Setup Tor Hidden Service on CentOS 7

Tor is provided by EPEL repository on CentOS 7. Install EPEL repo with command

Install tor

Edit tor config file

Uncomment or add following lines

Restart tor with command

Now your tor hidden service is ready to use. You need to run your web application on

To see URL of your tor hidden service, run

Make sure to make a backup of folder “/var/lib/tor/hidden_service/” as it comtains keys for this .onion domain. If you lost it, you will lose your domain name. So it is very important you keep the files safe.

To stop/start tor, run

See tor

tor browser

Tor Hidden Service in Ubuntu/Debian

tor browser

To install tor on Ubuntu/Debian, run

Default configuration file for tor is /etc/tor/torrc

To enable hidden service, edit /etc/tor/torrc

uncomment lines

Create folder for your hidden service

You need to install Apache/Nginx etc.. to serve your web application. Make sure to configure web application listen on

Now restart tor with command

Ubuntu/Debian support multiple instances of tor. You can use command “/usr/sbin/tor-instance-create” to create new tor instance. Configuration for instanced tor available at /etc/tor/instances/INSTANCE_NAME/torrc

To see URL for your Hidden service, run


You should be able to visit the application using .onion link in Tor Browser.

You need to take backup of tor folder (/var/lib/tor/hidden_service) as it contains your secret keys, this is needed to use the .onion domain name. If you lose this, you will lose the .onion url.

To start the service on boot, run

See Tor

Install Tor on Ubuntu

Tor is a highly anonymous proxy network. Tor is used by sites in dark web as it is almost impossible to find who owns a web site when it is hidden using tor.

To install tor on Ubuntu/Debian, run

This will start a sock5 proxy server on your PC on port 9050.

tor proxy

To check if proxy is working, run

You can also use “torify”, that work like proxychains.

You can configure your browser to use sock5 proxy server running on on port 9050.

If you are using applications that do not support proxy, then you can use torify or proxychains, for example.

Block Tor IP Addresses with CSF Firewall

To block traffic from TOR using CSF firewall, edit

Add following to end of the file

86400 = Tor IP list updated every 86400 seconds (12 hours), you can change this if required, but updating every 12 hours is fine for such a large list.

Now restart CSF and LFD

You can verify IPs get added to firewall by running

You wills see DROP lines for each of the TOR IP address.

You will be able to see the downloaded TOR IP list at


Block Tor IP Addresses