Set up a working webserver on your Raspberry Pi 3, and permanently connect it to Onion, hosting your very own free .onion website.
A working version of the project can be found at:
https://t0r.ch:100 (surface web) or https://darktorch5lgddvm.onion
.onion domains
There is more information about surface web and .onion, which is worth a read if you donât know what it is. This article is pretty good, but there are many others which explain the difference between surface web, deep web and dark web/darknet.
To access .onion sites, you can obtain the Tor Browser Bundle here: https://www.torproject.org/
Apache, MySQL, PHP, Joomla, PHPMyAdmin, Owncloud
Follow the instructions on setting up a functioning website at: https://www.hackster.io/gulyasal/raspbian-stretch-with-joomla-owncloud-d29ccf
Donât execute the instructions relating to the setup of an SSL certificate using Letâs Encrypt until you have read below. Only if you choose the âsurface web + .onionâ option will you need to install the SSL certificate.
âSurface web + .onionâ versus â.onion onlyâ: SSL versus no SSL
Onion does not require a registered domain name to function; it will assign you a free, random (and permanent, as long as you donât lose the private key) 16-digit URL with the .onion suffix. If you want to just use the .onion domain name, you can set everything up above as âlocalhostâ, where you would ordinarily have to enter a domain name.
If you want to have both a âsurface webâ and â.onionâ site, then you should register a domain and use it as the domain name when setting up Apache and Joomla above. If you plan to set up a SSL certificate with Letâs Encrypt, then you must register a domain name (i.e., surface + .onion), as Letâs Encrypt does not issue SSL certificates for .onion at this time (this may change, but for the moment, itâs not possible).
If you want a .onion only SSL encrypted site, this is possible, if you go either the self-signed SSL certificate route, or if you obtain a certificate from DigiCert, who is the only CA who issues EV certificates for .onion. It is expensive, so going the Letâs Encrypt route (with surface web domain) is the cheaper route.
Connect RPi3 to Onion
Open Putty and execute the following commands:
sudo apt-get install vidalia
During the installation, you will be asked to add the debian-tor user to pi (hit spacebar to add the âXâ, then Enter). After the install is complete:
sudo /etc/init.d/tor restart
sudo chmod -R 777 /var/lib/tor
sudo /etc/init.d/tor stop
sudo nano /etc/tor/torrc
Go to the section labelled: #This section is just for location-hidden services #
Change the settings as follows, to open up the web to Tor:
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 443 127.0.0.1:443
Donât use the âother_hidden_serviceâ, as you want both the normal and SSL based pages to have the same URL. Ctrl-x, y to exit and save changes
sudo /etc/init.d/tor start
sudo chmod -R 777 /var/lib/tor
To find out the randomly assigned .onion URL for your new website:
sudo nano /var/lib/tor/hidden_service/hostname
If you have set up a Letâs Encrypt SSL certificate, then you can access the .onion site with https:// as well as http://
As written earlier, Letâs Encrypt does not issue SSL certs for .onion domains, so there will be a certificate mismatch when visiting the SSL encrypted .onion site. When using the Tor Browser Bundle, you can add the exception, and access the site. The one advantage of using the surface web SSL certificate is that it allows users to verify that the .onion site is truly yours, and not someone else impersonating your website.
Customized âvanityâ .onion URLâs
As you will have noted, Onion assigns you a random 16-digit alphanumeric .onion URL, which is somewhat ugly and unattractive. Facebook and Protonmail have set up .onion sites with a customized name, and software is available which allows you to reverse engineer back into a desired URL using a brute force random URL generator. It works, although the moment you wish to customize more than the first 8-digits of the URL, it requires an immense amount of patience and CPU processing power, so I donât recommend you run this on a Raspberry Pi. For timing information, visit: https://github.com/lachesis/scallion
I ran this on a Windows PC, by downloading this binary: https://github.com/lachesis/scallion/raw/binaries/scallion-v2.0.zip
Extract it to your Desktop, and pull up a command prompt from Windows System. At the command prompt, type:
cd Desktop/scallion-v2.0
scallion -o keys.txt -k 1024 -d 0 prefix
Replace âprefixâ with the desired characters that you want your .onion website to begin with. It will eventually generate the .onion URL and the corresponding private key, and save it in the file called keys.txt.
Copy-paste these two pieces of information onto the Raspberry Pi using PuTTY. The .onion URL is the info between <Hash> and </Hash>, and goes into the file labelled âhostnameâ, and the private key â the info between <PrivateKey> and </PrivateKey> â goes into the file labelled âprivate_keyâ. Both files are located in the directory /var/lib/tor/hidden_service
Please note that you will lose permissions to the hidden_service directory every time you reboot your Pi, so to access these files, you may need to re-run:
sudo chmod -R 777 /var/lib/tor
Youâre done! Enjoy your new, free website!
Source: Host your own free .onion website using Raspbian on RPi3