Fijxu/website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
website/content/blog/nginx-tor-subdomain/index.md
Fijxu cad3b8061f
update
2025-02-27 17:50:45 -03:00

2.4 KiB
Raw Blame History

title date
How to host subdomains on Tor hidden services with NGINX 2025-01-05T00:20:00-03:00

How to host subdomains on Tor hidden services with NGINX

have you ever wondered on how to host more than one service on the same onion address? Subdomains (or 3rd level FQDN) are also supported on Tor and it's really simple to set it up.

Take a look at this NGINX server block:

upstream some-upstream {
	server 127.0.0.1:6969;
}

server {
        server_name
                example.nadeko.net
                example.nadekobxalvyqrhvp3m2atfgdmzp5vcwdmu3wo4htecwjkodancfmgid.onion;

        location / {
                proxy_pass http://some-upstream;
        }

		listen 80;
		listen 443 ssl;
		listen 127.0.0.1:4080;
}

As you can see, there is a example.nadekobxalvyqrhvp3m2atfgdmzp5vcwdmu3wo4htecwjkodancfmgid.onion on the server_name directive. example will be the subdomain of your hidden service, you will also need to listen to another port without ssl, listen 4080 does that.

Now, just modify the directive HiddenServicePort on /etc/tor/torrc to something like this:

HiddenServiceDir /var/lib/tor/nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion
HiddenServicePort 80 127.0.0.1:4080

Restart Tor with systemctl restart tor and reload the nginx configuration using nginx -t to check the configuration and nginx -s reload if the configuration check failed.

And done, you should now be able to access example.nadekobxalvyqrhvp3m2atfgdmzp5vcwdmu3wo4htecwjkodancfmgid.onion trough Tor and it will lead you to the service that you want to access.

Side note: To prevent the duplication of listen directives on all your server blocks, you can make use of the includes directive:

server {
        server_name
                example.nadeko.net
                example.nadekobxalvyqrhvp3m2atfgdmzp5vcwdmu3wo4htecwjkodancfmgid.onion;

		include configs/listen.conf; <-----

        location / {
                proxy_pass http://some-upstream;
        }
}

That will load the directives that are inside /etc/nginx/configs/listen.conf. Inside configs/listen.conf, you can insert this:

listen 80;
listen 443 ssl;
listen 127.0.0.1:4080;

Now if you use include configs/listen.conf on your server blocks, those directives will be included on that server block (obviously).