Recombi.net > Create Hidden Websites on Tor

apaches and onions (as opposed to apples and oranges)
How to make an onion site on a different apache port.

One needs to be root to modify and configure the system. If you have root access then remain logged in as root for all the modifications/configurations. If you have sudo access then do sudo su root before modifying configurations if done in terminal. The prerequisites are that apache2 and tor are installed. Debian / Ubuntu can install both using:
sudo apt-get install apache2 tor libapache2-mod-removeip

I use [] brackets in the examples to prevent copying and pasting from this guide so as to prevent misconfiguring the site. Read through and apply what you learn with understanding what you intend to do.

First you will have to decide on the document root for your onion which will be referred to as
[/your/hidden/site/document/root/]

Second you will have to decide which port you want to open on localhost/loopback that is not in conflict with other ports running on your system. This will be referred to as [port]

In /etc/apache2/apache2,conf:
#add following after modifying to right directory
#replace [/your/hidden/site/document/root/] with the path to site (without [] brackets) from example
#i.e.

#Will turn server signatures off, protecting your webserver from leaking important details
ServerSignature Off
ServerTokens Prod

In /etc/apache2/ports.conf
#add following replacing [port] with the port number you want to use for onion connects
Listen 127.0.0.1:[port]
NameVirtualHost 127.0.0.1:[port]
#Prevents leaks of real hostname
ServerName 127.0.0.1

#create a new conf file in /etc/apache2/sites-available
#i.e. /etc/apache2/sites-available/001-default.conf
#replace [port] with port used to host onion site (without the []brackets) used in example
#i.e.
#replace [/your/hidden/site/document/root/] with the path to site (without [] brackets)
#i.e. DocumentRoot /your/hidden/site/document/root/


# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
# ServerName www.example.com

ServerAdmin webmaster@localhost
DocumentRoot [/your/hidden/site/document/root/]

# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

cd /etc/apache2/sites-enabled
ln -s ../sites-available/001-default.conf

#Now you will have to (sudo)
#chmod 755 -R /your/hidden/site/document/root/
#cd /your/hidden/site/document/root/
#In order for the php scripts to work properly they need the right permissions (644)
#make sure you have changed the directory to the DocumentRoot you specified earlier before doing the following:
#find . -type f -name '*.php' -exec chmod 644 {} ;

If you want to disable logs for apache, then you will need to
#you can use rm, but srm is preferred to securely wipe installed by package secure-delete
cd /var/log/apache2
srm errors.log
ln -s /dev/null ./errors.log
srm access.log
ln -s /dev/null ./access.log
srm other_vhosts_access.log
ln -s /dev/null ./other_vhosts_access.log

/etc/init.d/apache2 stop
/etc/init.d/apache2 start

Use a browser to connect to localhost:[port] whatever port you have chosen in a browser running on the machine.

If it works it will either show a directory listing or the index.html/php file in the DocumentRoot of your website.

Now to configure the onion:
Add lines to /etc/tor/torrc in area where hidden services are specified:
#replace [/var/lib/tor/hidden_site] with wherever you want to store hostname/private key for your .onion address (not same directory as your DocumentRoot.)
#i.e. HiddenServiceDir /var/lib/tor/hidden_site/
#replace [port] with the port we specified in earlier configurations
#i.e. HiddenServicePort 80 127.0.0.1:81
#the 80 will be the standard port for external web access via the onion and the 127.0.0.1:[port]
#is the port we configured the apache to use for one's hidden website
HiddenServiceDir [/var/lib/tor/hidden_site/]
HiddenServicePort 80 127.0.0.1:[port]

Now to restart tor

/etc/init.d/tor stop
/etc/init.d/tor start

After having completed editing /etc/tor/torrc + starting and stopping tor, we will need to get the onion site's newly generated hostname

#cat [/var/lib/tor/hidden_site/hostname]
#i.e. cat /var/lib/tor/hidden_site/hostname

Now you should be able to use Tor Browser to visit your onion site.

You can repeat this process as many times as you like up to all the free ports that you have on your unit if you like.