How to Host a Website in Ubuntu Using Tor

Host Tor Website Linux 00 Featured Image

The Tor network is a revolutionary piece of software. With a single program, it is now possible to browse and view the Web anonymously. This makes Tor an essential tool for users who want to preserve their privacy when browsing a website. It is also possible to use Tor for hosting a local web server online to make it incredibly helpful for privacy-conscious users who want to share information publicly without revealing themselves.

Note: find out what Tor and onion routing are first before you proceed.

Why Host Your Website Over Tor?

One of the biggest advantages of hosting over Tor is that its connection also goes through intermediary nodes similar to the Tor Browser. A visitor checking out your website will not be able to know where you are hosting it from.

Host Tor Website Linux 02 Intermediary Nodes

Aside from that, you also do not need to forward any ports to make your Tor-only website work. This makes hosting simple and accessible even in highly restricted networks. For example, a machine under a Carrier-Grade NAT network can still publish a website directly through Tor.


Before you can install both Nginx and Tor, you need to first make sure that you have the following resources ready:

  • An Internet connection that does not restrict Tor for both incoming and outgoing requests. This allows you to broadcast your website through the Tor network.
  • A machine that can handle the website you are hosting. In most cases, a dual core desktop with 4GB of RAM should be enough for a basic website.
  • Root access to your hosting machine, as configuring Tor requires you to access system files.

The below image shows how to host an Nginx Tor-only website on an Ubuntu 22.04 LTS machine.

Host Tor Website Linux 03 Neofetch Ubuntu Machine

Installing Nginx and Tor

Open a terminal. Type the following command to install Nginx and Tor:

sudo apt install nginx tor wget
Host Tor Website Linux 05 Download Packages

Configuring Firewall

Once you have installed both packages in your system, you can secure your server by configuring your firewall to only accept incoming connections from the Tor network by typing the following commands in the terminal:

sudo iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo iptables -I INPUT -m state --state NEW -p tcp --dport 9050 -j ACCEPT
Host Tor Website Linux 06 Create Firewall Rules

The first two commands open both the HTTP and HTTPS ports in your system, while the last command explicitly opens the SOCKS port for the Tor network. This approach ensures that Tor will be able to properly redirect any traffic that is going to your machine.

Creating a Tor Service for Your Website

Next, you need to create a hidden service entry for your web server. This is a service-specific configuration that will allow you to broadcast in the Tor network.

First, switch to your root account. You can do that by running the following command:

sudo -i
Host Tor Website Linux 07 Switch To Root

Once you are inside root, create your hidden service by editing the “/etc/tor/torrc” file. In my case, I am opening this file through GNU Nano.

nano /etc/tor/torrc
Host Tor Website Linux 08 Torrc File

Find the “location-hidden services” section by pressing Ctrl + W, then typing “location-hidden.”

Host Tor Website Linux 09 Torrc Hidden Services

You will see a couple of examples that demonstrate how to create your own Tor hidden service. For the most part, however, you only need to set two options: HiddenServiceDir and HiddenServicePort.

The HiddenServiceDir option tells Tor where it should save the configuration files for your hidden service. The HiddenServicePort option tells Tor how it should redirect any requests to your hidden service.

The following lines of code will create a new hidden service for your webserver:

HiddenServiceDir /var/lib/tor/nginx-tor-service/
HiddenServicePort 80
HiddenServicePort 443
Host Tor Website Linux 10 Torrc Create New Hidden Service

Reload the Tor daemon to apply your new settings by running the following commands:

systemctl enable tor
systemctl restart tor

Tip: learn how to use Tor with your VPN connection.

Creating a Simple Website Using Nginx

Once a Tor hidden service is up and running, start setting up your webserver. Create a new configuration file through the touch command:

sudo touch /etc/nginx/sites-available/nginx-tor-service
Host Tor Website Linux 11 Create New Nginx Server

Edit your new Nginx configuration file as a basic web server. For example, the following block of code will deploy a simple web server at port 80:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        root /var/www/html;
        server_name 4tth4kzmipldb5elklravakdwlnte3ck6m5ahl73nfbe6ni67zmyvxyd.onion;
        location / {
                    try_files $uri $uri/ =404;
  • The two listen variables set both the ports and host that this server configuration should listen to. In this case, Nginx listens at port 80 on both IPv4 and IPv6.
  • The root variable sets the location where Nginx will look for the files on your webserver.
  • The server_name variable contains the domain name of your server. Find it by running sudo less /var/lib/tor/nginx-tor-service/hostname.
  • The location variable contains functions on how Nginx deals with the files in your website’s root. In this example, it only sets the 404 error for any missing files.
Host Tor Website Linux 12 Sample Server Configuration

Create a symbolic link for your new configuration file to “/etc/nginx/sites-enabled.”

sudo ln -s /etc/nginx/sites-available/nginx-tor-service /etc/nginx/sites-enabled/

Lastly, enable your new website by restarting Nginx:

sudo systemctl enable nginx
sudo systemctl restart nginx
Host Tor Website Linux 13 Nginx Running

Accessing Your Website Over Tor

With both Tor and Nginx up and running, check whether your website is accessible from the Tor network. (Need to find more websites in the dark web? Check out these search engines.) First, download the latest Tor browser binary:

Host Tor Website Linux 14 Download Tor Browser

Extract the browser’s files in the current directory by running the following command:

tar xvf ./tor-browser-linux64-11.5.7_en-US.tar.xz
cd ./tor-browser_en-US
Host Tor Website Linux 15 Extract Tor Browser

Also, make sure that the Tor browser binary has the right execution bits:

sudo chmod +x ./start-tor-browser.desktop

Run and install Tor Browser on your machine by running the following command:

./start-tor-browser.desktop --register-app
Host Tor Website Linux 16 Tor Browser Running

Lastly, browse to your new Tor website by typing its domain name in the address bar.

Host Tor Website Linux 17 Tor Website Running

Frequently Asked Questions

Is it possible to host a game server using Tor?

Yes, but running a Tor game server will result in a very poor gaming experience. For example, running a Minetest server over Tor will have a latency between 1000 and 5000 milliseconds.

While there are ways to speed up your Tor connections, the developers of Tor did not design the network to work in low-latency applications. Because of that, Tor is mostly helpful in publishing webpages and applications that do not depend on low latency.

I am trying to host an FTP website but can't access it through Tor.

This issue is most likely due to a missing configuration in the “/etc/tor/torrc” file. To properly host a new service over Tor, make sure that the proper ports are open both in your firewall and torrc.

For example, add HiddenServicePort 21 and HiddenServicePort 22 to create an open FTP and SFTP port in your machine.

Is it possible to host my website over SSL in Tor?

It is important to note that SSL is not a hard requirement when securing your Tor website. By default, Tor already encrypts your connections as soon as you load the Tor browser, so any website you visit on Tor is end-to-end encrypted.

If you want, obtain an SSL certificate for your Tor website, though the process can be tricky, as there are only a handful of certificate authorities that actively issue TLS for .onion domains.

Image credit: Unsplash. All alterations and screenshots by Ramces Red.

Ramces Red
Ramces Red

Ramces is a technology writer that lived with computers all his life. A prolific reader and a student of Anthropology, he is an eccentric character that writes articles about Linux and anything *nix.

Subscribe to our newsletter!

Our latest tutorials delivered straight to your inbox