• View
• Edit
• History
• Print

Hidden

Installation

Install tor.

# pkg_add tor

Configuration

Edit /etc/tor/torrc.

# ${EDITOR:-vi} /etc/tor/torrc

To begin configuring the hidden service, find the section in /etc/tor/torrc that contains HiddenServiceDir and HiddenServicePort.

Some things to note:

• For each hidden service (each .onion), there must be one HiddenServiceDir and at least one HiddenServicePort.
• HiddenServiceDir may be any path the _tor user can create.
• In most cases, the virtual port and the target port for HiddenServicePort will be the same.

HiddenServiceDir /var/tor/example_service_dir
HiddenServicePort <Virtual port> 127.0.0.1:<Target port>

Verify file permissions

Make sure the HiddenServiceDir path is owned by the correct user and group, and that it has the correct permissions.

# chown _tor:_tor /var/tor/example_service_dir
# chmod 700 /var/tor/example_service_dir

Start the service

Use rcctl to start the hidden service. If satisfied, you can also enable the service so that it starts automatically at boot.

# rcctl start tor
# rcctl enable tor

Retrieve the hostname

To get the hostname associated with a hidden service, print it out with cat.

# cat /var/tor/example_service_dir/hostname

Require authorization (optional)

Sometimes it can be useful to require authorization for hidden services, that way they remain private even if the hostname is somehow discovered. A public and private key pair is used for authorization, similar to SSH keys.

See this article on private onion services ^archive.org for more details.