Hosting this site on the Dark Web

It seems like something of a rite of passage for cybersecurity professionals to have a presence on the dark web. Since this site was always intended as a space to explore my interests and passion in this field, setting up an onion version of the GitBook felt like a natural next step.

If you're interested in viewing this site over Tor, it's available here: aj5odewu3ahr7skiz3g4wlm4wliskzdinyprmq5gzbz2fmov7hf37wad.onion

Objective

Given the use case and intended audience for this site, hosting a dedicated dark web version and syncing content to it is inefficient. This site serves static content only, so a simple reverse proxy via Nginx to the existing GitBook instance is sufficient.

The goal is to create a low-cost, low-maintenance .onion proxy to the public site. This approach is minimalistic, reliable, and surprisingly easy to set up.

Method

  1. Provision a Debian/Ubuntu VM. Any cloud provider will suffice. For this example, I used Google Cloud’s free tier to spin up a Debian VM.

  2. Update and upgrade the machine sudo apt update && sudo apt upgrade -y, then configure automatic updates:

sudo apt install unattended-upgrades apt-listchanges
sudo dpkg-reconfigure --priority=low unattended-upgrades

Be sure to change configurations files of the auto update packages to suit the sites target uptime and risk appetite.

  1. Install Tor:

sudo apt install tor

  1. Edit Tor's configuration file /etc/tor/torrc with the following:

HiddenServiceDir /var/lib/tor/proxy_service/
HiddenServicePort 80 127.0.0.1:8080

  1. Install Nginx web server:

sudo apt install nginx
sudo systemctl start nginx

  1. Configure server to handle incoming traffic and redirect to target site. Create the file: /etc/nginx/sites-available/tor_proxy

server {
    listen 127.0.0.1:8080;

    server_name localhost;

    location / {
        proxy_pass https://blog.jake.sc;
        proxy_set_header Host blog.jake.sc;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_ssl_server_name on;

        proxy_connect_timeout 10s;
        proxy_read_timeout 30s;
    }
    allow 127.0.0.1;
    deny all;
}

  1. Enable the configuration:

sudo ln -s /etc/nginx/sites-available/tor_proxy /etc/nginx/sites-enabled/

  1. Check for errors:

sudo nginx -t

  1. Reload Nginx:

sudo systemctl reload nginx
sudo systemctl enable nginx

  1. Start and enable Tor:

sudo systemctl restart tor
sudo systemctl enable tor

  1. Obtain the sites .onion domain:

sudo cat /var/lib/tor/hidden_service/hostname

Once this setup is complete, your .onion domain will act as a dark web mirror of your GitBook site via reverse proxy. It’s a simple and effective way to maintain a dark web presence with minimal overhead.

Last updated