kremalicious · October 31, 2023 20:48
diff --git a/tor-hidden-service-host.sh b/tor-hidden-service-host.sh
 ##
 # for Ubuntu 16.04 Xenial Xerus
 ##

 ######################################
 # INITIAL SERVER SETUP & HARDENING
 ######################################

 # most VPS providers give you root user from the start
 ssh [email protected]

 # Update all the things
 apt-get update && apt-get upgrade && apt-get autoremove

 # Set timezone
 dpkg-reconfigure tzdata
 apt-get install ntp

 # Create new user
 adduser USERNAME
 usermod -a -G sudo USERNAME

 # passwordless sudo
 visudo
  
  # add to very end of file
  USERNAME ALL=NOPASSWD: ALL

 # copy over authorized_keys file to new user
 mkdir /home/USERNAME/.ssh
 cp .ssh/authorized_keys /home/USERNAME/.ssh/authorized_keys
 chown -R USERNAME:USERNAME /home/USERNAME/.ssh
 chmod 700 /home/USERNAME/.ssh
 chmod 600 /home/USERNAME/.ssh/authorized_keys

 logout
 ssh [email protected]

 ##
 # SSH configuration
 ##
 sudo vi /etc/ssh/sshd_config

  # disable root login & password login
  PermitRootLogin no
  PasswordAuthentication no

 sudo service ssh restart

 ##
 # Firewall
 ##
 sudo apt-get install ufw

 # setup defaults
 sudo ufw default deny incoming
 sudo ufw default allow outgoing

 # allow specific services
 sudo ufw allow ssh
 sudo ufw allow 80
 sudo ufw allow ntp

 sudo apt-get install fail2ban
 sudo service fail2ban start

 ######################################
 # TOR INSTALLATION
 ######################################

 # Add new package source & keys
 sudo sh -c 'echo "deb http://deb.torproject.org/torproject.org xenial main" >> /etc/apt/sources.list.d/torproject.list'
 gpg --keyserver keys.gnupg.net --recv 886DDD89
 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

 # Refresh package list and install Tor
 sudo apt-get update && sudo apt-get install tor deb.torproject.org-keyring

 # torrc file configuration & hidden service key generation
 sudo rm /etc/tor/torrc && sudo vi /etc/tor/torrc

  DataDirectory /var/lib/tor
  HiddenServiceDir /var/lib/tor/hidden_service/
  HiddenServicePort 80 127.0.0.1:80

 sudo service tor reload

 # get your hostname printed in Terminal
 sudo cat /var/lib/tor/hidden_service/hostname

 # (optional) show private key
 sudo cat /var/lib/tor/hidden_service/private_key


 ######################################
 # NGINX
 ######################################

 # install nginx
 sudo apt-get install nginx

 # create folder hosting our hidden service files
 sudo mkdir -p /var/www/hidden_service/

 # set permissions
 sudo chown -R www-data:www-data /var/www/hidden_service/ && sudo chmod 755 /var/www

 # create server block
 sudo vi /etc/nginx/sites-available/hidden_service

  server {
    listen   127.0.0.1:80;

    root /var/www/hidden_service/;
    index index.html index.htm;
    server_name YOURHOSTNAME.onion;
  }

 # activate new site
 sudo ln -s /etc/nginx/sites-available/hidden_service /etc/nginx/sites-enabled/hidden_service

 # restart nginx to activate changes
 sudo service nginx restart
	##
	# for Ubuntu 16.04 Xenial Xerus
	##

	######################################
	# INITIAL SERVER SETUP & HARDENING
	######################################

	# most VPS providers give you root user from the start
	ssh [email protected]

	# Update all the things
	apt-get update && apt-get upgrade && apt-get autoremove

	# Set timezone
	dpkg-reconfigure tzdata
	apt-get install ntp

	# Create new user
	adduser USERNAME
	usermod -a -G sudo USERNAME

	# passwordless sudo
	visudo

	# add to very end of file
	USERNAME ALL=NOPASSWD: ALL

	# copy over authorized_keys file to new user
	mkdir /home/USERNAME/.ssh
	cp .ssh/authorized_keys /home/USERNAME/.ssh/authorized_keys
	chown -R USERNAME:USERNAME /home/USERNAME/.ssh
	chmod 700 /home/USERNAME/.ssh
	chmod 600 /home/USERNAME/.ssh/authorized_keys

	logout
	ssh [email protected]

	##
	# SSH configuration
	##
	sudo vi /etc/ssh/sshd_config

	# disable root login & password login
	PermitRootLogin no
	PasswordAuthentication no

	sudo service ssh restart

	##
	# Firewall
	##
	sudo apt-get install ufw

	# setup defaults
	sudo ufw default deny incoming
	sudo ufw default allow outgoing

	# allow specific services
	sudo ufw allow ssh
	sudo ufw allow 80
	sudo ufw allow ntp

	sudo apt-get install fail2ban
	sudo service fail2ban start

	######################################
	# TOR INSTALLATION
	######################################

	# Add new package source & keys
	sudo sh -c 'echo "deb http://deb.torproject.org/torproject.org xenial main" >> /etc/apt/sources.list.d/torproject.list'
	gpg --keyserver keys.gnupg.net --recv 886DDD89
	gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 \| sudo apt-key add -

	# Refresh package list and install Tor
	sudo apt-get update && sudo apt-get install tor deb.torproject.org-keyring

	# torrc file configuration & hidden service key generation
	sudo rm /etc/tor/torrc && sudo vi /etc/tor/torrc

	DataDirectory /var/lib/tor
	HiddenServiceDir /var/lib/tor/hidden_service/
	HiddenServicePort 80 127.0.0.1:80

	sudo service tor reload

	# get your hostname printed in Terminal
	sudo cat /var/lib/tor/hidden_service/hostname

	# (optional) show private key
	sudo cat /var/lib/tor/hidden_service/private_key


	######################################
	# NGINX
	######################################

	# install nginx
	sudo apt-get install nginx

	# create folder hosting our hidden service files
	sudo mkdir -p /var/www/hidden_service/

	# set permissions
	sudo chown -R www-data:www-data /var/www/hidden_service/ && sudo chmod 755 /var/www

	# create server block
	sudo vi /etc/nginx/sites-available/hidden_service

	server {
	listen 127.0.0.1:80;

	root /var/www/hidden_service/;
	index index.html index.htm;
	server_name YOURHOSTNAME.onion;
	}

	# activate new site
	sudo ln -s /etc/nginx/sites-available/hidden_service /etc/nginx/sites-enabled/hidden_service

	# restart nginx to activate changes
	sudo service nginx restart