how to host a tor hidden service with Caddy

dec 12 2021


Caddy is a great little webserver, and it can be easily adapted to work with Tor. here's how to do that. this tutorial assumes you already have a working Caddy webserver, and have Tor installed as well.

WARNING: this is not intended to be a high security solution. it is intended as a quick and easy way to allow tor users to get a bit more security when accessing your website. your website will still be compltely not-anonymous.

STEP 0 (optional): GET A CUSTOM DOMAIN

because of the way tor works, getting a vanity domain basically just involves brute forcing some hashes. this can be done rather easily using mkp224o. i'd recommend sticking to 6 or less characters, so you don't have to wait too long for this step. you will get a few files as an output; copy them to /var/lib/tor/hidden_service and make sure to note down what the hostname is.

STEP 1: CONFIGURING TOR

open up /etc/tor/torrc in your favorite text editor; you'll probably need to be root for this. uncomment these lines.

/etc/tor/torrc
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80

if you want to be fancy, or host multiple hidden services, you can change the HiddenSericeDir and HiddenServicePort, but you don't need to do it for a basic setup.

STEP 2: CONFIGURING CADDY

configuring caddy is also very simple, all you need to do is add a bit to your caddyfile. this is an example caddyfile, which mirrors your clearnet website as a hidden service, and advertises it to anyone who wants to browse your website via Tor. you can add more to it based off your current caddyfile. remember to replace the examples with your domain from earlier! if you forgot it, you can run cat /var/lib/tor/hidden_service/hostname to get it.

remember to http:// in front of the onion domains! this tells caddy not to try to get certificates for them, as Tor handles all the security stuff for us here.

/etc/caddy/Caddyfile
example.com {
	header Onion-Location http://example.onion{path}
	root * /var/www
	file_server
	}
}
                            
http://example.onion {
	root * /var/www
	file_server
	}

STEP 3: PUTTING IT ALL TOGETHER

at this point, everything should be set up properly, and you just need to reload the config files.

#!/bin/bash
$ sudo systemctl restart tor
$ sudo systemctl restart caddy

if you did everything correctly, you should be able to open your website in Tor Browser and be automatically redirected to an onion address!