How to set up a website as a Tor hidden service
There are reports that Tor support is currently broken on UBOS.
Tor is generally known as a way to browse the web anonymously. That requires a special browser, but the user’s web traffic is heavily encrypted and bounced between several countries, so it becomes rather difficult even for well-resourced adversaries (oppressive governments, for example), to track a user around the web.
Less well-known is that Tor also enables people to publish websites whose location
is very hard to find and whose users are hard to track. These “hidden sites” have
strange URLs consisting of seemingly random letters, and end in
some major companies publish sites as hidden services (for example,
the webserver configuration involved so far has been out of reach for most people.
With UBOS, it is simple.
Why you might consider publishing your Site as a Tor hidden service
First the downsides:
Only the (small) number of people using a Tor-aware browser will be able to access your Site.
Because of all the bouncing around of traffic, your Site will be much slower than a comparable, normal website.
You can’t pick a nice URL for your Site; the URL will contain gibberish.
You don’t need to purchase a domain name.
You can publish your Site from behind your home’s firewall without needing to make any configuration changes to your router, or needing your internet service provider’s permission to run a web server from home.
You can pack up the computer that runs your Site, and plug it into any network anywhere, and the Site will re-appear on the internet, without needing any configuration changes, DNS changes or the like.
And yes, there are other things you can do with Tor hidden services. Note that we make no warranties whatsoever that the Tor configuration created by UBOS is safe to embark on any of those activities; you should not rely on UBOS for hiding your Tor service, whether your motives are noble or not.
Setting up the Tor Site
When you create the Site, you simply add the option
--tor to the
ubos-admin createsite command. That’s all. For example:
% sudo ubos-admin createsite --tor
You may need to wait for a few minutes from the time UBOS completes its work, until your Tor browser is able to find the Site on the Tor network: securely advertising your Site on the Tor network takes a little bit of time.
Tor “onion” hostnames usually do not have DNS entries and cannot be resolved outside
of the Tor network. However, if somebody were to manually create such an entry that points
to your Device’s IP address (e.g. by adding it to your home router, to
curl --resolve etc.), your Device running the Tor Site will
serve the Site directly as well, without going through Tor.
This is not usually a problem if you run your Tor Site from behind a firewall, like on a typical home network. However, anybody who can send HTTP requests directly to your Device, such as anybody who can connect to your (typically configured) home WiFi network can use this to test whether or not your Device runs a specific Onion hidden service by performing a direct HTTP request on your Device with its dot-onion hostname.