A working version of the project can be found at: https://t0r.ch:100 or alternatively at:
http://d3ndmxv2fbsrccq2vfj3t6yvdwfeevd4vzgr7vandb53fovdx7hoh4yd.onion/
.onion domainsThere is more information about surface web and .onion, which is worth a read if you don't know what it is. This article is pretty good, but there are many others which explain the difference between surface web, deep web and dark web/darknet.
To access .onion sites, you can obtain the Tor Browser Bundle here: https://www.torproject.org/
Apache, MySQL, PHP, Joomla, PHPMyAdmin, OwncloudFollow the instructions on setting up a functioning website at: https://www.hackster.io/gulyasal/raspbian-stretch-with-joomla-owncloud-d29ccf
Don't execute the instructions relating to the setup of an SSL certificate using Let's Encrypt until you have read below. Only if you choose the "surface web + .onion" option will you need to install the SSL certificate.
'Surface web + .onion' versus '.onion only': SSL versus no SSLOnion does not require a registered domain name to function; it will assign you a free, random (and permanent, as long as you don't lose the private key) 16-digit URL with the .onion suffix. If you want to just use the .onion domain name, you can set everything up above as "localhost", where you would ordinarily have to enter a domain name.
If you want to have both a "surface web" and ".onion" site, then you should register a domain and use it as the domain name when setting up Apache and Joomla above. If you plan to set up a SSL certificate with Let's Encrypt, then you must register a domain name (i.e., surface + .onion), as Let's Encrypt does not issue SSL certificates for .onion at this time (this may change, but for the moment, it's not possible).
If you want a .onion only SSL encrypted site, this is possible, if you go either the self-signed SSL certificate route, or if you obtain a certificate from DigiCert, who is the only CA who issues EV certificates for .onion. It is expensive, so going the Let's Encrypt route (with surface web domain) is the cheaper route.
Connect RPi3 to OnionOpen Putty and execute the following commands:
sudo apt-get install tor
During the installation, you will be asked to add the debian-tor user to pi (hit spacebar to add the 'X', then Enter). After the install is complete:
sudo systemctl start tor@default.service
This will get the service started. To make config changes, stop the service.
sudo systemctl stop tor@default.service
sudo chmod -R 777 /var/lib/tor
sudo nano /etc/tor/torrc
Go to the section labelled: #This section is just for location-hidden services# and change the settings as follows, to open up the web to Tor:
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 443 127.0.0.1:443
Don't use the "other_hidden_service", as you want both the normal and SSL based pages to have the same URL. Ctrl-x, y to exit and save changes
To find out the randomly assigned .onion URL for your new website:
sudo nano /var/lib/tor/hidden_service/hostname
Once done, change the perms back and restart the service.
sudo chmod -R 700 /var/lib/tor
sudo systemctl start tor@default.service
Always return the perms to 700 or the service will not restart. To change the contents in hidden_service, you will need to stop the service, change the perms to 777 and then back again before restarting.
If you have set up a Let's Encrypt SSL certificate, then you can access the .onion site with https:// as well as http://
As written earlier, Let's Encrypt does not issue SSL certs for .onion domains, so there will be a certificate mismatch when visiting the SSL encrypted .onion site. When using the Tor Browser Bundle, you can add the exception, and access the site. The one advantage of using the surface web SSL certificate is that it allows users to verify that the .onion site is truly yours, and not someone else impersonating your website.
Customized "vanity" .onion URL's (updated for Onion v3)As you will have noted, Onion assigns you a random 56-digit alphanumeric .onion URL, which is somewhat ugly and unattractive. Facebook and Protonmail have set up .onion sites with a customized name, and software is available which allows you to reverse engineer back into a desired URL using a brute force random URL generator. It works, although the moment you wish to customize more than the first 8-digits of the URL, it requires an immense amount of patience and CPU processing power, so I don't recommend you run this on a Raspberry Pi. For more information, visit: https://github.com/cathugger/mkp224o/releases
I ran this on a Windows PC, by downloading this binary: https://github.com/cathugger/mkp224o/releases/download/v1.5.0/mkp224o-1.5.0-w64.zip
Extract it to your Desktop, and pull up a command prompt from Windows System. At the command prompt, type:
mkp224o.exe prefix -d directory -n 1
Replace "prefix" with the desired characters that you want your .onion website to begin with. It will eventually generate the .onion URL and the corresponding public and secret key.
Copy-paste these three files in "directory" onto the Raspberry Pi using PuTTY or OwnCloud. The .onion URL is the info labelled hostname, and goes into the file labelled "hostname", the public key goes in the file labelled "hs_ed25519_public_key" and the secret key goes into the file labelled "hs_ed25519_secret_key". All files are located in the directory /var/lib/tor/hidden_service
Reboot to reconnect with the new vanity URL. Please note that you will lose permissions to the hidden_service directory every time you reboot your Pi, so to access these files, you may need to re-run:
sudo chmod -R 777 /var/lib/tor
You're done! Enjoy your new, free website!
Comments