autofagist.blog

Hosting a Tor Hidden service on Amazon EC2

As the full moon waxes and a lone wolf howls at the night sky, a certain secretive mood might befall strayed developers. Let us host a site on darknet.

Disclaimer#

This guide does not cover any safety aspects of tor or darknet. If you plan on conducting any illegal activities on your hidden service, it is probably a good idea to do a bit of research regarding that beforehand. You bear the sole responsibility for what you do with this information.

This guide will not go into exact details regarding certain more obvious parts of the process. If you have a basic technical familiarity you should be fine.

A brief introduction to the onion router#

When people talk about darknet, they often talk about the tor (the onion router) network. Hidden Services on the tor network will be accessible through a tor browser at a .onion domain. Traffic on the tor network are passed through multiple hops, where each hop adds its own layer of encryption. This enables communication between two parts without either of them knowing each others location or identity.

Chapters#

  1. Create a server on Amazon
  2. Connect to your server by ssh
  3. Install tor on the server
  4. Host your website on the server
  5. Expose your site as a hidden service

Create a server on Amazon#

Hosting your hidden service on AWS is probably not a good idea. But let us do it anyway.

If you have not already, head over to Amazon AWS and create an account.

Go to Services -> EC2 and create a new instance with the image Ubuntu Server 16.04 LTS (HVM), SSD Volume Type. Choose the type t2.micro.

When promted, create a new keypair and download it. It is of great importance that you do not lose this file, if you do, you will not be able to access your EC2 instance.

Next, click the "instances" link in the left menu, and you should see your newly begotten server in the list.

Connect to your server by ssh#

If you are using a UNIX based operating system (e.g. mac or linux), you can use the integrated ssh command line tool. If you on the other hand are using windows, you will sadly have to install some ssh sofware like putty.

In the list of server instances you should currently be looking at on the AWS website, select your server and click the connect button. A modal appears with instructions of how to connect to your instance using ssh.

Using a terminal, navigate to the location of the key file you downloaded earlier paste the ssh connect string from the modal. It should look something like this:

ssh -i "name-of-key-file.pem" ubuntu@your-instance-id.your-region.compute.amazonaws.com

If anything went the way it should, it is custom and good fortune to wipe the drippling sweat of your furrowed pimply brow and whisper I'm in.

Install tor on the server#

Tor will make sure your website is only accessible through the onion network. We will keep this short for the sake brevity, but you can find more detailed instructions at the tor website.

Inside your ssh shell, enter the following commands (one by one):

sudo su
apt install apt-transport-https
deb https://deb.torproject.org/torproject.org xenial main
deb-src https://deb.torproject.org/torproject.org xenial main
curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
apt update
apt install tor deb.torproject.org-keyring

Tor should now be installed on your server instance.

Host your website on the server#

This could be done using any language. The sole requirement for this guide to work is that it should be accessible on localhost at an arbitrary port. For the sake of this tutorial, you may use my template to get started.

If you have your own way of running your server. Then you should rightly skip this chapter and read no further.

To use the template linked above, you need to install nodejs.

sudo apt-get install curl python-software-properties
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt-get install -y nodejs

Next, clone the repository in your home (~/) directory on the server and run it as a background process:

#clone the repository
git clone https://github.com/amygdaloideum/static-site-host-shell.git my-site-name
# enter the folder
cd my-site-name
# install the dependencies of the project
npm i
# install pm2 globally for running the server as a background process
npm i -g pm2
# start the server as a background process
pm2 start index.js

Not bad, lets proceed.

Hosting a tor hidden service#

The static server is now running on the EC2 instance. But there is no way of accessing it. Let us expose it to the tor network.

Edit the following file with the editor of your choice. This example uses vim:

sudo vim /etc/tor/torrc

Add the following lines at the bottom of that file. Our examples serves the website at port 8080. It might be another port in your case.

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080

Now start tor:

sudo tor

The adress to the .onion site should now reside in the hostname file inside /var/lib/tor/hidden_service. Behold it by running:

sudo cat /var/lib/tor/hidden_service/hostname

Paste the content of that file into the address bar in the tor browser. And, Shai Hulud willing, you should behold your page hosted as a hidden service on darknet.