Following on from - Guide: host your own .onion site using nginx and Tor
This guide will be in 2 parts; first we learn how to create a vanity .onion address. Second we transfer this address to another server.
Unfamiliar with the inner workings of Tor? Read here
For demonstration purposes, we have two servers - WebonTor & NewTor.
Simple enough to differentiate.
First section - Over to the terminal
With Tor and nginx already configured. Let's proceed to create a vanity .onion address.
Install gcc, libsodium-dev, make, autoconf - the relevant packages required
apt install -y git gcc libsodium-dev make autoconf
Use mkp2240 (to produce v3 addresses) and eschalot (to produce v2 addresses)
Fun fact: After various tests, I found mkp2240 much quicker - with the contributors regularly releasing commits. Kudos to the contributors, show some love.
For demonstration purposes. we'll create a vanity v3 address, let's proceed installing mkp2240
cd ~ && git clone https://github.com/cathugger/mkp224o.git
Now enter the directory. It's time to get stuck in
Configure the script
Please read OPTIMISATION.txt - No one likes wasted CPU cycles.
On our AMD processors - ./configure --enable-amd64-51-30k --enable-intfilter
If you're unsure on system hardware, kernel capabilities, please proceed with default
Recompile and make this installation yours.. (oh, what a pun!)
Before proceeding, generating a .onion address can be CPU intensive. Please avoid running this on VPS infrastructure without dedicated CPU.
For demo purposes we're using top-notch AMD EPYC.
Important - keep keywords simple, aim for less than 6 letters to produce (without consuming too many biscuits, waiting..)
Usage: ./mkp224o filter [filter...] [options] ./mkp224o -f filterfile [options] Options: -h - print help to stdout and quit -f - specify filter file which contains filters separated by newlines -D - deduplicate filters -q - do not print diagnostic output to stderr -x - do not print onion names -v - print more diagnostic data -o filename - output onion names to specified file (append) -O filename - output onion names to specified file (overwrite) -F - include directory names in onion names output -d dirname - output directory -t numthreads - specify number of threads to utilise -j numthreads - same as -t -n numkeys - specify number of keys (default - 0 - unlimited) -N numwords - specify number of words per key (default - 1) -z - use faster key generation method; this is now default -Z - use slower key generation method -B - use batching key generation method (>10x faster than -z, experimental) -s - print statistics each 10 seconds -S t - print statistics every specified ammount of seconds -T - do not reset statistics counters when printing -y - output generated keys in YAML format instead of dumping them to filesystem -Y [filename [host.onion]] - parse YAML encoded input and extract key(s) to filesystem -p passphrase - use passphrase to initialize the random seed with -P - same as -p, but takes passphrase from PASSPHRASE environment variable
We used: ./mkp224o chownio -t 40 -B -v -n 1 -d ~/onions
Filters for "chownio" -t 40 - uses 40 threads -B uses batching key generation (experimental) -v shows diagonstic data -n amount of keys produced (1) -d directory to store
Take the time to understand. Generic, not so harsh version:
Flick the kettle on. While you wait, hop on our new Tor address for demo and fun (woo!)
That's a mouthful, however native to chown (enough puns!)
Once complete cd into ~/onions
Here's an example of the contents
cd blahhblahhblah.onion && ls -al
We need to transfer the folder to NewTor -
Here's a visual showing SFTP
Second section - on NewTor configure Tor (damn, they're just coming to me!)
Here's a guide to host your own .onion site using nginx and Tor
Okay, now we're configured. Let's proceed to change the .onion web address
It's good practice to stop Tor communicating during the switch-over
service tor stop
Allow 30 seconds for Tor to softly close connections
ps aux | grep tor
Perfect! Great work. I'm curious, did you have a biscuit while you waited for your ideal vanity address? We're nearly at the end.. go grab another, once we've finished.
Let's transfer the contents of the blahhblahhblah.onion folder.
For purposes of demonstration we are placing files within:
Check folder contents
Rectify the permission issues. We need to chown and chmod.
If you enjoy learning - understand the difference in permissions using this clever calculator - https://chmod-calculator.com
chown debian-tor:debian-tor hostname hs_ed25519_public_key hs_ed25519_secret_key
Now - chmod please! General rule for Tor - 700 for folders, 600 for files
chmod 600 hostname hs_ed25519_public_key hs_ed25519_secret_key
Now to configure, Tor - if you haven't already
Add in, or modify your existing directory and ports
HiddenServiceDir /var/lib/tor/nginx/ HiddenServicePort 80 127.0.0.1:80
Exit and Save: CTRL + x + y | ENTER
service tor start
To check success: