1. Update packages and install apache and tor
sudo apt-get update sudo apt-get install -y apache2 tor
2. Limit apache to only listen to localhost over port 80
echo "Listen 127.0.0.1:80" > /etc/apache2/ports.conf
3. Set permissions for debian-tor
vim /etc/apache2/envvars
Comment out:
#export APACHE_RUN_USER=www-data #export APACHE_RUN_GROUP=www-data
And add:
export APACHE_RUN_USER=debian-tor export APACHE_RUN_GROUP=debian-tor
Save (Esc :w) and quit(:q).
service apache2 stop
sudo chown -R debian-tor:debian-tor /var/{lock,log}/apache2 /var/www
4. Secure your private key
vim /etc/apache2/apache2.conf
<FilesMatch "private_key">
Require all denied
</FilesMatch>
Save and quit.
vim /etc/apache2/conf-enabled/security.conf
ServerSignature Off ServerTokens Prod
Save and quit.
5. Create a test page and start apache
echo "Test page" > /var/www/index.html service apache2 start
6. Configure tor
cat >> /etc/tor/torrc << EOF HiddenServiceDir /var/www HiddenServicePort 80 127.0.0.1:80 EOF
vim /etc/apparmor.d/system_tor
Add:
owner /var/www/** rwk,
Save and quit.
service apparmor restart service tor restart
All done
You can get your domain from /var/www/hostname
cat /var/www/hostname
And publish it.
