What follows is a blow-by-blow guide for configuring a UNIX home computer (as a webserver) to host a site permanently on a hidden slice of the internet - sometimes referred to as: "the darknet" or "onionland". Lighttpd (pronounced "lighty") is an excellent web-server - due to its flexibility, blazing speed and support for SSI, CGIs and virtual hosts.
Grab the sources for lighttpd. The latest stable release is recommended: http://www.lighttpd.net/download. Download the sources with wget (or use a browser), then extract them.
$ cd ~/
$ wget http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.XX.tar.gz
$ tar xzvf lighttpd-1.4.XX.tar.gz
Move to the source directory.
$ cd ~/lighttpd-1.4.XX
Create a minimal "config.sh" script. The use of this script will facilitate upgrades (and/or the addition of compile options at a later date). In a text editor, add the following:
./configure \
"--prefix=$HOME/light" \
"--disable-ipv6" \
"--without-pcre" \
"--with-zlib" \
"--without-bzip2"
note
The "--prefix=$HOME/light" option installs lighttpd under your UNIX account, rather than system-wide. "--without-pcre" prevents the rewrite engine from being built. To build a functional rewrite, install libpcre from the package manager (or the ports collection) of your operating system and place "--with-pcre" in the config.sh. Similarly, "--without-bzip2" builds lighttpd without bzip2 compression.
Run the config script.
$ sh config.sh
Build and install lighttpd
$ make
$ make install
note
To accelerate building lighttpd - on a machine with multiple processors or cores, "make -j9" will compile 9 threads simultaneously.
Configure lighttpd for run-time
In a text-editor, create ~/light/lighttpd.conf. The webserver should run on 127.0.0.1 (localhost), bound to a non-privileged port. Port 8080 is the standard, http_alt. Substitute your username for "user" in the Directives, below.
server.document-root = "/home/user/light/pages/"
server.port = "8080"
server.bind = "127.0.0.1"
server.username = "user"
server.groupname = "www"
accesslog.filename = "/home/user/light/logs/access"
server.errorlog = "/home/user/light/logs/error"
server.modules = (
"mod_redirect",
"mod_access",
"mod_setenv",
"mod_compress",
"mod_accesslog" )
mimetype.assign = (
".css" => "text/css; charset=utf-8",
".html" => "text/html; charset=utf-8",
".htm" => "text/html; charset=utf-8",
".txt" => "text/plain; charset=utf-8",
".png" => "image/png; charset=utf-8",
".jpg" => "image/jpeg; charset=utf-8",
".jpeg" => "image/jpeg; charset=utf-8",
".gif" => "image/gif; charset=utf-8",
".ogg" => "application/ogg; charset=utf-8" )
static-file.exclude-extensions = ( "~", ".inc" )
index-file.names = ( "index.html", "index.htm" )
Before running, test the configuration file for syntax errors. If necessary, fix them:
$ ~/light/sbin/lighttpd -t -f ~/light/lighttpd.conf
note
If the lighttpd.conf will not parse cleanly. Verify that your UNIX username is a member of the "www" group in /etc/groups.
Create a directory for the logs and the site's content.
$ mkdir ~/light/pages
$ mkdir ~/light/logs
Execute lighttpd
$ ~/light/sbin/lighttpd -f ~/light/lighttpd.conf
Copy the web-content (html, images, audio and video files, etc.) to be served into ~/light/pages/. To preview the new site, click http://127.0.0.1:8080.
Since onion domains are not resolvable by internet nameservers, installing Tor is required to generate a private key, write an onion hostname and help start the process of name resolution.
Grab and unpack the sources for the standalone version of Tor. The latest stable release is advised. https://www.torproject.org/download/download.html
$ wget https://www.torproject.org/dist/tor-0.2.X.X-rc.tar.gz
$ tar xzvf tor-0.2.X.X-rc.tar.gz
$ cd tor-0.2.X.X
Configure, compile and install Tor
Verify that $HOME/bin exists and that it is in your $PATH statement.
$ ./configure --prefix="$HOME/tor" --exec-prefix="$HOME"
$ make
$ make install
note
To build Tor without the man pages, add "--disable-asciidoc" to the configure options above.
Create a directory to hold the new, onion hostname and private key, and copy the torrc.sample to ~/.torrc.
$ mkdir -p ~/tor/var/lib/tor/hidden_service
$ cp ~/tor/etc/tor/torrc.sample ~/.torrc
Open up ~/.torrc in a text editor and copy the following to it, but substitute your UNIX username for "user", below.
HiddenServiceDir /home/user/tor/var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080
Execute tor
$ ~/bin/tor
The new onion hostname is located in ~/tor/var/lib/tor/hidden_service as "hostname" along with a "private_key". Open the file "hostname":
$ cat ~/tor/var/lib/tor/hidden_service/hostname
To bring up the new site, copy and paste the onion hostname into the address bar of the Tor browser. The site is now available to users on the Tor network. It would be best to backup the private key and store it elsewhere. In case of a disk crash - without any backup, a new key will be generated when Tor is run, and a different hostname assigned.
note
To have both lighttpd and Tor start at boot, add the following cronjob with "crontab -e".
@reboot $HOME/light/sbin/lighttpd -f $HOME/light/lighttpd.conf
@reboot $HOME/bin/tor
A piece of advice: a computer which remains connected to the internet 24/7 is strongly encouraged. If the server hosting the onion domain remains offline for an extended period of time, list sites and search engines will remove their links to it, and the site will receive few hits.
To generate a custom (user selected) first portion of a new, onion domain, refer to: shallot.