Привет товарищ,
In this post I will show you how to run an Onion service on a raspberry pi
or "how to self host with Raspberry Pi and Tor ?".

Onion service

So basically, what is an Onion service ?
It's a service only accessible via TOR network.
That's it, dot.
No hacking, No weird pron, no drug selling and etc.

As always the problem isn't the technology, it's what you do with it.

I see you saying to yourself, "what the fuck dude ?! I'm here to learn nasty stuff and impress my friends !"

I will repeat slowly, because apparently your brain is melting inside...

  1. If you are here just for style and other superficial stuff: GO F****... Hum.. Go check videos of Micode.

  2. Here, only serious business, learn new stuff.

  3. I'm here to share the little I know, do whatever you want with, not my concern, not my jail sentence...

Advantages of onion service

  • Service accessible from anywhere even inside private network such the box of your ISP.
  • Can host anything as you can with a raspberry (SSH, Web, etc)
  • Self Host means total control and no costs.

Setting up of a web server on the Raspberry Pi

Step 0: Before beginning

  1. We are setting up a basic headless server: I will not detail the procedure, there is ton of tutorials online, be smart and do your homeworks...

  2. Take care about basic secure configuration, as I said before, not my concern, not my jail sentence. Use certificate not password, set up firewall, set up fail2ban and this kind of stuff is up to you boys.

  3. I will use basic Raspbian distro for this post.

Step 1: Install TOR

Simple.

sudo apt-get install tor

Step 2: Configure TOR to proxy our server

Edit this file

/etc/tor/torrc

And uncomment theses lines

# For HTTP service
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

# For SSH service
HiddenServicePort 2222 127.0.0.1:22

Basically the line HiddenServicePort 80 127.0.0.1:80 tell to proxy the service running locally on port 80.

You may ask I've a port but where is my address ?
Don't worry you'll find one in the next step.

Step 3: Get the onion address

The TOR service attribute automatically an address on starting.
So let's start the service !
But before, deactivate the running instance lunched by the installed package. We just need tool provided by the package.

sudo service tor stop            # Stop running instance
sudo update-rc.d -f tor remove   # Avoid the start of TOR at boot
sudo tor                         # Manual run of TOR (allow to see error if any)

Next get the address:

sudo cat /var/lib/tor/hidden_service/hostname

If you don't have this file, then you've failed little го́пник.
Lather, Rinse, Repeat until you are able to find the error alone.

Step 4: Install a webserver

sudo apt-get install lighttpd

Now add something to the default index file of the web server

echo '<h1>Hello, World!</h1>' > /var/www/index.html

Step 5: Make you service starting at boot

As I said before, we don't want the TOR service provided with the package but we want our service available even after a rester of the raspberry pi.
In order to keep it simple, just edit the /etc/rc.local file.
And add a line to start TOR, add it before the command exit 0.

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.

# Print the IP address
_IP=$(hostname -I) || true
if [ "$_IP" ]; then
  printf "My IP address is %s\n" "$_IP"
fi

# Start TOR
sudo tor&

exit 0

Step 6: Check it

If everything goes well, you should be able to visit your webserver via TOR browser.

NB: TOR service can take a little time to start (1-2 min).
First distribution of your .onion address can also take time.
So be patient.

My own version

If you want to see a live running example: check mine at: kkxy7qtodrfrwkw4.onion

TOROnionService_Working
Update:30/01/19: Since I am moving, the raspberry is temporaly down, stay tune I will set up back on track ASAP.
Update:06/02/19: Ok, I've a little rest. Now the service is running ! Until next time !
Update:01/04/19: I will use the RPI for others projects, so this service will be down from now.


Social stuff / Questions / Comments

Feel free to reach or tips me !

Mail: a_ghost_soul@protonmail.com
Twitter: @GhostAgs

If you appreciate my work please consider make a donation
Tipeee: https://fr.tipeee.com/ags-syndrome