Onion-Location is an easy way to advertise an onion site to the users.
You can either configure a web server to show an Onion-Location Header or add an HTML meta attribute in the website.
For the header to be valid the following conditions need to be fulfilled:
The Onion-Location value must be a valid URL with http: or https: protocol and a .onion hostname.
The webpage defining the Onion-Location header must be served over HTTPS.
The webpage defining the Onion-Location header must not be an onion site.
On this page, the commands to manage the web server are based on Debian-like operating systems and may differ from other systems.
Check your web server and operating system documentation.
ApacheTo configure this header in Apache 2.2 or above, you will need to enable a headers and rewrite modules and edit the website Virtual Host file.
Step 1. Enable headers and rewrite modules and reload Apache2
$ sudo a2enmod headers rewrite
$ sudo systemctl reload apache2
If you get an error message, something has gone wrong and you cannot continue until you've figured out why this didn't work.
Step 2. Add the Onion-Location header to your Virtual Host configuration file
Header set Onion-Location "http://your-onion-address.onion%{REQUEST_URI}s"
Where your-onion-address.onion is the Onion Service address you want to redirect and {REQUEST_URI} is the path component of the requested URI, such as "/index.html".
Virtual Host example:
ServerName
DocumentRoot /path/to/htdocs
Header set Onion-Location "http://your-onion-address.onion%{REQUEST_URI}s"
SSLEngine on
SSLCertificateFile "/path/to/www.example.com.cert"
SSLCertificateKeyFile "/path/to/www.example.com.key"
Step 3. Reload Apache
Reload the apache2 service, so your configuration changes take effect:
$ sudo systemctl reload apache2
If you get an error message, something has gone wrong and you cannot continue until you've figured out why this didn't work.
Step 4. Testing your Onion-Location
To test if Onion-Location is working, fetch the website HTTP headers, for example:
$ wget --server-response --spider your-website.tld
Look for onion-location entry and the Onion Service address.
Or open the website in Tor Browser and a purple pill will appear in the address bar.
NginxTo configure an Onion-Location header, the service operator should first configure an Onion service.
Step 1. Create an Onion service by setting the following in torrc:
HiddenServiceDir /var/lib/tor/hs-my-website/
HiddenServiceVersion 3
HiddenServicePort 80 unix:/var/run/tor-hs-my-website.sock
Step 2. Edit website configuration file
In /etc/nginx/conf.d/.conf add the Onion-Location header and the Onion Service address.
For example:
add_header Onion-Location http://.onion$request_uri;
The configuration file with the Onion-Location should look like this:
server {
listen 80;
listen [::]:80;
server_name ;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ;
# managed by Certbot - https://certbot.eff.org/
ssl_certificate /etc/letsencrypt/live//fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live//privkey.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Onion-Location http://.onion$request_uri;
# managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
access_log /var/log/nginx/-access.log;
index index.html;
root /path/to/htdocs;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen unix:/var/run/tor-hs-my-website.sock;
server_name .onion;
access_log /var/log/nginx/hs-my-website.log;
index index.html;
root /path/to/htdocs;
}
Step 3. Test website configuration
$ sudo nginx -t
The web server should confirm that the new syntax is working:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Step 4. Restart nginx
$ sudo nginx -s reload
If you get an error message, something has gone wrong and you cannot continue until you've figured out why this didn't work.
Step 5. Testing your Onion-Location
To test if the Onion-Location is working, fetch the web site HTTP headers, for example:
$ wget --server-response --spider your-website.tld
Look for onion-location entry and the Onion Service address.
Or, open the web site in Tor Browser and a purple pill will appear in the address bar.
CaddyCaddy features automatic HTTPS by default, so it provisions your TLS certificate and takes care of HTTP-to-HTTPS redirection for you.
If you're using Caddy 2, to include an Onion-Location header, add the following declaration in your Caddyfile:
header Onion-Location http://.onion{path}
If you're running a static site and have the onion address in a $TOR_HOSTNAME environment variable, your Caddyfile will look like this:
your-website.tld
header Onion-Location http://{$TOR_HOSTNAME}{path}
root * /var/www
file_server
Testing it out: Test it out with:
$ wget --server-response --spider your-website.tld
Look for onion-location entry and the Onion Service address.
Or, open the web site in Tor Browser and a purple pill will appear in the address bar.
Using an HTML attributeThe identical behaviour of Onion-Location includes the option of defining it as a HTML http-equiv attribute.
This may be used by websites that prefer (or need) to define an Onion-Location by modifying the served HTML content instead of adding a new HTTP header.
The Onion-Location header would be equivalent to a added in the HTML head element of the webpage. Replace with the Onion Service that you want to redirect.
LimitationsHTML cannot read the requested URL and insert it dynamically in the http-equiv meta tag.
For this reason, visitors are always redirected to the .onion URL specified in the content-part of the meta tag, regardless of which subpage they are on.
Therefore, if possible, we recommend using one of the above methods.
More informationRead the Onion-Location spec.