Host your own free .onion website using Raspbian on RPi3

Set up a working webserver on your Raspberry Pi 3, and permanently connect it to Onion, hosting your very own free .onion website.

A working version of the project can be found at:

https://t0r.ch:100 (surface web) or https://darktorch5lgddvm.onion

.onion domains

There is more information about surface web and .onion, which is worth a read if you don’t know what it is. This article is pretty good, but there are many others which explain the difference between surface web, deep web and dark web/darknet.

To access .onion sites, you can obtain the Tor Browser Bundle here: https://www.torproject.org/

Apache, MySQL, PHP, Joomla, PHPMyAdmin, Owncloud

Follow the instructions on setting up a functioning website at: https://www.hackster.io/gulyasal/raspbian-stretch-with-joomla-owncloud-d29ccf

Don’t execute the instructions relating to the setup of an SSL certificate using Let’s Encrypt until you have read below. Only if you choose the “surface web + .onion” option will you need to install the SSL certificate.

‘Surface web + .onion’ versus ‘.onion only’: SSL versus no SSL

Onion does not require a registered domain name to function; it will assign you a free, random (and permanent, as long as you don’t lose the private key) 16-digit URL with the .onion suffix. If you want to just use the .onion domain name, you can set everything up above as “localhost”, where you would ordinarily have to enter a domain name.

If you want to have both a “surface web” and “.onion” site, then you should register a domain and use it as the domain name when setting up Apache and Joomla above. If you plan to set up a SSL certificate with Let’s Encrypt, then you must register a domain name (i.e., surface + .onion), as Let’s Encrypt does not issue SSL certificates for .onion at this time (this may change, but for the moment, it’s not possible).

If you want a .onion only SSL encrypted site, this is possible, if you go either the self-signed SSL certificate route, or if you obtain a certificate from DigiCert, who is the only CA who issues EV certificates for .onion. It is expensive, so going the Let’s Encrypt route (with surface web domain) is the cheaper route.

Connect RPi3 to Onion

Open Putty and execute the following commands:

sudo apt-get install vidalia 

During the installation, you will be asked to add the debian-tor user to pi (hit spacebar to add the ‘X’, then Enter). After the install is complete:

sudo /etc/init.d/tor restart 
sudo chmod -R 777 /var/lib/tor 
sudo /etc/init.d/tor stop 
sudo nano /etc/tor/torrc 

Go to the section labelled: #This section is just for location-hidden services #

Change the settings as follows, to open up the web to Tor:

HiddenServiceDir /var/lib/tor/hidden_service/ 
HiddenServicePort 80 127.0.0.1:80 
HiddenServicePort 443 127.0.0.1:443 

Don’t use the “other_hidden_service”, as you want both the normal and SSL based pages to have the same URL. Ctrl-x, y to exit and save changes

sudo /etc/init.d/tor start 
sudo chmod -R 777 /var/lib/tor 

To find out the randomly assigned .onion URL for your new website:

sudo nano /var/lib/tor/hidden_service/hostname 

If you have set up a Let’s Encrypt SSL certificate, then you can access the .onion site with https:// as well as http://

As written earlier, Let’s Encrypt does not issue SSL certs for .onion domains, so there will be a certificate mismatch when visiting the SSL encrypted .onion site. When using the Tor Browser Bundle, you can add the exception, and access the site. The one advantage of using the surface web SSL certificate is that it allows users to verify that the .onion site is truly yours, and not someone else impersonating your website.

Customized “vanity” .onion URL’s

As you will have noted, Onion assigns you a random 16-digit alphanumeric .onion URL, which is somewhat ugly and unattractive. Facebook and Protonmail have set up .onion sites with a customized name, and software is available which allows you to reverse engineer back into a desired URL using a brute force random URL generator. It works, although the moment you wish to customize more than the first 8-digits of the URL, it requires an immense amount of patience and CPU processing power, so I don’t recommend you run this on a Raspberry Pi. For timing information, visit: https://github.com/lachesis/scallion

I ran this on a Windows PC, by downloading this binary: https://github.com/lachesis/scallion/raw/binaries/scallion-v2.0.zip

Extract it to your Desktop, and pull up a command prompt from Windows System. At the command prompt, type:

cd Desktop/scallion-v2.0 
scallion -o keys.txt -k 1024 -d 0 prefix 

Replace “prefix” with the desired characters that you want your .onion website to begin with. It will eventually generate the .onion URL and the corresponding private key, and save it in the file called keys.txt.

Copy-paste these two pieces of information onto the Raspberry Pi using PuTTY. The .onion URL is the info between <Hash> and </Hash>, and goes into the file labelled “hostname”, and the private key – the info between <PrivateKey> and </PrivateKey> – goes into the file labelled “private_key”. Both files are located in the directory /var/lib/tor/hidden_service

Please note that you will lose permissions to the hidden_service directory every time you reboot your Pi, so to access these files, you may need to re-run:

sudo chmod -R 777 /var/lib/tor 

You’re done! Enjoy your new, free website!

Source: Host your own free .onion website using Raspbian on RPi3

Scroll to Top