You probably want your apache to download files from hidden service or web via exit nodes transparently. I advice you to create a virtual machine for the apache server, which has a network interface shared with the host. For the apache vm use 10.192.0.10/255.255.0.0 with 10.192.0.1 as a gateway and dns. On the hosts vm-shared interface use 10.192.0.1/255.255.0.0 without gateway or dns. Now install tor on the host and add following to torrc:
DNSPort 0.0.0.0:9053 VirtualAddrNetworkIPv4 10.192.0.0/16 AutomapHostsOnResolve 1 TransPort 9040 Now you need some iptables on the host: #redirects all dns packets to our tor-dns-port, udp is stateless, so no NAT needed iptables -t nat -A PREROUTING -i myvlan0 -p udp --dport 53 -j REDIRECT --to-ports 9053 #allow input on myvlan0:9040 iptables -A INPUT -i myvlan0 -p tcp --dport 9040 -j ACCEPT #NAT all tcp connections coming from the vm to port 9040 iptables -t nat -A PREROUTING -i myvlan0 -p tcp --syn -j REDIRECT --to-ports 9040 Now your vm will communicate with the internet only via Tor, without knowing about it, so in case of a compromise the apache vm won't disclose your servers IP. You can now add a hidden service to the hosts torrc redirecting from asdfghj.onion:80 to 10.192.0.10:80. This is a setup used in dark markets which are still successfully operating. You shouldn't use apache though. A bad practice would be to install torsocks and start apache with torsocks apache -c someconfig --otherparams This will leak IPs left and right, wont allow onion domains and in case of a compromise your IP is disclosed. On Nov 29, 2014 1:27 AM, "Cypher" <cyp...@cpunk.us> wrote: > Does anyone know of a way to make the Apache webserver talk to the Tor > network? Specifically, I'm wanting to do proxing over Tor and am not > sure how to make the server have access to Tor. > > Thanks! > Cypher > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk