title: "Setting up my blog as an Onion service (Tor hidden service)"
date: 2023-03-05T15:54:13-05:00
toc: false
images:
---
If you don't know about it, Tor is a software that helps online privacy and
fights censorship using the Onion network. For example, [tens of thousands of people in Iran and Russia are using Tor through Tor's Snowflake proxies](https://blog.torproject.org/snowflake-daily-operations/) to get
around government censorship and access vital information, as news organizations like the [BBC started offering access through Tor](https://www.wsj.com/articles/russia-rolls-down-internet-iron-curtain-but-gaps-remain-11647087321).
As [online services are happy to turn over our data to the authorities](https://www.businessinsider.com/police-getting-help-social-media-to-prosecute-people-seeking-abortions-2023-2?op=1),
it is crucial for Tor to exist so journalists, activists, whistle-blowers, and
anyone living under oppressive regimes can access information and communicate freely.
![A chart showing daily snowflake users in 2022. The numbers start to rise in December 2021, which is marked as "Unblocking in Russia". The numbers then skyrocket in September, which is marked as "Protests in Iran".](/img/tor-censorship-snowflake-chart.webp)
Then, I added the listen directive to create and listen to that socket:
```
listen 443 ssl http2;
listen unix:/var/run/nginx/bgenc.net.sock;
```
I'm using a unix socket here because my nginx is actually running on the base
system without a container, while tor is in a container. So to allow Tor to
connect to the nginx in the host, I would have had to allow the tor container to
use the host network. But I can get around that with a Unix socket, because the
socket can get mounted from the host into the container.
Also mind that I'm not using SSL or http2 for the unix socket. There are very few
SSL key services that support Tor, and it's not necessary anyway because the Tor
network provides the same security guarantees to you already. I also found that
`http2` does not work, though I'm not sure why.
I finally added the tor container to a `docker-compose.yml` to make it easier to
rebuild if needed. That looks like this:
```yml
tor-hidden-service:
image: seriousbug/tor
restart: always
volumes:
- ./tor:/etc/tor
- /var/run/nginx:/var/run/tor
```
I also needed to make the tor directory with the configuration file and services
owned by root, and use 700 as the file permission. Otherwise Tor refuses to start.
Once all of this is set up, I restarted nginx and my Tor container. And that was about it!
The website is now accessible through Tor! You can find it at [bgenc2iv62mumkhu2p564vxtao6ha7ihavmzwpetkmazgq6av7zvfwyd.onion](http://bgenc2iv62mumkhu2p564vxtao6ha7ihavmzwpetkmazgq6av7zvfwyd.onion/).