Say we like to share an onion site on the clearnet. It’s address is a1b2c3d4e5f6.onion and you are on a linux server.

First install nginx and tor.

apt install -y nginx tor
systemctl start tor

lets change the nginx config:

echo 'server {
    listen 80 default_server;
    listen [::]:80 default_server;
    root /var/www/html;
    server_name _;
    location / {
        proxy_set_header Host "a1b2c3d4e5f6.onion";
        proxy_set_header Accept-Encoding "";
        proxy_set_header Via "$host";
        subs_filter 'a1b2c3d4e5f6.onion' "$host";
}' > /etc/nginx/sites-enabled/default

and extend the tor config …

echo 'DNSPort 53
AutomapHostsOnResolve 1' >> /etc/torrc

change the dns servert to localhost:

echo 'nameserver' > /etc/resolv.conf

Then create a script caled /opt/

onion="a1b2c3d4e5f6.onion:80" tcp4-LISTEN:8283,reuseaddr,fork,keepalive,bind= SOCKS4A:"$onion",socksport=9050 &

add this script to the startup by add an line with crontab -e:

@reboot /opt/

now start it all:

systemctl restart tor
systemctl restart nginx

now you shoud have the hidden service on your 80 port visible for everyone. of course you can extend the nginx config to ask for a login before:


auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;

to the location / {...} block

and enerate the password file:
echo -n 'user:' >> /etc/nginx/.htpasswd
openssl passwd -apr1 >> /etc/nginx/.htpasswd

systemctl restart ngin

These are just ideas why I’m not responsible if someone has questionable content now available on the net. :D