I recently spun up a .onion mirror of this website.
我最近搭建了这个网站的.onion 镜像。
Why? Because why not. And also because I can. Oh, and free speech and anti-censorship and all that jazz.
为什么?因为为什么不呢。还有,因为我可以。哦,还有言论自由、反审查等等。
I'd like to pretend that it was some grand technological challenge, but if I'm being entirely candid, it was like 3 commands and 4 lines of configuration.
我想假装这是一项伟大的技术挑战,但如果我完全坦诚,它就像 3 个命令和 4 行配置。
If you, too, would like to become a member of the dark web, here's how I did it:
如果你也想成为暗网的一员,这是我的做法:
0. Prerequisites # 0. 前提条件 #
Before we jump into the "how" of it all, I should probably provide a brief overview of what my stack looked like before I entered The Onionverse:
在我们深入“如何”之前,我可能应该先简要介绍一下在我进入 Onionverse 之前我的堆栈是什么样的:
Web Server: I've been using Caddy for a few years now, because it's significantly easier to configure than Nginx or Apache, and it has first-class support for modern web features like automatic HTTPS via Let's Encrypt.
Web 服务器:我已经使用 Caddy 几年了,因为它比 Nginx 或 Apache 配置起来容易得多,并且它对现代 Web 功能(如通过 Let's Encrypt 的自动 HTTPS)提供了一级支持。Hosting: My site is hosted on a VPS from DigitalOcean, which gives me full control over the server environment. It's supposed to cost $4/mo, but I'm taking some classes at Ye Olde Community College, so I have a few years of credits to cover the cost.
托管:我的网站托管在 DigitalOcean 的 VPS 上,这让我可以完全控制服务器环境。它本应每月花费 4 美元,但由于我在 Ye Olde Community College 上了一些课程,所以我有一些学分可以用来支付费用。Operating System: My server runs Debian. I like Debian. If you aren't using an apt-based distro, then you'll need to adjust the package installation commands accordingly (but the Tor and Caddy configurations should be the same).
操作系统:我的服务器运行的是 Debian。我喜欢 Debian。如果你没有使用基于 apt 的发行版,那么你需要相应地调整包安装命令(但 Tor 和 Caddy 的配置应该是相同的)。
1. Install Tor # 1. 安装 Tor #
First things first, we need to install Tor. On Debian, it's right in the default repositories:
首先,我们需要安装 Tor。在 Debian 上,它就在默认仓库中:
sudo apt update
sudo apt install tor
2. Configure Tor # 2. 配置 Tor #
Next, we need to configure Tor to create a hidden service for our website. Open the Tor configuration file (/etc/tor/torrc) in your favorite CLI text editor (it better be vim, or you are dead to me). I have no interest in running a relay or exit node on my VPS, so I made some minimal changes to the config file, which should look something like this (comments removed for clarity):
接下来,我们需要配置 Tor 以创建一个为我们网站创建隐藏服务。用你喜欢的 CLI 文本编辑器打开 Tor 配置文件( /etc/tor/torrc )。最好是 vim ,否则你就没救了。我对在我的 VPS 上运行中继或出口节点没有兴趣,所以我对该配置文件做了一些最小修改,配置文件应该看起来像这样(为了清晰起见,已移除注释):
# Disable SOCKS proxy since we aren't making outbound connections
# through Tor
SocksPort 0
# Make sure Tor runs as a daemon (i.e. in the background)
RunAsDaemon 1
# Setup the hidden service on port 80, this is where we tell Tor to
# create a .onion service for our web server
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80
# Disable inbound connections, since we aren't running a relay or
# exit node
ORPort 0
# Disable directory services, since we won't be mirroring directory
# information to other Tor nodes
DirPort 0
That's it. Everything else should be commented out using # characters.
就这样。其他所有内容都应该使用 # 字符注释掉。
3. Restart Tor # 3. 重启 Tor
Now we need to restart the Tor service to apply our changes:
现在我们需要重新启动 Tor 服务以应用我们的更改:
sudo systemctl restart tor
4. Get Your .onion Address #
4. 获取您的 .onion 地址 #
After Tor restarts, it will generate a new hidden service for us. We can find our new .onion address in the HiddenServiceDir we specified earlier (/var/lib/tor/hidden_service/). This directory is only readable by the debian-tor user, so we'll need to use sudo to read the hostname file inside:
Tor 重新启动后,将为我们的隐藏服务生成一个新的地址。我们可以在之前指定的 HiddenServiceDir 中找到我们的新 .onion 地址( /var/lib/tor/hidden_service/ )。此目录只能由 debian-tor 用户读取,因此我们需要使用 sudo 来读取其中的 hostname 文件:
sudo cat /var/lib/tor/hidden_service/hostname
What will be printed to the terminal is your new .onion address. It should look something like this:
终端将打印出您的新.onion 地址。它看起来可能像这样:
jytkco7clxwj4hhzaydhk4kr3hwzsdzyvtsc6zn2ivog5uma5pxowzad.onion
5. Configure Caddy # 5. 配置 Caddy
My Caddy server serves my website on port 80 without any IP or domain restrictions, so I don't need to make any changes to my Caddy configuration, however if you explicitly set up your Caddy server to only respond to certain domains or IP addresses, you'll need to add a new site block for your .onion address, which will look something like this:
我的 Caddy 服务器在 80 端口上提供服务,没有 IP 或域名限制,因此我无需对我的 Caddy 配置进行任何更改,但是如果您明确设置了您的 Caddy 服务器只响应某些域名或 IP 地址,您需要为.onion 地址添加一个新的站点块,它看起来可能像这样:
http://jytkco7clxwj4hhzaydhk4kr3hwzsdzyvtsc6zn2ivog5uma5pxowzad.onion:80 {
# Set up a reverse proxy, or serve static files, etc.
}
Because you can't get HTTPS certificates for .onion addresses, you'll need to serve your site over plain HTTP. I'm not sure if this is generally considered acceptable within the Tor network (maybe one of my tens of readers can enlighten me), but I don't require HTTPS for my site anyway, so it works for my purposes.
由于您无法为.onion 地址获取 HTTPS 证书,您需要通过纯 HTTP 来提供服务。我不确定这在 Tor 网络中是否通常被认为是可接受的(也许我的几十位读者中有人可以 enlighten 我),但我的网站本身就不需要 HTTPS,所以这对我的目的来说就足够了。
Update (2025-10-31): 更新(2025-10-31):
I received an email yesterday from immibis with some additional information about how Tor actually works, so I thought I'd share for anyone else who is also just dipping their toes into the onion:
我昨天收到了 immibis 的一封电子邮件,其中包含了一些关于 Tor 实际工作方式的额外信息,所以我想分享给其他刚刚接触洋葱路由的人
This is considered perfectly acceptable. Tor already provides encryption between the end user's Tor daemon and your own, which is at least as good as TLS.
这被认为是完全可接受的。Tor 已经为终端用户的 Tor 守护进程和您自己的之间提供了加密,这至少和 TLS 一样好。The address is linked to the private key - which is also found in your hidden service directory next to the hostname - forever and always. Anyone who knows the private key of a .onion address can impersonate it, and anyone who doesn't know it, can't.
地址与私钥绑定——私钥也位于你的隐藏服务目录中,紧邻主机名——永远不变。任何知道.onion 地址私钥的人都可以冒充它,而不知道的人则不能。
6. (Optional) Advertise Your .onion Address #
6. (可选)推广你的.onion 地址#
If you want people to find your .onion site, you'll need to advertise it somewhere. I'm a fan of subtlety, so I set up an Onion-Location header on my main site that points to my .onion address. This way, anyone visiting my regular site with a Tor-enabled browser will automatically be informed of the existence of my .onion mirror without any intrusive pop-ups, banners, or additional UI elements.
如果你想让人找到你的.onion 网站,你需要将它推广到某个地方。我是个喜欢低调的人,所以我在我主网站上设置了一个 Onion-Location 标题,指向我的.onion 地址。这样,任何使用 Tor 浏览器访问我的常规网站的人都会自动得知我的.onion 镜像的存在,而无需任何侵入性的弹出窗口、横幅或额外的 UI 元素。
To do this, you'll want to add a header to your main Caddy site block like so:
要实现这一点,你需要在你的主 Caddy 网站块中添加一个标题,如下所示:
header {
Onion-Location http://jytkco7clxwj4hhzaydhk4kr3hwzsdzyvtsc6zn2ivog5uma5pxowzad.onion{uri}
}
The reason I tack on that {uri} at the end is so that if someone visits a specific page on my main site (e.g. https://flower.codes/some-post), the Onion-Location header will point them to the equivalent page on my .onion site (http://jytkco7clxwj4hhzaydhk4kr3hwzsdzyvtsc6zn2ivog5uma5pxowzad.onion/some-post), which (at least to me) adds some polish to the experience.
我在结尾添加 {uri} 的原因是,如果有人访问我的主站上的特定页面(例如 https://flower.codes/some-post ), Onion-Location 标题将引导他们访问我的.onion 站点上的对应页面( http://jytkco7clxwj4hhzaydhk4kr3hwzsdzyvtsc6zn2ivog5uma5pxowzad.onion/some-post ),这对(至少对我来说)增加了些体验的精致度。
7. Profit! # 7. 利润!#
Just kidding. 开玩笑的。
At this point, your .onion mirror should be up and running. You can test it out by visiting your .onion address in any Tor-enabled browser (like the Tor Browser or even Brave, which has built-in Tor support).
此时,您的.onion 镜像应该已经启动并运行。您可以通过在任何支持 Tor 的浏览器(如 Tor 浏览器或内置了 Tor 支持的 Brave)中访问您的.onion 地址来测试它。
--
If you like this post or one of my projects, you can buy me a coffee, or send me a note. I'd love to hear from you!
如果你喜欢这篇帖子或我的某个项目,你可以给我买杯咖啡,或者给我发个信息。我很乐意收到你的来信!
- 我的微信
- 扫一扫微信,添加好友
- 我的微信公众号
- 关注公众号,了解最新动态
