Docker tor hiddenservice nginx

Easily run a hidden service inside the Tor network with this container

Generate the skeleton configuration for you hidden service, replace for your hidden service pattern name. Example, if you want to your hidden service contain the word 'boss', just use this word as argument. You can use regular expressions, like ^boss, will generate an address wich will start with 'boss'. Be aware that bigger the pattern, more time it will take to generate it.

docker run -it --rm -v $(pwd)/web:/web \
       strm/tor-hiddenservice-nginx generate <pattern>

Create an container named 'hiddensite' to serve your generated hidden service

docker run -d --restart=always --name hiddensite -v $(pwd)/web:/web \
       strm/tor-hiddenservice-nginx

Let's create a hidden service with the name beginning with strm.

docker pull strm/tor-hiddenservice-nginx

Wait to the container image be downloaded. And them we can generate our site skeleton:

$docker run -it --rm -v $(pwd)/web:/web strm/tor-hiddenservice-nginx generate ^strm
[+] Generating the address with mask: ^strm
[+] Found matching domain after 137072 tries: strmfyygjp5st54g.onion
[+] Generating nginx configuration for site  strmfyygjp5st54g.onion
[+] Creating www folder
[+] Generating index.html template

Now we have our skeleton generated, we can run the container with:

docker run -d --restart=always --name hiddensite \
       -v $(pwd)/web:/web strm/tor-hiddenservice-nginx

And you have the service running ! :)

403 error on nginx, check your directory permissions and folder permissions. Nginx run as "hidden" user, his UID is 666, just check if you give this user access to the /web/www folder (in the case the folder mapped to it).

Here is an example of how a deploy using this other image looks like.

version: '3'

services:
  tor:
    image: strm/tor
    restart: always
    depends_on:
      - backend
    environment:
        LISTEN_PORT: "80"
        REDIRECT: "backend:80"
        PRIVATE_KEY: |
          -----BEGIN RSA PRIVATE KEY-----
          MIICXQIBAAKBgQDSqBzjGxL+UFdrFJSdc+LJn3RrXiaZ7k6kgSw8KqOCSRgIr2qO
          XZrCa3YHE+PqsfbDVF0GO0Xy3A9fsIxRFMUo3K++3BaVJslUbqK2TH9fJt5Ji1b6
          N5UzXsEzf73atXwMF63hgVFZFLhfSWH8jGE1svwDXn0YQWP88PVX34SrWQIDASsd
          AoGAUWdd+/m9TrTQyqK0IbzIr0fYQ5gDq4mv1GLEYjR4SWF8pSCxL1yOBsmQ02sj
          BSS2Vw4dpFfloCrRw2ipM8ac4kdLGCoYefQHwW2Kfdf9raVfPDP7vcxrs37sOgOh
          2rSXCOOrmcoMrEka2/OTGW15jaNUEEoWacS3YL1Fj0Bi6g0CQQD4ZmBiF6qu2XnT
          8lMr1Asdz3K8fYiyfl6CzHItUubAbQ8ipv12q8CerJqk3dO98V+w8llAsQ7BT5wq
          8AZOPQR3AkEA2RobnACDvb2Jw+dYSFsqrHyIDojKsrNiDEFedkiFijRFqme+nrif
          kJ4yTnSiphC+rSSBbvYMawsqiWBA7UPSrwJBAKXSVQClxNUpJ2PZt91HZAtuipRt
          t8suGIY4mot1iDRN0XdiNN8TNZ3qLag7wUU4or+Yn/3Xae1euHpyftTxmYsCQQCd
          oJxsGotYx62ULxPqz0um7yEWOU6hUAy8MB3X3FcTCjGO0PPKpfJ2ntXo0Ajcp5ci
          msi81/e9DTnF9mPjtsY9AkAUG6heBlETMFzyka9FHPgu9aN2kRwvJ3QZDHuPxYG4
          VZwljLxstlx57+N74D0aj6wrJw+iBH2BI+b+ZpnLXyy7
          -----END RSA PRIVATE KEY-----

To make it work you should also add a webserver with the name backend, and add your content there. There are more moving pieces using a deploy like this, so this is the justification for this repository, for people who never put anything on the deep web being able to enjoy it without busting their asses debugging some infrastructure.

docker build -t strm/tor-hiddenservice-nginx .

docker run -d --restart=always --name hiddensite \
       -v $(pwd)/web:/web strm/tor-hiddenservice-nginx

docker run -it --rm -v $(pwd)/web:/web \
       --entrypoint /bin/bash strm/tor-hiddenservice-nginx

Last updated 1 year ago

Was this helpful?