CentOS 7 .onion Tor Website Auto-install (2016)

THIS GUIDE IS INCOMPLETE, PLEASE USE THE TOR VESTACP GUIDE FOUND HERE.

The following guide is a simplified version of various “onion site guides” that are currently available. Guides from 2014 and 2015 seem to be quite lacking in substance and some use apache, phpmyadmin

This guide was written to make a tor version of a clearnet website that I operate so that tor users can access the website via tor. First a small foreword to explain the tools being used in this guide:

  • Nginx in a highly flexible and architecturally secure web server that will display web pages to your visitors. If you put an .html file in the folder that nginx shows to the internet, people will see that file.
  • Fail2ban is a program that bans IPs that try to connect to your server (the IP address). It is usually the first program you should install on any server because if you leave a new server on without fail2ban, even overnight, someone may already have your root password. On CentOS 7 it will tell you how many people have tried to log in since you last logged in.
1
2
3
4
[email protected]:~$ ssh [email protected]
Last failed login: Wed Oct 12 18:51:02 UTC 2016 from 32.11.23.32 on ssh:notty
There were 21211 failed login attempts since the last successful login.
Last login: Sun Oct 5 13:00:11 2016 from 59.34.59.34
1
yum update -y

# add epel repository if not already there

1
2
wget http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-8.noarch.rpm
rpm -ivh epel-release-7-8.noarch.rpm
1
yum install sudo -y
1
adduser nginx
1
passwd nginx
1
echo "%nginx ALL=(ALL:ALL) ALL" >> /etc/sudoers

su nginx

# update, install nginx, fail2ban and tor

sudo yum update -y
sudo yum install nginx -y
sudo yum install fail2ban -y
sudo yum install tor -y

exit

# start nginx

service nginx start

# remove torrc default file and make a new one with the following

rm -f /etc/tor/torrc

echo “HiddenServiceDir /var/lib/tor/hidden_service/” >> /etc/tor/torrc
echo “HiddenServicePort 80 127.0.0.1:80” >> /etc/tor/torrc

# start tor

service tor start

# show onion address

cat /var/lib/tor/hidden_service/hostname


You should turn off clearnet browsing by editing the following:

1
vi /etc/nginx/nginx.conf

Change:

1
2
3
4
5
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;

TO:

1
2
3
4
5
server {
listen 127.0.0.1:80 default_server;
listen [::]:80 default_server;
server_name _;
root /usr/share/nginx/html;

Create files for your website in here:

1
cd /usr/share/nginx/html/

For custom .onion URLs:

Follow this guide and then edit the following:

1
cd /var/lib/tor/hidden_service/

Replace hostname with your custom hostname:

1
vi hostname

Replace private_key with your new private key:

1
vi private_key

They should both be owned by toranon and both be chmod 600.

1
2
3
4
5
chmod 600 hostname
chmod 600 private_key
chown toranon:toranon -R *
service tor stop
service tor start

Leave a Reply

Your email address will not be published. Required fields are marked *