Firstly, even on the site of the TOP project itself, you can find instructions for creating a site in the onion zone. Here is the link https://www.torproject.org/docs/tor-hidden-service.html.en
Step-by-step guidelines are everywhere on the web
At the moment, there are no hosting sites that provide a shared or a cluster with a link to .onion.
Let me explain why next.
You need to redeem your vps \ vds \ dedicated and then configure it.
Concise: why there are no shares, why you need your own VPS and how to set it up.
1. Shareds are not present, because it is assumed that 1 .onion domain will go to the network from 1 physical virtual machine. Of course, with the help of ngnix, you can configure the config and even screw ispmanager to create accounts with domains. But TOP is always scam, CPU, legal and other black sites. And any hosting is a reselling of physical equipment in the last instance. And as a fact - abuses, hold, deletion of the entire configuration (up to reseller accounts). Therefore, we are buying a separate VPS.
2. It's safety. An average virtual machine costs 256-300 rubles, it takes 5 minutes to set up transparent proxying from your domain via ngnix. The same site (physical domain, gtld for example, + .onion) on the same server, I would not.
3. Basic knowledge of linux, command line is required. If there are none, go to the trading sections, the work section. If there is no money - then go straight to coursea, learn cmd linux. Ninja-way so to speak.
If there is, go on. Any debian-like distribution is needed.
We didn't tweak the .onion domain here, but this is already a topic for a separate conversation.
P.S. For information - TOR nodes listen to traffic, trojanjs hang on many sites (a trick that allows you to fire a person's real ip address), many scripts firing dns (obey, google), plus the rsa key has a bookmark. From all this, it appears that TOR is not such a panacea. Alternatively, use any .cn domain and server in China. Fortunately, virtual machines are already on sale there.
Here's another way we found:
Website development in the .onion domain zone is no different from the standard "website building" on the legal Internet.
Getting started, you need to know English, basic knowledge will be enough and of course HTML, HTML5, PHP.
We need a Tor browser, free hosting in my case. If you decide to create a really serious website or forum, you need to "buy" a domain and hosting.
1. We go through a small registration
We write Username together without spaces (AnonymusMan), the site will automatically generate a domain name.
2. Of After the registration in the FTP section called, you Up Need to the create a new password, in the upper cell of the The table <br> we a leave the old one's specified 'DURING registration
3. Upload your "template" of the site to the host via FTP
To create a site on your PC, you need, that is, your computer will be in the role of a server. Install the Web server and configure the server, in the hostname file you can find the address of your site: (it will look something like this) http://hsa42zowcd7jvqum.onion/ in the .onion network. Screenshot's can be viewed here.
That's all the first steps in the "Dark Web" have been made, you can get to work.
In this article, I tried to introduce you to the easiest way, there are more professional approaches when using Kali Linux and at the end, keep another manual from cryptopunks - https://cryptopunks.org/article/create-onion-resource-in-tor/
Garlic and onion hosting: how to raise a web resource so that the domain is not taken away
Disclaimer: The tools described here are completely legal. It's like a knife: someone cuts cabbage into a salad, someone uses it for attacks. Therefore, the post is devoted exclusively to tools that can be used for both good and bad purposes.
Global DNS is a wonderful thing that has survived decades. But he has a fundamental problem - your domain can simply be split if they suddenly decide that you have violated something. Or someone with money and connections will have a grudge against you. Everyone remembers the history of the same torrents.ru. If for some reason you want to remove such risks, you can look towards overlay networks, which simply do not have a regulator capable of dividing a domain name. Therefore, we will raise onion and i2p web resources.
Onion rings
Let's start with the classics. I think that on Habré, almost everyone used Tor in the form of the Tor-browser bundle. It helped me a lot when, in the process of hunting for Telegram, they suddenly began to abruptly break connectivity with the largest hosters in the most unexpected places. In this mode, Tor uses classic onion encryption, layer-by-layer wrapping data in such a way that it would be impossible to establish the source and destination of the packet. Nevertheless, the end point of the route is still the regular Internet, where we end up through the Exit nodes.
This solution has several problems:
Therefore, we will raise the onion resource directly within the network, without access to the regular Internet. For example, as an additional backup entry point to your resource. Let's assume that you already have a web server with some content served by nginx. For starters, if you do not want to shine on the public Internet, do not be too lazy to go to iptables and set up a firewall. You must be blocked from accessing your web server from anywhere except localhost. As a result, you got a site accessible locally at localhost:8080/. Additional fastening of https will be redundant here, since the tor transport will take over this task.
Expanding TOR
I will consider the installation using Ubuntu as an example, but there will be no fundamental differences with other distributions. First, let's define the repository. The official documentation does not recommend using packages that are maintained by the distribution itself, as they may contain critical vulnerabilities that have already been patched upstream by developers. Moreover, the developers recommend using the unattended-upgrades mechanism for automatic updates in order to ensure their timely delivery.
Create a file for an additional repository:
And add the necessary addresses to it:
Now we need to take care of the gpg key, without which the server will reasonably not trust new packages.
Now you can install the main package from upstream and the keychain to automatically update the signature.
Configuring proxying
In / etc / tor / torrc, you will find the daemon configuration file. After updating it, do not forget to restart it.
Just want to warn especially curious users. Do not enable relay mode on your home machine! Especially in exit node mode. They can knock. On a VPS, I would not configure the node as a relay either, since this will create a rather significant load on both the processor and traffic. On a wide channel, you can easily reach 2-3 terabytes per month.
Find a section in torrc that looks like this:
Here you need to register your localhost web resource. Like that:
Or you can use unix sockets:
We get the address
That's it, now we restart the tor daemon via systemctl and look at HiddenServiceDir. There will be several files - a private key and your "onion" hostname. It is a random 16 character identifier. For example, gjobqjj7wyczbqie.onion is the address of the Candle search resource. The address is completely random, but with a sufficiently long search, you can generate a human-readable pair from the address and the private key. Of course, not all 16 characters - it would take billions of years. For example, the well-known catalog of Flibusta's books has a mirror flibustahezeous3.onion, and Facebook spent a lot of resources to choose the most euphonious from the generated options: facebookcorewwwi.onion.
That's it, after some time your resource will be announced and will become globally available. Please note that you can proxy not only the http protocol, but also any other.
Garlic
The second option was conceived as even more paranoid in nature. The i2p project was not originally conceived as a means of proxying traffic to the regular Internet and, in terms of architecture, is a completely closed overlay network. Separate gates in both directions exist, but this is rather an exception. Moreover, it is potentially unsafe.
I2p has several options for implementing software router nodes. The official implementation is written in Java. And it just monstrously devours all available resources, both in terms of RAM and CPU. Nevertheless, it is she who is considered the reference and is regularly audited. I would recommend that you use the much lighter version, i2pd, written in C ++. It has its own nuances that may cause some i2p applications to fail, but overall it's a great alternative implementation. The project is actively being sawed at the present time.
Install the demon
The best part is that the authors have provided many deployment options, including docker and snap. You can go the way of the classic repository.
But I would advise using snap. It will not only quickly and conveniently deploy the daemon, but also provide automatic updates directly from the upstream, depending on the selected distribution channel.
Install snap if you haven't already and set the default stable option:
Configuring
Unlike the web-gui Java version, i2pd does not have so many settings, twists, and tabs. Only the most necessary things up to asceticism. However, the easiest way is to configure it directly in the config file.
In order for your web resource to become available in i2p, it must be proxied similarly to the onion option. To do this, go to ~ / .i2pd / tunnels.conf and add your backend.
After restarting the daemon, you will get a random 32-bit address. It can be viewed in the web console, which is available by default at 127.0.0.1:7070 /?Page=i2p_tunnels. Do not forget to allow access to it from your IP address, if necessary. By default, it is only available on the local interface. There will be something scary like: ukeu3k5oycgaauneqgtnvselmt4yemvoilkln7jpvamvfx7dnkdq.b32.i2p
The i2p network has a semblance of DNS, but it is more like a scattered list of / etc / hosts. You subscribe to specific sources in the console that tell you how to get to the conditional flibusta.i2p. Therefore, it makes sense to add a more or less beautiful name to large resources like inr.i2p.
Can i2p and onion be deployed?
You can use any bulletproof hosting. In the event of a motivated complaint against our client, hoster can terminate the contract and extinguish the virtual machine. Most hosters will do the same. However, due to the peculiarities of the tor architecture, and especially i2p, it is very difficult, and often simply impossible, to determine exactly where the website is hosted.
Nevertheless, there is nothing illegal in the very use of such tools. Therefore, we will not mind if you open a mirror of your legal web resource in overlay networks. In any case, I strongly recommend again not to blindly experiment with tor on your home machine. Either the IP can get blacklisted, or the pative will arrive. Better to rent a VPS, it is inexpensive.
You can find a list of bulletproof hosters in this thread, prices are very cheap, everyone can afford
Step-by-step guidelines are everywhere on the web
At the moment, there are no hosting sites that provide a shared or a cluster with a link to .onion.
Let me explain why next.
You need to redeem your vps \ vds \ dedicated and then configure it.
Concise: why there are no shares, why you need your own VPS and how to set it up.
1. Shareds are not present, because it is assumed that 1 .onion domain will go to the network from 1 physical virtual machine. Of course, with the help of ngnix, you can configure the config and even screw ispmanager to create accounts with domains. But TOP is always scam, CPU, legal and other black sites. And any hosting is a reselling of physical equipment in the last instance. And as a fact - abuses, hold, deletion of the entire configuration (up to reseller accounts). Therefore, we are buying a separate VPS.
2. It's safety. An average virtual machine costs 256-300 rubles, it takes 5 minutes to set up transparent proxying from your domain via ngnix. The same site (physical domain, gtld for example, + .onion) on the same server, I would not.
3. Basic knowledge of linux, command line is required. If there are none, go to the trading sections, the work section. If there is no money - then go straight to coursea, learn cmd linux. Ninja-way so to speak.
If there is, go on. Any debian-like distribution is needed.
Code:
sudo apt-get install torWe didn't tweak the .onion domain here, but this is already a topic for a separate conversation.
P.S. For information - TOR nodes listen to traffic, trojanjs hang on many sites (a trick that allows you to fire a person's real ip address), many scripts firing dns (obey, google), plus the rsa key has a bookmark. From all this, it appears that TOR is not such a panacea. Alternatively, use any .cn domain and server in China. Fortunately, virtual machines are already on sale there.
Here's another way we found:
Website development in the .onion domain zone is no different from the standard "website building" on the legal Internet.
Getting started, you need to know English, basic knowledge will be enough and of course HTML, HTML5, PHP.
We need a Tor browser, free hosting in my case. If you decide to create a really serious website or forum, you need to "buy" a domain and hosting.
1. We go through a small registration
We write Username together without spaces (AnonymusMan), the site will automatically generate a domain name.
2. Of After the registration in the FTP section called, you Up Need to the create a new password, in the upper cell of the The table <br> we a leave the old one's specified 'DURING registration
3. Upload your "template" of the site to the host via FTP
To create a site on your PC, you need, that is, your computer will be in the role of a server. Install the Web server and configure the server, in the hostname file you can find the address of your site: (it will look something like this) http://hsa42zowcd7jvqum.onion/ in the .onion network. Screenshot's can be viewed here.
That's all the first steps in the "Dark Web" have been made, you can get to work.
In this article, I tried to introduce you to the easiest way, there are more professional approaches when using Kali Linux and at the end, keep another manual from cryptopunks - https://cryptopunks.org/article/create-onion-resource-in-tor/
Garlic and onion hosting: how to raise a web resource so that the domain is not taken away
Disclaimer: The tools described here are completely legal. It's like a knife: someone cuts cabbage into a salad, someone uses it for attacks. Therefore, the post is devoted exclusively to tools that can be used for both good and bad purposes.
Global DNS is a wonderful thing that has survived decades. But he has a fundamental problem - your domain can simply be split if they suddenly decide that you have violated something. Or someone with money and connections will have a grudge against you. Everyone remembers the history of the same torrents.ru. If for some reason you want to remove such risks, you can look towards overlay networks, which simply do not have a regulator capable of dividing a domain name. Therefore, we will raise onion and i2p web resources.
Onion rings
Let's start with the classics. I think that on Habré, almost everyone used Tor in the form of the Tor-browser bundle. It helped me a lot when, in the process of hunting for Telegram, they suddenly began to abruptly break connectivity with the largest hosters in the most unexpected places. In this mode, Tor uses classic onion encryption, layer-by-layer wrapping data in such a way that it would be impossible to establish the source and destination of the packet. Nevertheless, the end point of the route is still the regular Internet, where we end up through the Exit nodes.
This solution has several problems:
- Unfriendly people may come to the owner of the Exit node and begin to claim that the owner is an inveterate criminal, swearing bad words at the authorities. There is a nonzero risk that few people will listen to your explanations about the fact that you are only an exit node.
- Using the tor network as a proxy to ordinary resources anonymizes the client, but does not help in any way from dividing the domain and claims against the owner of the service.
- Preparing content and a regular web server
Therefore, we will raise the onion resource directly within the network, without access to the regular Internet. For example, as an additional backup entry point to your resource. Let's assume that you already have a web server with some content served by nginx. For starters, if you do not want to shine on the public Internet, do not be too lazy to go to iptables and set up a firewall. You must be blocked from accessing your web server from anywhere except localhost. As a result, you got a site accessible locally at localhost:8080/. Additional fastening of https will be redundant here, since the tor transport will take over this task.
Expanding TOR
I will consider the installation using Ubuntu as an example, but there will be no fundamental differences with other distributions. First, let's define the repository. The official documentation does not recommend using packages that are maintained by the distribution itself, as they may contain critical vulnerabilities that have already been patched upstream by developers. Moreover, the developers recommend using the unattended-upgrades mechanism for automatic updates in order to ensure their timely delivery.
Create a file for an additional repository:
Code:
# nano /etc/apt/sources.list.d/tor.listAnd add the necessary addresses to it:
Code:
deb https://deb.torproject.org/torproject.org bionic main
deb-src https://deb.torproject.org/torproject.org bionic mainNow we need to take care of the gpg key, without which the server will reasonably not trust new packages.
Code:
# curl https://deb.torproject.org/torproject.org A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -Now you can install the main package from upstream and the keychain to automatically update the signature.
Code:
# apt update
# apt install tor deb.torproject.org-keyringConfiguring proxying
In / etc / tor / torrc, you will find the daemon configuration file. After updating it, do not forget to restart it.
Just want to warn especially curious users. Do not enable relay mode on your home machine! Especially in exit node mode. They can knock. On a VPS, I would not configure the node as a relay either, since this will create a rather significant load on both the processor and traffic. On a wide channel, you can easily reach 2-3 terabytes per month.
Find a section in torrc that looks like this:
Code:
############### This section is just for location-hidden services ###Here you need to register your localhost web resource. Like that:
Code:
HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080Or you can use unix sockets:
Code:
HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
HiddenServicePort 80 unix:/path/to/socketWe get the address
That's it, now we restart the tor daemon via systemctl and look at HiddenServiceDir. There will be several files - a private key and your "onion" hostname. It is a random 16 character identifier. For example, gjobqjj7wyczbqie.onion is the address of the Candle search resource. The address is completely random, but with a sufficiently long search, you can generate a human-readable pair from the address and the private key. Of course, not all 16 characters - it would take billions of years. For example, the well-known catalog of Flibusta's books has a mirror flibustahezeous3.onion, and Facebook spent a lot of resources to choose the most euphonious from the generated options: facebookcorewwwi.onion.
That's it, after some time your resource will be announced and will become globally available. Please note that you can proxy not only the http protocol, but also any other.
Garlic
The second option was conceived as even more paranoid in nature. The i2p project was not originally conceived as a means of proxying traffic to the regular Internet and, in terms of architecture, is a completely closed overlay network. Separate gates in both directions exist, but this is rather an exception. Moreover, it is potentially unsafe.
I2p has several options for implementing software router nodes. The official implementation is written in Java. And it just monstrously devours all available resources, both in terms of RAM and CPU. Nevertheless, it is she who is considered the reference and is regularly audited. I would recommend that you use the much lighter version, i2pd, written in C ++. It has its own nuances that may cause some i2p applications to fail, but overall it's a great alternative implementation. The project is actively being sawed at the present time.
Install the demon
The best part is that the authors have provided many deployment options, including docker and snap. You can go the way of the classic repository.
Code:
sudo add-apt-repository ppa:purplei2p/i2pd
sudo apt-get update
sudo apt-get install i2pdBut I would advise using snap. It will not only quickly and conveniently deploy the daemon, but also provide automatic updates directly from the upstream, depending on the selected distribution channel.
Code:
no_face@i2pd:~$ snap info i2pd
name: i2pd
summary: Distributed anonymous networking framework
publisher: Darknet Villain (supervillain)
store-url: https://snapcraft.io/i2pd
license: BSD-3-Clause
description: |
i2pd (I2P Daemon) is a full-featured C++ implementation of I2P client.
I2P (Invisible Internet Protocol) is a universal anonymous network layer.
All communications over I2P are anonymous and end-to-end encrypted,
participants don't reveal their real IP addresses.
snap-id: clap1qoxuw4OdjJHVqEeHEqBBgIvwOTv
channels:
latest/stable: 2.32.1 2020-06-02 (62) 16MB -
latest/candidate: ↑
latest/beta: ↑
latest/edge: 2.32.1 2020-06-02 (62) 16MB -Install snap if you haven't already and set the default stable option:
Code:
apt install snapd
snap install i2pdConfiguring
Unlike the web-gui Java version, i2pd does not have so many settings, twists, and tabs. Only the most necessary things up to asceticism. However, the easiest way is to configure it directly in the config file.
In order for your web resource to become available in i2p, it must be proxied similarly to the onion option. To do this, go to ~ / .i2pd / tunnels.conf and add your backend.
Code:
[anon-website]
type = http
host = 127.0.0.1
port = 8080
keys = anon-website.datAfter restarting the daemon, you will get a random 32-bit address. It can be viewed in the web console, which is available by default at 127.0.0.1:7070 /?Page=i2p_tunnels. Do not forget to allow access to it from your IP address, if necessary. By default, it is only available on the local interface. There will be something scary like: ukeu3k5oycgaauneqgtnvselmt4yemvoilkln7jpvamvfx7dnkdq.b32.i2p
The i2p network has a semblance of DNS, but it is more like a scattered list of / etc / hosts. You subscribe to specific sources in the console that tell you how to get to the conditional flibusta.i2p. Therefore, it makes sense to add a more or less beautiful name to large resources like inr.i2p.
Can i2p and onion be deployed?
You can use any bulletproof hosting. In the event of a motivated complaint against our client, hoster can terminate the contract and extinguish the virtual machine. Most hosters will do the same. However, due to the peculiarities of the tor architecture, and especially i2p, it is very difficult, and often simply impossible, to determine exactly where the website is hosted.
Nevertheless, there is nothing illegal in the very use of such tools. Therefore, we will not mind if you open a mirror of your legal web resource in overlay networks. In any case, I strongly recommend again not to blindly experiment with tor on your home machine. Either the IP can get blacklisted, or the pative will arrive. Better to rent a VPS, it is inexpensive.
You can find a list of bulletproof hosters in this thread, prices are very cheap, everyone can afford
