Running Django as a hidden onion service

Tor

Tor has many uses, especially for oppressed and persecuted people, people who have to fear for their safety when accessing information on the internet. The more people use Tor, the safer it gets.

2020-09-17

Does this site need an onion service? Not really, but it's a nice technological experiment to run a Django site as a hidden service. The setup was quite easy: there is a gunicorn instance running on the server, and a nginx proxy in front of it. The onion traffic has to go through nginx as static files and media are not served by gunicorn. In the relevant nginx config section I simply added one line and modified another one.

server {
    # All the other config, paths, ssl etc
    listen 127.0.0.1:8002;
    server_name kuttler.eu klsirg4a6f6r6lvcdebfb2onnall3m633gqulfw55tpks3imowxn3wqd.onion;
}

Because of the long onion hostname I also had to update the main nginx.conf file as below. I guess I could have avoided this easily but don't mind the long name.

http {
    server_names_hash_bucket_size 128;
}

The hidden service is then configured like any other in /etc/tor/torrc and passes on traffic from port 80 to port 8002. This site is now available as an onion service.

HiddenServiceDir /var/lib/tor/httpd-8002/
HiddenServicePort 80 127.0.0.1:8002

To make it easier to find the onion service I also implement the onion location header.

DjangoPythonBitcoinTuxDebianHTML5 badgeSaltStackUpset confused bugMoneyHackerUpset confused bugX.OrggitFirefoxWindowMakerBashIs it worth the time?i3 window managerWagtailContainerIrssiNginxSilenceTorWorldInternet securityFontGnuPGThunderbirdJenkins