{"id":16154836,"url":"https://github.com/danwin/hosting","last_synced_at":"2025-04-09T05:11:31.196Z","repository":{"id":38984254,"uuid":"89866181","full_name":"DanWin/hosting","owner":"DanWin","description":"This is a setup for a Tor based shared web hosting server","archived":false,"fork":false,"pushed_at":"2024-09-22T08:16:08.000Z","size":1124,"stargazers_count":342,"open_issues_count":38,"forks_count":125,"subscribers_count":37,"default_branch":"master","last_synced_at":"2024-10-11T01:19:06.572Z","etag":null,"topics":["debian","hacktoberfest","hidden-service","hidden-services","hosting","onion","php","server","tor","torproject","webhosting"],"latest_commit_sha":null,"homepage":"https://danwin1210.de/hosting/","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DanWin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"COPYING","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"DanWin","liberapay":"DanWin1210"}},"created_at":"2017-04-30T17:35:28.000Z","updated_at":"2024-10-07T12:20:30.000Z","dependencies_parsed_at":"2023-10-14T18:31:28.355Z","dependency_job_id":"bde2ec4c-5e64-4a55-a905-2cf344196d97","html_url":"https://github.com/DanWin/hosting","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DanWin%2Fhosting","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DanWin%2Fhosting/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DanWin%2Fhosting/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DanWin%2Fhosting/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DanWin","download_url":"https://codeload.github.com/DanWin/hosting/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247980843,"owners_count":21027808,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["debian","hacktoberfest","hidden-service","hidden-services","hosting","onion","php","server","tor","torproject","webhosting"],"created_at":"2024-10-10T01:19:01.935Z","updated_at":"2025-04-09T05:11:31.166Z","avatar_url":"https://github.com/DanWin.png","language":"PHP","funding_links":["https://github.com/sponsors/DanWin","https://liberapay.com/DanWin1210"],"categories":[],"sub_categories":[],"readme":"General Information:\n--------------------\n\nThis is a setup for a Tor based shared hosting server. It is provided as is and before putting it into production you should make changes according to your needs. This is a work in progress and you should carefully check the commit history for changes before updating.\nFor a production server, at least 1TB of SSD disk space, 32GB RAM and 8 CPU cores is recommended. For a small testing/personal server, 4GB RAM and 1 CPU core is enough.\n\nTranslation:\n--------------------------\n\nTranslations are managed in [Weblate](https://weblate.danwin1210.de/projects/DanWin/hosting).\nIf you prefer manually submitting translations, the script `update-translations.sh` can be used to update the language template and translation files from source.\nIt will generate the file `var/www/locale/hosting.pot` which you can then use as basis to create a new language file in `var/www/YOUR_LANG_CODE/LC_MESSAGES/hosting.po` and edit it with a translation program, such as [Poedit](https://poedit.net/).\nOnce you are done, you can open a pull request, or [email me](mailto:daniel@danwin1210.de), to include the translation.\n\nInstallation Instructions:\n--------------------------\n\nThe configuration was tested with a standard Debian bookworm and Ubuntu 24.04 LTS installation. It's recommended you install Debian bookworm (or newer) on your server, but with a little tweaking you may also get this working on other distributions and/or versions. If you want to build it on a raspberry pi, please do not use the raspbian images as several things will break. Download an image for your pi model from [https://raspi.debian.net/daily-images/](https://raspi.debian.net/daily-images/) instead.\n\nBecause I regularly get asked to make a video tutorial on how to set this up, I decided to create a tutorial which you can [watch on YouTube](https://www.youtube.com/watch?v=f2-SOlnIYmg). It is basically just copy-pasting commands, but maybe it helps someone.\n\nUninstall packages that may interfere with this setup:\n```\nDEBIAN_FRONTEND=noninteractive apt purge -y apache2* dnsmasq* eatmydata exim4* imagemagick-6-common mysql-client* mysql-server* nginx* libnginx-mod* php7* resolvconf \u0026\u0026 systemctl disable systemd-resolved.service \u0026\u0026 systemctl stop systemd-resolved.service\n```\n\nIf you have problems resolving hostnames after this step, temporarily switch to a public nameserver like 1.1.1.1 (from CloudFlare) or 8.8.8.8 (from Google)\n\n```\nrm /etc/resolv.conf \u0026\u0026 echo \"nameserver 1.1.1.1\" \u003e /etc/resolv.conf\n```\n\nAdd additional repositories:\n```\napt update \u0026\u0026 apt install git apt-transport-tor curl\ncurl -sSL https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc \u003e /etc/apt/trusted.gpg.d/torproject.gpg\ncurl -sSL https://packages.sury.org/nginx/apt.gpg \u003e /etc/apt/trusted.gpg.d/sury.gpg\necho \"deb tor://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torproject.org/ `lsb_release -cs` main\" \u003e\u003e /etc/apt/sources.list\necho \"deb https://packages.sury.org/nginx/ `lsb_release -cs` main\" \u003e\u003e /etc/apt/sources.list\napt update \u0026\u0026 apt upgrade\n```\n\nInstall git and clone this repository\n\n```\napt update \u0026\u0026 apt install git \u0026\u0026 git clone https://github.com/DanWin/hosting \u0026\u0026 cd hosting\n```\n\nInstall custom optimized binaries\n```\n./install_binaries.sh\n```\n\nNote that debian also has an onion service package archive, so you may want to edit /etc/apt/sources.list to load from there instead:\n```\ndeb tor://2s4yqjx5ul6okpp3f2gaunr2syex5jgbfpfvhxxbbjwnrsvbk5v3qbid.onion/debian `lsb_release -cs` main\n```\n\nCopy (and modify according to your needs) the site files in `var/www` to `/var/www` and the configuration files in `etc` to `/etc` after installation has finished. Then restart some services:\n```\nsystemctl daemon-reload \u0026\u0026 systemctl restart bind9.service \u0026\u0026 systemctl restart tor@default.service\n```\n\nReplace the default .onion domain with your domain:\n```\nsed -i \"s/dhosting4xxoydyaivckq7tsmtgi4wfs3flpeyitekkmqwu4v4r46syd.onion/`cat /var/lib/tor/hidden_service/hostname`/g\" /etc/postfix/sql/alias.cf /etc/postfix/sender_login_maps /etc/postfix/main.cf /var/www/skel/www/index.hosting.html /var/www/common.php /etc/postfix/canonical /etc/postfix-clearnet/canonical /var/www/html/squirrelmail/config/config.php\n```\n\nFor your clearnet domain, you need to add it to `relay_domains` in `/etc/postfix/main.cf` and edit the default domain in the following files:\n```\n/var/www/common.php\n/etc/postfix/canonical\n/etc/postfix-clearnet/canonical\n```\n\nThis setup has two postfix instances, one for receiving and sending mail to other .onion services and one for rewriting addresses to pass them on to a clearnet facing mail relay. You may or may not want to create the second instance by running\n```\npostmulti -e init\npostmulti -I postfix-clearnet -e create\npostmulti -i clearnet -e enable\npostmulti -i clearnet -p start\n```\nIf you created an instance, uncomment the clearnet relay related config in etc/postfix/main.cf and make sure to copy and modify the configuration files from etc/postfix-clearnet too\n\nIf you encountered the following issue: `postfix: fatal: chdir(/var/spool/postfix-clearnet): No such file or directory` you can just copy the chroot from the default postfix instance like this `cd /var/spool/ \u0026\u0026 cp -a postfix/ postfix-clearnet/`\n\nAfter copying (and modifying) the posfix configuration, you need to create databases out of the mapping files (also each time you update those files):\n```\npostalias /etc/aliases\npostmap /etc/postfix/canonical /etc/postfix/sender_login_maps /etc/postfix/transport\npostmap /etc/postfix-clearnet/canonical /etc/postfix-clearnet/sasl_password /etc/postfix-clearnet/transport #only if you have a second instance\n```\n\nTo save temporary files in memory, add the following to `/etc/fstab`:\n```\ntmpfs /tmp tmpfs defaults,noatime 0 0\ntmpfs /var/log/nginx tmpfs rw,user,noatime 0 0\n```\n\nTo harden the system and hide pids from non-root users, also add the following:\n```\nproc /proc proc defaults,hidepid=2 0 0\n```\n\nAnd add the `noatime,usrjquota=aquota.user,jqfmt=vfsv1` options to the `/home` mountpoint, then initialize quota. Replace `/home` with `/`, if you do not have a separate partition:\n```\nsystemctl daemon-reload\nmount -o remount $(findmnt -n -o TARGET --target /home)\nquotacheck -cMu $(findmnt -n -o TARGET --target /home)\nquotaon $(findmnt -n -o TARGET --target /home)\n```\n\nIn some cases, you might get an error, that quota is not supported. This is usually the case in virtual environments. Make sure you have the full kernel installed, not one with a `-virtual` package. They usually are `linux-image-amd64`, `linux-image-arm64` or `linux-image-generic`, depending on your distribution. Also make sure, you are running a real virtual machine (e.g. KVM). Some providers sell containerized VPSes (e.g. OpenVZ), which means you don't run your own kernel...\n\nInstall sodium_compat for v3 hidden_service support\n```\ncd /var/www \u0026\u0026 composer install\n```\n\nCreate a mysql user for phpmyadmin and cofigure it in `/var/www/html/phpmyadmin/config.inc.php` and fill `$cfg['blowfish_secret']` with random characters:\n```\nmysql\nCREATE USER 'phpmyadmin'@'%' IDENTIFIED BY 'MY_PASSWORD';\nCREATE DATABASE phpmyadmin;\nGRANT ALL PRIVILEGES ON phpmyadmin.* TO 'phpmyadmin'@'%';\nFLUSH PRIVILEGES;\nquit\nmysql phpmyadmin \u003c /var/www/html/phpmyadmin/sql/create_tables.sql\n```\n\nCreate a mysql user with all permissions for our hosting management:\n```\nmysql\nCREATE USER 'hosting'@'%' IDENTIFIED BY 'MY_PASSWORD';\nGRANT ALL PRIVILEGES ON *.* TO 'hosting'@'%' WITH GRANT OPTION;\nFLUSH PRIVILEGES;\nquit\n```\n\nThen edit the database configuration in `/var/www/common.php` and `/etc/postfix/sql/alias.cf`\n\nLast but not least setup the database by running\n```\nphp /var/www/setup.php\n``` \n\nEnable systemd timers to regularly run various managing tasks:\n```\nsystemctl enable hosting-del.timer \u0026\u0026 systemctl enable hosting.timer\n```\n\nFinal step is to reboot wait about 5 minutes for all services to start and check if everything is working by creating a test account.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanwin%2Fhosting","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanwin%2Fhosting","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanwin%2Fhosting/lists"}