MayVaneDay Studios

Archive ⋙ Tutorials 


How to create a Tor hidden service website on Caddy on Devuan

last updated: 1-31-2020


  1. Install Tor.

sudo apt install tor

  1. Install the Caddy web server.

curl | sudo bash -s personal

(Please note that this will install Caddy without any plugins. This is fine for this tutorial. If you know you need certain plugins, go to the Caddy build page and download from there.)

  1. Edit /etc/tor/torrc to create the hidden service.

Open /etc/tor/torrc in your favorite text editor. (Please note that this usually requires root privileges.)

Go to the lines that say:

#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80

Uncomment them by deleting the # mark in front of each line.

If you want, you can change the HiddenServiceDir directory, but you will need to remember it for later. For security purposes, keep the new directory inside of /var/lib/tor/.

  1. Restart the Tor service.

sudo service tor restart

(If you're following this tutorial on mainline Debian instead, if sudo systemctl restart tor doesn't work, you might need to reboot your server for changes to take effect.)

  1. As root, go to the hidden service directory and get the new hidden service's domain.

sudo -i

cd /var/lib/tor/directory/

Replace "directory" with the actual directory you chose in step 3.

cat hostname

If all is well, you should now see a long string of letters and numbers that ends in ".onion". Copy this somewhere safe. You'll need it next step.

  1. Configure Caddy to serve the hidden service.

Open a new file called "Caddyfile" (no file extension) with your favorite text editor. I recommend doing this in your home directory.

Type the following in:

http://YourTorHostnameHere.onion {
    root /your/website/file/path/here

The "http://" in front of the address is important as that tells Caddy to not try to enable HTTPS on that domain. HTTPS is unnecessary for Tor hidden services as all traffic to and from the server is already encrypted in transit. And since Tor hidden services aren't accessible on the normal clearnet, the request for Let's Encrypt to give Caddy a certificate would fail as they wouldn't be able to access the domain.

  1. Give Caddy permissions to listen on port 80 without root privileges.

which caddy

You should then get a directory to the Caddy executable.

sudo setcap cap_net_bind_service=+ep /path/to/caddy/executable

  1. Start Caddy.

Type caddy in the directory you saved your Caddyfile in.