Setting up nginx, TOR, and creating your own hidden website

The ideology behind free internet & speech

The essence of the term “free internet” means much more than freedom of speech, it means an internet where censorship is abolished, where oppressed countries (Iran, China, North Korea) are un-oppressed and free to use their internet as they please. It means that governments can not stop us from sharing media, leaking oppressed democratic documents about our corrupted government and their hidden agendas. It is not just a means of communication around the world, it is a movement. Since the rise of the technologic age, there has been oppression by both democratic and totalitarian governments. Whether it be Chinas government censoring the media and spreading propaganda, or the American government trying to pass bills like SOPA and PIPA, it exists.

Luckily there are ways to fight the system and stand up for what you believe in. Privacy and freedom is not something that has come easy over time, but is earned through fighting and taking a stance. Setting up your own hidden website is a step towards true anonymity and freedom of the internet. Even running a TOR node alone, can help oppressed citizens access the internet. So, lets get started.


You will need a few things to get yourself started on creating a server for TOR and a hidden website.

1. A VPS server with at least 256MB RAM, and whatever space you will need for your site, also you might want to check with your VPS provider to ask if you can run a TOR node, but most will not have a problem as long as you don't run an exit node.

2. Basic knowledge of terminal usage, and navigating through it.

3. A will for freedom of internet and speech.

4. Debian 7 or later (Ubuntu should work fine as well)

Setting up nginx

First we need to add the nginx repositories to our source lists. Execute the following:

sudo nano /etc/apt/sources.list

Then add these lines to that file:

deb wheezy nginx

deb-src wheezy nginx

deb wheezy main

Now we need to import the GPG signing keys. Run these commands:

gpg —keyserver —recv 886DDD89

gpg —export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

apt-key add nginx_signing.key

Now update our sources and we have to install TOR and nginx servers. Execute the following:

sudo apt-get update

sudo apt-get install nginx -y

sudo apt-get install tor -y

After they have finished installing, run

sudo apt-get update


Now we have to configure nginx. If you don't have nano installed, now would be a good time to install it (or which ever editor you prefer, e.g. vim)

sudo apt-get install nano

Now that we have nano, it's time to configure nginx. Run the following:

nano /etc/nginx/conf.d/default.conf

Now replace what is in that file with the following:

server {
    root /var/www/;
    client_max_body_size 99M;
    charset utf-8;
    index index.html;

Now we need to create our web root. Execute these:

mkdir /var/www

touch /var/www/index.html && “<h1>If you see this, we have succeeded</h1>” > /var/www/index.html

Now that nginx is installed and ready to serve our TOR site, we can configure TOR. Open this file:

nano /etc/tor/torrc

…and add this to it:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80

Now create the HiddenServiceDirectory and we need to give it the proper permissions:

mkdir /var/lib/tor/hidden_service/ 

chown debian-tor:debian-tor /var/lib/tor/hidden_service/ 

chmod 0700 /var/lib/tor/hidden_service/

Restart TOR and nginx:

/etc/init.d/nginx restart

/etc/init.d/tor restart

Now comes the part where you have to make a choice. Either is fine, but one might be more appealing to both you and your user base. You need to decide if you want a vanity address, or just a normal hashed address. Example:

Vanity address will look like: mywebsitedgh789478wfhu.onion

Normal hashed address will look like: enskgn47832w9gfi82349gh.onion

As you can see “vanity” means just that, it is a personalized beginning to your hostname hash. Either way there is a private key for both, so I don't see why you wouldn't want even a small vanity hash.

Normal Hash Hostname

To get just a normal generated hash, open the following and grab your generated hostname.

nano /var/lib/tor/hidden_service/hostname

Vanity Hostname Hash

First thing you will need to do is figure out if you want to generate the hostname on your Windows PC or on the VPS. I strongly recommend you do the generation on your personal PC and then transfer the information to your web server, as this does not leave any evidence behind, no matter how small.

So I will only outline how to do this on windows.

Download the latest scallion generator here: Scallion Download

Now that we have that downloaded, extract it to your desktop, or anywhere else you want to.

Wherever you extracted it to, go to that folder, and press SHIFT + Right Click on the scallion folder. Select “Open a command window here”

Now we are in the scallion folder. Run this command and replace “myname” with whatever you want your beginning of your hostname to be. Note: The shorter the name, the less time it will take to generate it. If you plan on generating a longer name, say, over 5 or 6 characters, make sure you have a GPU present, and that it is working with scallion, or it will take a long time to generate one.


scallion.exe -d 0 myname

If your GPU is listed as device “0” then it will use your GPU to make your hash. I couldn’t get the SHA-1 hashes to match between my CPU and GPU, thus, couldn't use my GPU to generate the hash. If you get this error:

GPU and CPU SHA-1 calculations do NOT match.

Hashing will NOT work until this is resolved.

The program will continue, but WILL NOT find a valid match.


You will need to do it by CPU.

So I had to run it on my CPU only, using the following command:

scallion.exe -d 1 myname

Your PC will now generate your hash, and spit out some working expressions. Once it is finished you should get an output like this:

Looks good!
LoopIteration:1  HashCount:16.78MH  Speed:7.8MH/s  Runtime:00:00:02  Predicted:0
0:00:00  CPU checking hash: '''what'''aokdnd6t5px3

Ding!! Delicious scallions for you!!

Public Modulus:  157386075110109782187467101942307169670443660100929097401584109
Public Exponent: 1626715027
Address/Hash: '''what'''aokdnd6t5px3.onion


init: 2412ms / 1 (2412ms, 0.41/s)
generate key: 634ms / 5 (126.8ms, 7.89/s)
cpu precompute: 9ms / 5 (1.8ms, 555.56/s)
total without init: 2181ms / 1 (2181ms, 0.46/s)
set buffers: 0ms / 1 (0ms, 0/s)
write buffers: 0ms / 1 (0ms, 0/s)
read results: 2154ms / 1 (2154ms, 0.46/s)
check results: 15ms / 1 (15ms, 66.67/s)

7.69 million hashes per second

If you get this, you have been successful! Pat yourself on the back. As you can see, I only used a short name labelled “what” then the rest of the hash is generated automatically.

Now we need to get this information into our server. To do this, we need to delete one file and change another. Remember our HiddenServiceDirectory we specified earlier? Yeah, well we need to go back there.

Execute the following:

cd /var/lib/tor/hidden_service

rm hostname

Once that is done we need to edit our private key. Using the private key we just generated with scallion, copy the key starting at “—–BEGIN RSA PRIVATE KEY—–” and ending at “—–END RSA PRIVATE KEY—–”. Make sure you include both of those headers, along with your private key.

With that copied we need to edit the file. Execute:

nano private_key

Now delete the private key that is there already, and replace it with the one from scallion, remembering to include the header and footer.

Save the file and exit nano.

To apply our new hostname we need to reboot TOR and nginx, upon reboot the hostname will be generated and applied.

/etc/init.d/nginx restart

/etc/init.d/tor restart

We can verify the changes have taken place:

nano /var/lib/tor/hidden_service/hostname

If you see your newly generated vanity address, you have been successful! Copy it down somewhere safe. This will be the address you type in the browser while using TOR.


Go ahead and fire up TOR on your PC, and type in your new address from the



If you get the message we set up earlier, then you have successfully completed the setup.

Now you can concentrate on building your website, forum, wiki or whatever else you wanted to use this for.

Note: This is just the basic setup of a TOR web service. There are always ways to secure your website beyond what I have demonstrated here, and if you are planning on running something that will attract attention, it is advised you secure your server and your anonymity. Google is your friend.


How To | Reference | Censorship

QR Code
QR Code create_your_own_hidden_site_using_nginx_and_tor (generated for current page)