Release channel: green
- How to use UBOS
- Setting up networking and DNS
- Setting up your first web App
- How to create a website secured by SSL/TLS
- How to set up a website as a Tor hidden service
- Managing Sites and Apps
- Backup and restore
- Upgrading and keeping your device current
- The UBOS Staff
- I’m running out of disk space, what now?
- App-specific notes
- Device-specific Notes
- Advanced management
- Command reference
- Writing an image to a USB stick or SD card
- How to use SSH
- How to use Pagekite to reach your UBOS device behind a firewall
- How to report a bug or issue
- User FAQ
- How to develop for UBOS
- UBOS Releases
How to set up a website as a Tor hidden service¶
Tor is generally known as a way to browse the web anonymously. That requires a special browser, but the user’s web traffic is heavily encrypted and bounced between several countries, so it becomes rather difficult even for well-resourced adversaries (oppressive governments, for example), to track a user around the web.
Less well-known is that Tor also enables people to publish websites whose location is very hard to find and whose users are hard to track. These “hidden sites” have strange URLs consisting of seemingly random letters, and end in .onion. While some major companies publish sites as hidden services (for example, Pro Publica and Facebook), the webserver configuration involved so far has been out of reach for most people.
With UBOS, it is simple.
Why you might consider publishing your Site as a Tor hidden service¶
First the downsides:
- Only the (small) number of people using a Tor-aware browser will be able to access your Site.
- Because of all the bouncing around of traffic, your Site will be much slower than a comparable, normal website.
- You can’t pick a nice URL for your Site; the URL will contain gibberish.
- You can publish your Site from behind your home’s firewall without needing to make any configuration changes to your router, or needing your internet service provider’s permission to run a web server from home.
- You can pack up the computer that runs your Site, and plug it into any network anywhere, and the Site will re-appear on the internet, without needing any configuration changes, DNS changes or the like.
And yes, there are other things you can do with Tor hidden services. Note that we make no warranties whatsoever that the Tor configuration created by UBOS is safe to embark on any of those activities; you should not rely on UBOS for your security, whether your motives are noble or not.
Setting up the Tor Site¶
When you create the Site, you simply add --tor to the ubos-admin createsite command. That’s all. For example:
% sudo ubos-admin createsite --tor
Tor “onion” hostnames usually do not have DNS entries and cannot be resolved outside of the Tor network. However, if somebody were to manually create such an entry that points to your device’s IP address (e.g. by adding it to your home router, to /etc/hosts, executing curl --resolve etc.), your device running the Tor Site will serve the Site directly as well, without going through Tor.
This is not usually a problem if you run your Tor Site from behind a firewall, like on a typical home network. However, anybody who can send HTTP requests directly to your device, such as anybody who can connect to your (typically configured) home WiFi network can use this to test whether or not your device runs a specific Onion hidden service by performing a direct HTTP request on your device with its dot-onion hostname.