I'll make an assumption that you are running Debian, and of course you have root access to the server. Either you already have a site that is up and running on ISPConfig, and you want to add an onion hostname to it, Or you want to make a new site, only available by tor onion services. https://community.torproject.org/onion-services/setup/ sudo apt install tor It's that simple. LOL Your Debian server is now running tor and tor daemon is automatically enabled. Verify this. sudo systemctl status tor sudo nano /etc/tor/torrc This entire file is commented out, by default. Just add these two lines at the bottom, or find them in the comments and uncomment / edit them. HiddenServiceDir /var/lib/tor/example.com/ HiddenServicePort 80 127.0.0.1:80 Substitute "example.com" with anything you like. It doesn't matter what you call it here. When you restart tor, the new onion hostname will be in this folder automatically. You will most likely be using HTTP port 80 for your onion site. The site IS secure due to the tor network and the keys generated by this torrc file. Google it if you want, but you won't need an SSL for your onion site, and Certbot / Let's Encrypt will not and can not do it anyway. sudo systemctl restart tor sudo cat /var/lib/tor/example.com/hostname cat will show you the onion site hostname generated when you restarted tor. 3HMeFFntBCqGiIcVIquQEL99jaQh5eOcYJWNqVAG.onion <- not a real hostname, but it will look like this Copy the hostname generated and open ISPConfig admin panel. First scenario is you already have a site up and running https://example.com ISPConfig > Sites > Aliasdomain for website > Add new Aliasdomain Domain: 3HMeFFntBCqGiIcVIquQEL99jaQh5eOcYJWNqVAG.onion Parent Website: example.com Redirect Type: No Redirect Redirect Path: Auto-Subdomain: None <- You don't need or want www here SEO Redirect: No redirect Don't add to Let's Encrypt certificate: Checked <- for real, check this Active: Checked SAVE You don't need to make any DNS settings for this hostname. Now just use the tor browser or what ever method you use to get to tor websites. http://3HMeFFntBCqGiIcVIquQEL99jaQh5eOcYJWNqVAG.onion Your onion site should be working. Both will show the same website. https://example.com <- still loads from clearnet browser. http://3HMeFFntBCqGiIcVIquQEL99jaQh5eOcYJWNqVAG.onion <-only works from tor browser. The second scenario, If you waned to just create a new onion site and not link to an existing site like example.com. ISPConfig > Sites > Add new website Server: ispconfig.com Client: Server Name :: Last (first, C1) IPv4Address: * IPv6-Address: Domain: 3HMeFFntBCqGiIcVIquQEL99jaQh5eOcYJWNqVAG.onion Auto-Subdomain: None <- you don't need or want www here SSL: UNCHECKED <- No SSL for onion sites Let's Encrypt SSL: UNCHECKED <- Let's Encrypt does not support onion sites Active: Checked SAVE
I didn't add a second onion site but I found instructions on that while I was researching. When you add the text to torrc, just add as many sites as you need onion hostnames for. sudo nano /etc/tor/torrc HiddenServiceDir /var/lib/tor/example.com/ HiddenServicePort 80 127.0.0.1:80 HiddenServiceDir /var/lib/tor/website.com/ HiddenServicePort 80 127.0.0.1:80 HiddenServiceDir /var/lib/tor/ispconfig.com/ HiddenServicePort 80 127.0.0.1:80 Restart tor any time you edit the torrc file. sudo systemctl restart tor Then you can cat each hostname to see the onion hostname for each. Just use each hostname for the site you wish to have onion site for. sudo cat /var/lib/tor/example.com/hostname sudo cat /var/lib/tor/website.com/hostname sudo cat /var/lib/tor/ispconfig.com/hostname
You have to decide your own threat model here. Sometimes you only want a bit more privacy than a VPN can give. A super simple way to proxy the tor network without opening the Tor Browser, or using VM or even worse, having to reboot into Tails, etc. Just run tor on your local computer. I do it like this. sudo apt install tor You are NOT running a tor node. Basically you have now enabled your computer access to tor by proxy 127.0.0.1:9050 On Firefox I installed an extension to easily proxy my browser to the tor network. Easy On, Easy Off. https://addons.mozilla.org/en-US/firefox/addon/tortm-browser-button/ With the extension, you can just simply click the button to proxy your browser to 127.0.0.1:9050. I don't know the dev, nor have I looked at the source code. Decide for yourself. I don't need Dark Web protection, so this is good enough for me. A VPN is nice, but this just adds a little bit extra. If you don't want to trust the dev, you can proxy your regular browser via the settings, which is all the extension is doing anyway. Firefox > Settings > Network Settings > Connections Settings Manual proxy configuration SOCKS Host 127.0.0.1 port 9050 SOCKS v5 Proxy DNS when using SOCKS v5 OK With that, your browser is proxied to the tor network, until go back into setting and select no proxy. Which ever way you choose to get on the tor network, you can check that your browser is actually on the tor nework. https://check.torproject.org/
You posted on ISPConfig 3 forum, did you do Tor setup on a host already running ISPConfig? I think it might be dubious to add websites manually on ISPConfig host.
I just re-read your question. I did install it on my ISPConfig server. As best as I can tell installing tor had no impact on the server. It only adds tor and the tor daemon to Debian. The daemon is only listening to port 9050 so it won't impact ISPConfig. Then you just manage the actual website files from ISPConfig as you would normally with an FTP user account. And tor does not need DNS at all. So if an admin wants to add a standalone onion site, they would only need to install tor and then go to ISPConfig and add the New Site with the .onion hostname. I only installed tor manually. Plus you have to edit the torrc file manually. Then cat the hostname files to see what the .onion hostnames are. tor has to be running on the server for it to work. Other than that I added the onion sites inside ISPConfig admin panel If you want to add an aliasdomain to an existing ISPConfig site ISPConfig > Sites > Aliasdomain for website > Add new Aliasdomain Domain: 3HMeFFntBCqGiIcVIquQEL99jaQh5eOcYJWNqVAG.onion Parent Website: example.com Redirect Type: No Redirect Redirect Path: Auto-Subdomain: None <- You don't need or want www here SEO Redirect: No redirect Don't add to Let's Encrypt certificate: Checked <- for real, check this Active: Checked SAVE Of if you want to make a standalone onion site in ISPConfig ISPConfig > Sites > Add new website Server: ispconfig.com Client: Server Name :: Last (first, C1) IPv4Address: * IPv6-Address: Domain: 3HMeFFntBCqGiIcVIquQEL99jaQh5eOcYJWNqVAG.onion Auto-Subdomain: None <- you don't need or want www here SSL: UNCHECKED <- No SSL for onion sites Let's Encrypt SSL: UNCHECKED <- Let's Encrypt does not support onion sites Active: Checked SAVE
