Setting Up a Tor Mirror for This Site on OpenBSD

1. Tor Setup
- 1.1. /etc/tor/torrc
- 1.2. Running Tor and getting your address
2. httpd
3. relayd

Setting up a Tor hidden service is actually much easier than I had previously assumed. I just set this up on this site so you can now visit via the onion address http://7sp2wkilron3xoozko37jctb2exs4vdbf6pnp7iws7yttfrngke3zvyd.onion.

I run this site on an OpenBSD server, hence all these configurations and instructions are for OpenBSD. This won't be a full intro into Tor hidden services, just an example on how to set one up specifically for my website (and how you can for yours too).

1. Tor Setup

Install Tor with pkg_add tor

1.1. `/etc/tor/torrc`

Log notice file /var/log/tor/notices.log
Log debug file /var/log/tor/debug.log

RunAsDaemon 1

DataDirectory /var/tor

HiddenServiceDir /var/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:80

User _tor

Log specifies where to log notice and debug messages. You should create these files first and change the owner to the _tor user

mkdir /var/log/tor
touch /var/log/tor/notices.log && /var/log/tor/debug.log
chown _tor:_tor var/log/tor/*.log

RunAsDaemon lets tor run as a daemon.
DataDirectory is where all Tor data files will be stored.
HiddenServiceDir is where hidden services are located.
HiddenServicePort is the port the hidden service will listen on and where it should redirect to.
User is what user Tor should run as. If you don't set this rcctl will try to run it as root and it will fail because the /var/tor directory is owned by _tor

1.2. Running Tor and getting your address

rcctl enable tor && rcctl start tor to enable and start tor.

You should be able to get your tor hidden address now by catting /var/tor/hidden_service/hostname. This is the address you will connect to via the Tor browser or torsocks proxy (but not yet, we're not done).

2. httpd

Configuring httpd is pretty simple. You just add a new server configuration.

server "your-super-long-onion-address.onion" {
    listen on * port 80
    root "/htdocs/your-site-files"
}

Then rcctl restart httpd. At this point you should be able to visit your onion address via the Tor browser!

3. relayd

The final optional step if you have a clear web vesrion of your site is that you can advertise your onion site to people via the Onion-Location header. You can add this header in your relayd configuration. In your http protocol httpd block, add the following line:

match response header append "Onion-Location" value "http://your-super-long-onion-address.onion"

I have not figured out how to attach the url path to the end of the onion location. So say you are viewing this post on the clear web site using the Tor browser, and you click the ".onion available" option, it will redirect you to the root of the site, not this current post.

If I figure this out I will update this post.