There is a lot of misconception around the dark web, and most of the people think that it is not possible to create their own website on Dark web (The Onion network). Today we will set up a website in the Onion/Tor network for free.
As you can see above, I have created my own website in the Tor network, and I've accessed it using the Tor Browser.
This tutorial consists of three steps
- Preparing your computer (Not a step)
- Installing nginx
- Installing Tor
- Setting up the tor server
- An old computer 💻
- A stable internet connection 🌐
- 2 hours ⌚
- Comfort using terminal ⌨
Find a spare computer that can be used as a server. Unlike the normal internet, you do not need a static IP. You will need to install a Linux based OS on the server, I have tested the below steps on Ubuntu 18.04 Server LTS and recommend that you also use the same.
It is also recommended to use SSH to connect to your server since there will be no GUI, you will not be able to open this article on the server and copy-paste the commands. Typing the commands out will be time taking & also very error-prone.
I will not explain how to use & configure SSH in this article but you can refer the below to understand & use SSH.
How To Use SSH To Connect To A Remote Server In Linux Or Windows
Also, make sure you are running as root throughout the tutorial.
sudo su
Let's get our hands dark 😎
nginx
will serve the HTML files and assets (act as a web server).
apt update
apt install nginx
The above commands will update & install nginx
. To start the nginx
server
service nginx start
To check the status of the nginx
server
service nginx status
To confirm if the nginx
server is working. We will make a GET
request to the server using curl
. Before that, you'll need to know what is your IP address.
ifconfig
The output will be similar to this
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 134 bytes 21230 (21.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 134 bytes 21230 (21.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp9s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet your-ip-address netmask 255.255.255.0 broadcast ###.###.#.###
inet6 ####::####:####:####:#### prefixlen 64 scopeid 0x20<link>
ether ##:##:##:##:##:## txqueuelen 1000 (Ethernet)
RX packets 6379 bytes 8574482 (8.5 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3518 bytes 506008 (506.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Your IP address will be the inet your-IP-address
one. Note it down, using that now make a curl
request.
curl your-IP-address:80
The console should print out the HTML code of the default nginx
page. To add your custom page, follow the steps from their official documentation. You can also check if nginx
is working by typing the IP address of the server in your browser.
Installing Tor (not just the browser) allows your computer to communicate with the Tor network. Before installing Tor, we will have to install apt-transport-https
, so that we can use source lines with https://
apt install apt-transport-https
Important: The below commands are for Ubuntu 18.04 only If you are running other OS, please find the commands here, from Tor's official, site. We will now add the Tor sources to the sources file.
touch /etc/apt/sources.list.d/
nano /etc/apt/sources.list.d/
Once the editor is open, add the following to the file
deb https://deb.torproject.org/torproject.org bionic main
deb-src https://deb.torproject.org/torproject.org bionic main
After exit & saving, type the following in the terminal. This is to add the gpg key used to sign the Tor packages.
curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
Finally, now we install Tor and also a package which will help to keep the signing key current.
apt update
apt install tor deb.torproject.org-keyring
Similar to nginx
, Tor can be started & checked by the following commands
service nginx start
service nginx status
Now that we have nginx
& Tor up and running, we will have to configure Tor so that our server acts as a Tor server (Your server will not be used as a relay node)
We will have to edit the torrc
file.
nano /etc/tor/torrc
In the torrc
file, Go to the middle section and look for the line
############### This section is just for location-hidden services ###
And uncomment the following lines.
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
In these lines
HiddenServiceDir
will tell Tor where to save the private_key & hostname of your Tor website (They are information about your dark website). The private key stored is very important & could be used to impersonate you.HiddenServicePort
lets you specify a virtual port (that is, what port people accessing the website will think they're using) and an IP address and port for redirecting connections to this virtual port.
To apply this new configuration, Stop the Tor service and start it again by typing the following commands.
service tor stop
service tor start
Now check the status of the tor service to see if the changes are working & valid.
service tor status
If things are looking good, proceed to the next step, otherwise, you might have made a mistake in editing the .torrc
file.
At this point, your dark website must be running. But we don't know what is the URL, to get it, run the following command
cat /var/lib/tor/hidden_service/hostname
The URL to your all-new dark website will be printed in the console. To test if it's working
curl -v --socks5-hostname localhost:9050 http://your-onion-domain.onion
The URL is actually your-public-RSA-key.onion
. Tor has a different way of identifying websites via their public RSA key.
You might notice that the URL generated, is very long and you might be wondering how to create custom domain names (i.e. Custom RSA public key). I will be creating an article on this very soon.
Now let's celebrate on your first dark website 🎉. Also please share your thoughts in the comments 😁
If I host website on vps where my genuine email and other details are shared, does my identity is safe?