Create your hidden Tor service with unix socket

tor hidden service

Purpose

Create a hidden Tor service with unix socket.
Unix domain sockets can provide an additional layer of isolation protection.

To do your own service you need Tor and a webserver (Nginx for this example).

You can use my prevent post to generate ubuntu docker and access it with simple SSH \o/

Install

First install to on your server: 

1
2
3
4
sudo apt update
sudo apt upgrade
sudo apt install -y tor nginx php-fpm screen
#sudo apt install nano #optionnal

Configure Nginx

Create a configuration in /etc/nginx/sites-available/ 

1
2
3
cd /etc/nginx/sites-available/
sudo touch tor

Put your tor webserver configuration in this file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
server {

        #listen 127.0.0.1:80;
        listen unix:/var/run/nginx-tor.sock;

        root /var/www/html/tor/;

        index index.html index.php;

        server_name _;
        #server_name lcr[...]vijybok6d2yepvyqd.onion;

        access_log /var/log/nginx/tor-access.log;
        error_log /var/log/nginx/tor-error.log;


        location / {
                try_files $uri $uri/ =404;
        }

        if ($request_method !~ ^(GET|HEAD|POST)$ ){
          return 405;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        }
}

enable tor site in Nginx : 

1
sudo ln -s /etc/nginx/sites-available/tor /etc/nginx/sites-enabled/

Start php-fpm service : 

1
sudo service php7.4-fpm start

Create a simple web page: 

1
2
3
4
cd /var/www/html
sudo mkdir tor
cd tor
sudo nano index.php

Add : 

1
2
3
4
5
<?php

echo uniqid('My-tor-portal::', true);

?>

To get some content ;)

Set right on portal files/folders

1
sudo chown -R www-data:www-data tor

Start nginx server: 

1
sudo service nginx start

Configure Tor

configure /etc/tor/torrc file

1
2
3
4
5
6
sudo nano /etc/tor/torrc

# add in section "This section is just for location-hidden services"

HiddenServiceDir /var/lib/tor/myService/
HiddenServicePort 80 unix:/var/run/nginx-tor.sock

Your service files will be in “/var/lib/tor/myService”.

Start Tor

1
2
3
4
5
screen -S tor
sudo -u debian-tor tor -f /etc/tor/torrc 
[...]
MMM xx 13:50:59.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
MMM xx 13:51:00.000 [notice] Bootstrapped 100% (done): Done
  • [CTRL+A and CTRL+D] to exit screen without kill it and run command in background
  • screen -ls to show your screen session
  • screen -r tor to attach your session

Find your Tor URL

1
2
sudo cat /var/lib/tor/myService/hostname
xbt52kwof7g32bxrbznefvtotc3lpzcxtfagbbny2hmpzzcmch6iivyd.onion

Edit nginx configuration to match hostname : 

1
2
3
4
5
6
7
8
sudo nano /etc/nginx/sites-ava
# change server_name _; by your onion address
server_name xbt52kwof7g32bxrbznefvtotc3lpzcxtfagbbny2hmpzzcmch6iivyd.onion;

# save file
# stop nginx : sudo service nginx stop
# sudo rm /var/run/nginx-tor.sock   
# restart nginx : sudo nginx start

Now you can access your service with tor-browser, Brave, socks5 …

tor hidden service access

In case you want to test if your unix socket work you can run : 

1
curl --unix-socket /var/run/nginx-tor.sock http:/index.php