[tor-talk] Making Apache server talk to the Tor network?
akademiker1 at googlemail.com
Sat Nov 29 14:29:27 UTC 2014
You probably want your apache to download files from hidden service or web
via exit nodes transparently. I advice you to create a virtual machine for
the apache server, which has a network interface shared with the host.
For the apache vm use 10.192.0.10/255.255.0.0 with 10.192.0.1 as a gateway
On the hosts vm-shared interface use 10.192.0.1/255.255.0.0 without
gateway or dns.
Now install tor on the host and add following to torrc:
DNSPort 0.0.0.0:9053 VirtualAddrNetworkIPv4 10.192.0.0/16
Now you need some iptables on the host:
#redirects all dns packets to our tor-dns-port, udp is stateless, so no NAT
iptables -t nat -A PREROUTING -i myvlan0 -p udp --dport 53 -j REDIRECT
#allow input on myvlan0:9040
iptables -A INPUT -i myvlan0 -p tcp --dport 9040 -j ACCEPT
#NAT all tcp connections coming from the vm to port 9040
iptables -t nat -A PREROUTING -i myvlan0 -p tcp --syn -j REDIRECT
Now your vm will communicate with the internet only via Tor, without
knowing about it, so in case of a compromise the apache vm won't disclose
your servers IP. You can now add a hidden service to the hosts torrc
asdfghj.onion:80 to 10.192.0.10:80.
This is a setup used in dark markets which are still successfully
operating. You shouldn't use apache though.
A bad practice would be to install torsocks and start apache with
torsocks apache -c someconfig --otherparams
This will leak IPs left and right, wont allow onion domains and in case of
a compromise your IP is disclosed.
On Nov 29, 2014 1:27 AM, "Cypher" <cypher at cpunk.us> wrote:
> Does anyone know of a way to make the Apache webserver talk to the Tor
> network? Specifically, I'm wanting to do proxing over Tor and am not
> sure how to make the server have access to Tor.
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
More information about the tor-talk