*The original post used the “Enterprise onion toolkit”. EOTK was archived in 2021 I have since started using Onion Spray, a fork of EOTK. I've updated the guide to reflect this.*

More Tor fun. I’ve covered hosting on the Tor network in a previous post, but that post is focused on hosting your .onion site on the same server that is hosting your website via a nginx proxy. I'll be using a tool called Onion Spray in this guide.

This guide is focused on setting up a Debian based distribution but can be set up on a fair amount of platforms like a Raspberry Pi and macOS. Since Raspbian is Debian based, it should translate over fairly well, but I have not tested this on a Raspberry Pi. I also assume some familiarity with a command line. If you need uptime and bandwidth, consider a cheap and preferably anonymous VPS that can take Bitcoin or Monero. Some hosts frown on hosting TOR traffic, so check their policy while shopping around.

How It Works

Onion Spray takes an existing site and serves a copy of the site to an onion address. It sits in between your site and TOR allowing users to reach it.

INSTALLING

Ok, you're up and running and ready to go if not... check out this post if you need a hand getting a Debian based server set up. Navigate where you want the project and clone the package with:

git clone https://gitlab.torproject.org/tpo/onion-services/onionspray.git

then navigate to the directory:

cd onionspray

Run:

./opt/build-debian-bookworm.sh

This will take a little while to install. Go stretch or something. Once its done we need to generate some files. Run :

./onionspray make-scripts

Take some time to read these files. You still should be in the ~/onionspray file path so after the last command is done type :

ls -a

This should show you a mess of files. The ones you're after are:

onionspray-housekeeping.sh

onionspray-init.sh

View them with “cat file-name”Each file asks you to do a few things. onionspray-init.sh asks you to run something like :

sudo cp onionspray-init.sh /etc/init.d && sudo update-rc.d onionspray-init.sh defaults

Go ahead and run it. It copy's the onionspray-init.sh file in the proper place and updates your services. Next the housekeeping file wants you to add something to your crontab. You should have seen something like this in your house keeping file copy whats there.

00 08 * * 1 exec /home/you_user/onionspray/onionspray-housekeeping.sh

Open your users Cron jobs with :

crontab -e

Paste that line. this will make sure the housekeeping file is ran periodically. (At 08:00 AM, only on Monday to be specific).

One last thing to make Onion Spray a lot more easy to use after the install. Lets add it to your shell.

nano ~/.bashrc

Addthis to the file:

export PATH=$PATH:/path/to/onionspray

HitCTL+S and CTL+X to save and exit. Run:

source ~/.bashrc

You should be able to just use “onionspray” instead of using “./”or using the full file path to call the script.

Site Setup

Now its time to start feeding Onion Spray sites to mirror. Start by making a file named after your project (site) you want mirrored in the ~/onionspray folder. To make the file:

nano your_project.tconf

then go ahead and enter into your new conf file:

set project your_site

hardmap %NEW_V3_ONION% your_website.com

hit CRL+S to save then CTL+X to get out of there, next run:

onionspray config your_project.tconf

This will generate your .onion address. Save that address for later. At this point, you don’t need the conf file you just ran. You can remove it or not, but I prefer less clutter in my files.Start the project :

onionspray start your_project

Now copy and paste that saved Tor address into your Tor browser and you’ll more than likely see a “security risk ahead” warning. This because modern browsers demand SSL but its not strictly necessary for .onion sites. But you can click Advanced > proceed to url_of_site.onion to see your site.

Custom Address

Wanna flex a custom address or already have one mined? You can do that in onion spray by swapping out the keys in the “secrets” folder in ~/onionspray/yourproject/secrets and re-configuring a project. Onion Spray has its own format for storing secret keys. If you used a tool like mkp224o in the directory that has your newly made keys run:

./onionspray/lib/rename-v3-keys-for-onionspray-secrets.sh

this makes the .v3pub and .v3sec keys that you need to put in the secrets folder. In the file your_project.conf replace the long string of numbers with your onion address minus the .onion. Then once the keys are in the secrets folder and the onion address is replaces run the conf again with

onionspray conf yourproject.conf 

then start the project and you should be good to go.

Afterthoughts

There you have it. You should be off and running with Onion Spray. I find it to be a much easier way to get your presence on the tor network fairly fast, especially if you have more than one site or a massive site.
‍
Tell next time.