[tor-talk] Making Apache server talk to the Tor network?

Akademika Aka akademiker1 at googlemail.com
Sat Nov 29 14:29:27 UTC 2014

You probably want your apache to download files from hidden service or web
via exit nodes transparently. I advice you to create a virtual machine for
the apache server, which has a network interface shared with the host.
For the apache vm use with as a gateway
and dns.
On the hosts vm-shared interface use  without
gateway or dns.
Now install tor on the host and add following to torrc:

DNSPort VirtualAddrNetworkIPv4
AutomapHostsOnResolve 1
TransPort 9040

Now you need some iptables on the host:
#redirects all dns packets to our tor-dns-port, udp is stateless, so no NAT
iptables -t nat -A PREROUTING -i myvlan0 -p udp --dport 53 -j REDIRECT
--to-ports 9053

#allow input on myvlan0:9040
iptables -A INPUT -i myvlan0 -p tcp --dport 9040 -j ACCEPT

#NAT all tcp connections coming from the vm to port 9040
iptables -t nat -A PREROUTING -i myvlan0 -p tcp --syn -j REDIRECT
--to-ports 9040

Now your vm will communicate with the internet only via Tor, without
knowing about it, so in case of a compromise the apache vm won't disclose
your servers IP. You can now add a hidden service to the hosts torrc
redirecting from
asdfghj.onion:80 to
This is a setup used in dark markets which are still successfully
operating. You shouldn't use apache though.

A bad practice would be to install torsocks and start apache with
torsocks apache -c someconfig --otherparams
This will leak IPs left and right, wont allow onion domains and in case of
a compromise your IP is disclosed.
On Nov 29, 2014 1:27 AM, "Cypher" <cypher at cpunk.us> wrote:

> Does anyone know of a way to make the Apache webserver talk to the Tor
> network? Specifically, I'm wanting to do proxing over Tor and am not
> sure how to make the server have access to Tor.
> Thanks!
> Cypher
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

More information about the tor-talk mailing list