Have you ever wanted to start you own onion site and create an anonymous messaging forum available to your TOR community? I can help you setup exactly that with a free trier AWS EC2 instance or self hosted server in under an hour.
1) Spin up ubuntu 18.04 LTS instance (link here AWS EC2 ubuntu)
2) SSH to your AWS EC2 instance (link here on how to use putty and puttykeygen)
3) become root:
sudo -i
4) Setup Dependencies for TOR:
sudo apt update
sudo apt install apt-transport-https
Add these two lines to /etc/apt/sources.list:
sudo vi /etc/apt/sources.list
deb https://deb.torproject.org/torproject.org bionic main
deb-src https://deb.torproject.org/torproject.org bionic main
Add the Tor PGP public key, and keep it up-to-date:
curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
sudo apt update
sudo apt install tor deb.torproject.org-keyring
Now check your tor status:
sudo systemctl status tor.
Enable apt-over-tor:
sudo apt install apt-transport-tor
Edit and change the lines we added earlier in /etc/apt/sources.list:
sudo vi /etc/apt/sources.list
deb tor://sdscoq7snqtznauu.onion/torproject.org bionic main
deb-src tor://sdscoq7snqtznauu.onion/torproject.org bionic main
check the package manager for any errors:
sudo apt update
sudo apt install tor
You should be error free... Now setup a firewall to only allow your ssh connection
sudo apt install ufw
ufw allow ssh
Enable a firewall:
sudo ufw enable
Anonymous users like to spoof their server time zone:
sudo timedatectl set-timezone Europe/Zurich
sudo timedatectl set-ntp on
Backup the original Tor config file:
sudo cp /etc/tor/torrc /etc/tor/torrc.orig
Edit /etc/tor/torrc and uncomment the following lines: (remove the #)
sudo vi /etc/tor/torrc
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80
Restart Tor:
sudo systemctl restart tor
If you look in /var/lib/tor/hidden_service. You will see a hostname file that contains your TOR address (lettersandnumbers.onion). The folder also contains a public and private key for the tor service. Copy the contents of /var/lib/tor/hidden_service/hostname and we'll use this info to setup our nginx host access.
Configuring Nginx
We’re using Nginx for our web server, the nginx-extras package utilized the Headers More module which makes it easy to include response headers:
sudo apt install nginx-extras
Edit /etc/nginx/nginx.conf as root, and make sure to uncomment/add the lines below inside the http block.
sudo vi /etc/nginx/nginx.conf
server_tokens off;
server_name_in_redirect off;
port_in_redirect off;
Set up a document root for your hidden service
Here we create a document root, landing page, and blank page where all errors will redirect.
sudo mkdir /var/www/darkweb
echo 'Welcome to my onion site.' | sudo tee /var/www/darkweb/index.php
sudo touch /var/www/darkweb/error.html
sudo chmod 755 /var/www/darkweb
Remove the default server config:
sudo rm -vf /etc/nginx/sites-{available,enabled}/default
Create a new Nginx server config
Create and edit /etc/nginx/sites-available/80.darkweb.conf and remember to update the ser ver_name with your tor hostname from /var/lib/tor/hidden_service/hostname.
listen 127.0.0.1:80;
server_name lettersandnumbersfromhostfile.onion;
more_set_headers 'Server: Secure';
more_set_headers 'X-XSS-Protection: 1; mode=block';
root /var/www/darkweb;
index index.php index.html;
error_page 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 421 422 423 424 425 426 428 429 431 451 500 501 502 503 504 505 506 507 508 510 511 /error.html;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location = /error.html {
Internal;
}
# phpBB (you only need this part if you want to setup phpBB)
location /forum/ {
try_files $uri $uri/ @rewriteapp;
location ~ /(config\.php|common\.php|cache|files|images/avatars/upload|includes|(?<!ext/)phpbb|store|vendor) {
deny all;
}
location ~ \.php(/|$) {
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_PROXY '';
try_files $uri $uri/ /forum/app.php$is_args$args $document_root$fastcgi_script_name =404;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
location @rewriteapp {
rewrite ^(.*)$ /forum/app.php/$1 last;
}
location /forum/install/ {
try_files $uri $uri/ @rewrite_installapp;
location ~ \.php(/|$) {
include fastcgi.conf;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param HTTP_PROXY '';
try_files $uri $uri/ /forum/install/app.php$is_args$args $document_root$fastcgi_script_name =404;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
}
location @rewrite_installapp {
rewrite ^(.*)$ /forum/install/app.php/$1 last;
}
}
Setup MySQL
sudo apt-get install mysql-server mysql_secure_installation (follow the prompts)
Install PHP sudo apt-get install php-fpm php-mysql Edit php.ini and update/uncomment cgi.fix_pathinfo=0 sudo vi /etc/php/7.2/fpm/php.ini cgi.fix_pathinfo=0 sudo systemctl restart php7.2-fpm
sudo systemctl restart nginx
You now have MySQL, PHP and a localhost listener on port 80 for your .onion address, nginx will server the content from the /var/www/darkweb and will redirect all errors to the blank error.html page. You can edit this in the future to harden or change your error and cross scripting prevention methods.
Make this configuration available to Nginx:
cd /etc/nginx/sites-enabled
sudo ln -s ../sites-available/80.darkweb.conf
Check the Nginx configuration and reload:
sudo nginx -t
sudo nginx -s reload
Restart Nginx :
sudo systemctl restart nginx
Setup PHPbb
sudo mysql -u root -p
CREATE DATABASE phpbb;
CREATE USER 'phpbbuser'@'localhost' IDENTIFIED BY 'SomePassCode#1';
GRANT ALL ON phpbb.* TO 'phpbbuser'@'localhost' IDENTIFIED BY 'SomePassCode#1' WITH GRANT OPTION;
Sudo apt install unzip
cd /tmp && wget https://download.phpbb.com/pub/release/3.3/3.3.2/phpBB-3.3.2.zip
unzip phpBB-3.3.2.zip
sudo mv phpBB3 /var/www/darkweb/forum
sudo chown -R www-data:www-data /var/www/darkweb/forum
sudo chmod -R 755 /var/www/darkweb/forum
sudo apt-get install php-xml
sudo apt-get install php7.2-mbstring
Restart Nginx :
sudo systemctl restart nginx
Comments
Post a Comment