The super easy and quick way to setup your web presence on the Tor network using NGINX's proxy_pass directive inside a Docker container.
- Setup the proxy server at the first time
docker run --restart=unless-stopped --rm --name tor-nginx-proxy -e "NGINX_PORT=80" -e "NGINX_PROXY_URL=<YOUR_APP_URL>" -p 3000:80 -v "/absolute/path/to/volume/dir/on/host/tor:/var/lib/tor/" harshitbudhraja/tor-nginx-proxy:latest
- With parameter
--restart=unless-stopped
the container will always restart on daemon startup or when it fails unexpectedly, unless it's explicitly stopped. --rm
parameter tells the docker daemon to remove dangling containers associated with this service once they're stopped.- Environment variable
NGINX_PORT
: Use NGINX port80
inside the docker container to listen to, do not change it unless you know the implications. - Environment variable
NGINX_PROXY_URL
: Here's where you configure your proxy pass. When a request arrives to the container which is running over the tor network through tor-nginx-proxy, it proxies those requests to your application which must be accessible over the url you provide. (Tip: don't forget to include the protocolhttp://
orhttps://
and the port that your application is serving from). - Port mapping
3000:80
is optional. You might want to access the proxied service in some cases. - Volume mount to
"/absolute/path/to/volume/dir/on/host/tor:/var/lib/tor/"
is necessary, as this will help you persist your vanity .onion url across multiple deployments of your proxy.
If you have already set up the instance before (not the first time) but it's in a stopped state, you can just start it instead of creating a new one:
docker start tor-nginx-proxy
- Make sure it's running, it usually takes a short time to bootstrap
Tor
:
$ docker logs tor-nginx-proxy
.
.
.
Jan 10 01:06:59.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Jan 10 01:07:00.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jan 10 01:07:02.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jan 10 01:07:02.000 [notice] Bootstrapped 100%: Done
-
Once you see that Tor is bootstrapped in your container logs, you can get the vanity .onion url on which your proxy is serving from the file by reading it in any editor or terminal itself:
cat /absolute/path/to/volume/dir/on/host/tor/hidden_service/hostname
. -
Finally, open up the Tor Browser and head over to your .onion link to check if it's working.
- Create a new directory with a name of your choice and navigate inside it:
mkdir tor-nginx-proxy && cd tor-nginx-proxy
- Download the
docker-compose.yml
:
Using curl:
curl https://raw.githubusercontent.com/harshit-budhraja/tor-nginx-proxy/master/docker-compose.yml --output docker-compose.yml
Using wget:
wget -O docker-compose.yml https://raw.githubusercontent.com/harshit-budhraja/tor-nginx-proxy/master/docker-compose.yml
-
Modify value for the environment variable
NGINX_PROXY_URL
to configure your proxy pass url. When a request arrives to the container which is running over the tor network through tor-nginx-proxy, it proxies those requests to your application which must be accessible over the url you provide. (Tip: don't forget to include the protocolhttp://
orhttps://
and the port that your application is serving from). -
Bring the service up:
docker-compose up
. This will start the service in an attached-state with your terminal. What this means is that the moment you press Ctrl+C, the service shuts down. To start the service in a detached-state, use the-d
parameter with the command like:docker-compose up -d
. -
Make sure it's running, it usually takes a short time to bootstrap
Tor
:
$ docker-compose logs
.
.
.
Jan 10 01:06:59.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Jan 10 01:07:00.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jan 10 01:07:02.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jan 10 01:07:02.000 [notice] Bootstrapped 100%: Done
.
.
.
-
Once you see that Tor is bootstrapped in your container logs, you can get the vanity .onion url on which your proxy is serving from the file by reading it in any editor or terminal itself:
cat /absolute/path/to/volume/dir/on/host/tor/hidden_service/hostname
. -
Finally, open up the Tor Browser and head over to your .onion link to check if it's working.
NOTE: Do not remove or alter the contents of the /absolute/path/to/volume/dir/on/host/tor/
directory while the service is running, as this is directly mounted to your container.
tor-nginx-proxy
supports custom onion urls out-of-the-box. Just replace the contents of /absolute/path/to/volume/dir/on/host/tor/hidden_service/
with your own hostname
, public key
and private key
binaries and restart the container.
As Tor is moving towards v3 .onion urls, it's advised to use tools like mkp224o which helps you generate the new, longer and secured .onion urls.
For the Tor project sustainability, I strongly encourage you to help setup Tor bridges/exit nodes(script) and donate money to the Tor project (Not this nginx-proxy project) as and when you have the ability/capacity!