Tor

Reading time: 1 min

Create

mkdir -pv /home/tor/hidden-services/service.name.lh
chown tor:tor /home/tor/hidden-services/service.name.lh
chmod 700 /home/tor/hidden-services/service.name.lh

/etc/tor/torrc:

HiddenServiceDir /home/tor/hidden-services/service.name.lh
HiddenServicePort 80 127.0.0.1:4000

Restart tor. Check hostname:

cat /home/tor/hidden-services/service-name/hostname

Protect

cp /home/tor/hidden-services/previously-created-service/authorized_clients/v.auth /home/tor/hidden-services/service-name/authorized_clients/
cp /home/tor/onion-auth/{previously-created-service,service-name}.auth_private

Edit /home/tor/onion-auth/service-name.auth_private. Change the part before first colon (^[^:]+) with hostname without .onion.

Restart tor. Check site with torsocks curl or tor browser. Key is the part after last colon ([^:]$) in /home/tor/onion-auth/service-name.auth_private file.

Tips

Allow cross origin requests from service-hostname.onion if necessary.

TODO

Consider using a single domain with different ports for auth protected services.

Ref

• https://community.torproject.org/onion-services/setup/
• https://community.torproject.org/onion-services/advanced/client-auth/