+++ title = "Clearnet -> Onion Website" date = 2019-07-08T12:00:00+02:00 author = "MH" cover = "" tags = ["Tor", "Setup", "Concept", "Proxy", "socat", "nginx"] description = "Why not have a hidden service on a normal Site?" showFullContent = false draft = false +++ Say we like to share an onion site on the clearnet. It's address is ```a1b2c3d4e5f6.onion``` and you are on a linux server. First install nginx and tor. ``` apt install -y nginx tor systemctl start tor ``` lets change the nginx config: ``` echo 'server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; server_name _; location / { proxy_pass http://127.0.0.1:8283; proxy_set_header Host "a1b2c3d4e5f6.onion"; proxy_set_header Accept-Encoding ""; proxy_set_header Via "$host"; subs_filter 'a1b2c3d4e5f6.onion' "$host"; } }' > /etc/nginx/sites-enabled/default ``` and extend the tor config ... ``` echo 'DNSPort 53 AutomapHostsOnResolve 1' >> /etc/torrc ``` change the dns servert to localhost: ``` echo 'nameserver 127.0.0.1' > /etc/resolv.conf ``` Then create a script caled ```/opt/http2socks.sh```: ``` #!/bin/bash onion="a1b2c3d4e5f6.onion:80" proxy_http_2_socks5.sh:socat tcp4-LISTEN:8283,reuseaddr,fork,keepalive,bind=127.0.0.1 SOCKS4A:127.0.0.1:"$onion",socksport=9050 & ``` add this script to the startup by add an line with ```crontab -e```: ``` @reboot /opt/http2socks.sh ``` now start it all: ``` systemctl restart tor /opt/http2socks.sh systemctl restart nginx ``` now you shoud have the hidden service on your 80 port visible for everyone. of course you can extend the nginx config to ask for a login before: add ``` auth_basic "Restricted Content"; auth_basic_user_file /etc/nginx/.htpasswd; ``` to the ```location / {...}``` block ``` and enerate the password file: echo -n 'user:' >> /etc/nginx/.htpasswd openssl passwd -apr1 >> /etc/nginx/.htpasswd systemctl restart ngin ``` These are just ideas why I'm not responsible if someone has questionable content now available on the net. :D