installation guide

[systemd1337]

please make a installation guide i am confused on how to installed it and i tried to install it but failed

[infoabcd]

We suggest that you post a log of the errors reported

[DanWin]

Check the README.md, there are all instructions you need. Because I have been asked to make a video of it several times, I have recorded videos of me copy-pasting the instructions given and sometimes tweaking things which are different on that specific server setup. Every setup is different, since most providers have a customized stock OS installed on their servers. So if something fails because of a missing program, check that it is installed. If there is a conflict with a different application, uninstall it. If something in the installation steps is broken and you don't understand what you need to do next, post the error log, so we can take a look at it and help you out. This is a work in progress and provided as is. Some things might be broken.

[systemd1337]

yeah a video would be useful it messed up my dns settings too

[systemd1337]

i pulled up the logs i got these https://privatebin.net/?bc4332ef5145d056#FUJ6CkJfi61SSKTcfw4bNfD7dTCt34vwmzUJngWXPzkc

[DanWin]

Alright, I just had a look at your logs. Jan 18 11:44:22 raspberrypi kernel: [ 0.000000] OF: fdt: Machine model: Raspberry Pi 4 Model B Rev 1.2 This line indicates your hardware. Jan 18 11:44:22 raspberrypi kernel: [ 0.000000] Memory: 3655604K/4050944K available (10240K kernel code, 739K rwdata, 2816K rodata, 2048K init, 854K bss, 133196K reserved, 262144K cma-reserved, 3264512K highmem) This indicates you have 4GB of RAM. So far this looks good. However: Jan 18 11:44:22 raspberrypi kernel: [ 0.000000] CPU: ARMv7 Processor [410fd083] revision 3 (ARMv7), cr=30c5383d this line indicates you are running a 32 bit OS. Several things will break with 32 bit, because some of the libraries used have unfortunately dropped support for 32 bit. I'd recommend upgrading to a 64 bit image using for example the image provided here: https://raspi.debian.net/tested-images/ If you feel comfortable with disabling the features that break, or perhaps even fixing them, then you can stay on 32 bit.

Jan 18 09:49:07 raspberrypi tor[10021]: Jan 18 09:49:07.949 [notice] Tor 0.3.5.12 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8. Your tor version is outdated. This is why Jan 18 09:49:07 raspberrypi tor[10021]: Jan 18 09:49:07.957 [warn] Failed to parse/validate config: Unknown option 'HiddenServiceEnableIntroDoSDefense'. Failing. is coming up, resulting in tor not being able to start and thus your networking not working. This should be easy to fix with the commands given in the instructions.

curl -sSL https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc > /etc/apt/trusted.gpg.d/torproject.asc
echo "deb https://deb.torproject.org/torproject.org `lsb_release -cs` main" >> /etc/apt/sources.list
apt-get update && apt-get upgrade

However, the torproject also dropped support for 32 bit armhf devices. Assuming you are on debian buster, you can enable the backports repository to fetch the latest tor version, or simply upgrade to bullseye, see https://packages.debian.org/buster-backports/tor Since your DNS is broken, you can edit the /etc/resolv.conf file and replace 127.0.0.1 with 8.8.8.8 as a temporary workaround. And the firewall will try redirecting your traffic through tor, so you should disable that too with iptables -t nat -F && iptables -F Once your tor is upgraded and working, you can switch back to 127.0.0.1 as your nameserver and run /etc/rc.local to get the firewall back up.

[systemd1337]

yeah i am having trouble installing tor i checked my hostname -i i got 127.0.0.1 is there a installation guide on how to install tor on a pi?

[DanWin]

Based on the 32 bit system you are running, you will have to install tor either from the debian repositories, or compile it yourself, since the torproject doesn't support that architecture any more in their repositories. Most likely you are running the buster version, so this is what you would have to add to your /etc/apt/sources.list file to download packages from the backports repository. Once you have added it, run apt-get update && apt-get upgrade to download the latest version of tor. Depending on the specific distribution you are running, that line may have to be changed, or you may have to upgrade your distribution in order to get the latest version of tor. deb http://deb.debian.org/debian/ buster-backports main contrib non-free

[systemd1337]

i did sudo nano /etc/apt/sources.list i got

deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi
# Uncomment line below then 'apt-get update' to enable 'apt-get source'
#deb-src http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi
deb https://deb.torproject.org/torproject.org buster main
deb https://deb.torproject.org/torproject.org buster main
deb https://deb.torproject.org/torproject.org buster main

[DanWin]

I see, you're using raspbian. It is unfortunately not compatible with the debian repository, due to the arm6 compatibility it was designed for. You can remove the torpoject.org lines, since they will not work. If you change buster to bullseye, you can upgrade to the latest raspbian release, which also includes a more up-to-date tor version. However, for performance and in general reducing the 32 bit issues you will run into, I'd strongly recommend you to switch to an alternate distribution, as for example the official debian images mentioned above. Raspbian was made for the Raspberry Pi 1, newer models are better of with the official builds, unless you want to keep that compatibility layer.

[systemd1337]

ok so i need to get rid of these lines?

deb https://deb.torproject.org/torproject.org buster main
deb https://deb.torproject.org/torproject.org buster main
deb https://deb.torproject.org/torproject.org buster main

[DanWin]

Yes, because they will not work on raspbian. Also you will have to change deb http://raspbian.raspberrypi.org/raspbian/ buster main contrib non-free rpi to deb http://raspbian.raspberrypi.org/raspbian/ bullseye main contrib non-free rpi

[systemd1337]

why can i not connect to my address?

Unable to connect

Firefox can’t establish a connection to the server at cdrazy5h3tcuq5chorvscdx4x6rdl3qaik5yuigpze5fgh5qlpkh4fqd.onion

[systemd1337]

now i get Onionsite Has Disconnected

[systemd1337]

i am having trouble connecting to my address

tor Jan 21 10:23:54.654 [notice] Tor 0.4.4.6 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8. Jan 21 10:23:54.654 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning Jan 21 10:23:54.654 [notice] Read configuration file "/etc/tor/torrc". Jan 21 10:23:54.657 [warn] /var/lib/tor/hidden_service/ is not owned by this user (root, 0) but by debian-tor (115). Perhaps you are running Tor as the wrong user? Jan 21 10:23:54.657 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details. Jan 21 10:23:54.657 [err] Reading config failed--see warnings above.

[systemd1337]

ok i seemed to fix the problem i just had to chown but i still cant connect to my address

[DanWin]

Uhm, you're not supposed to run tor as root. There is a service, which runs tor. If it's not running, you can restart it with systemctl restart tor@default.service You should stop tor running as root and chown the directory back to debian-tor before starting tor the intended way. There are two possible reasons, why your site is not reachable:

1. Tor is not running (TorBrowser would tell you that the site is not known, rather than not being able to connect)
2. Your nginx web server is not running. Try restarting it with systemctl restart nginx.service

[systemd1337]

when i type tor i get this

tor

Jan 21 12:37:22.502 [notice] Tor 0.4.4.6 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma 5.2.4, and Libzstd 1.3.8.
Jan 21 12:37:22.502 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Jan 21 12:37:22.502 [notice] Read configuration file "/etc/tor/torrc".
Jan 21 12:37:22.514 [notice] Opening Socks listener on 127.0.0.1:9050
Jan 21 12:37:22.514 [warn] Could not bind to 127.0.0.1:9050: Address already in use. Is Tor already running?
Jan 21 12:37:22.514 [notice] Opening Socks listener on 127.0.1.1:9050
Jan 21 12:37:22.514 [notice] Opened Socks listener on 127.0.1.1:9050
Jan 21 12:37:22.514 [notice] Opening DNS listener on 127.0.0.1:54
Jan 21 12:37:22.514 [notice] Opened DNS listener on 127.0.0.1:54
Jan 21 12:37:22.514 [notice] Opening DNS listener on [::1]:54
Jan 21 12:37:22.515 [notice] Opened DNS listener on [::1]:54
Jan 21 12:37:22.515 [notice] Opening Transparent pf/netfilter listener on 127.0.0.1:9040
Jan 21 12:37:22.515 [warn] Could not bind to 127.0.0.1:9040: Address already in use. Is Tor already running?
Jan 21 12:37:22.515 [notice] Opening Transparent pf/netfilter listener on [::1]:9040
Jan 21 12:37:22.515 [warn] Could not bind to ::1:9040: Address already in use. Is Tor already running?
Jan 21 12:37:22.515 [notice] Closing partially-constructed Socks listener on 127.0.1.1:9050
Jan 21 12:37:22.515 [notice] Closing partially-constructed DNS listener on 127.0.0.1:54
Jan 21 12:37:22.515 [notice] Closing partially-constructed DNS listener on ::1:54
Jan 21 12:37:22.516 [warn] Failed to parse/validate config: Failed to bind one of the listener ports.
Jan 21 12:37:22.516 [err] Reading config failed--see warnings above.

[DanWin]

Yes, because you should NOT type in tor manually. It's a daemon running in the background. It's managed by systemd. You can use the systemctl command to manage your daemon services. It looks like tor is already running there, because it can't bind to the ports configured for tor to use.

[systemd1337]

ok i got everything to work but now i get this

https://cdrazy5h3tcuq5chorvscdx4x6rdl3qaik5yuigpze5fgh5qlpkh4fqd.onion/ Onionsite Has Disconnected

[DanWin]

Check, if you get a response from nginx: curl localhost If yes, check that tor really is running with systemctl status tor@default.service If not, try restarting nginx: systemctl restart nginx.service

[systemd1337]

ok i checked systemctl status tor@default.service i got

status tor@default.service Warning: The unit file, source configuration file or drop-ins of tor@default.service changed on disk. Run 'systemctl daemon-reload' to reload units. ● tor@default.service - Anonymizing overlay network for TCP Loaded: loaded (/lib/systemd/system/tor@default.service; enabled-runtime; vendor preset: enabled) Drop-In: /etc/systemd/system/tor@default.service.d └─custom.conf Active: failed (Result: exit-code) since Thu 2021-01-21 13:57:43 EST; 17min ago Process: 1069 ExecStartPre=/usr/bin/install -Z -m 02755 -o debian-tor -g debian-tor -d /run/tor (code=exited, status=0/SUCCESS) Process: 1070 ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config (code=exited, sta

Jan 21 13:57:43 raspberrypi systemd[1]: tor@default.service: Service RestartSec=100ms expired, scheduling restart. Jan 21 13:57:43 raspberrypi systemd[1]: tor@default.service: Scheduled restart job, restart counter is at 5. Jan 21 13:57:43 raspberrypi systemd[1]: Stopped Anonymizing overlay network for TCP. Jan 21 13:57:43 raspberrypi systemd[1]: tor@default.service: Start request repeated too quickly. Jan 21 13:57:43 raspberrypi systemd[1]: tor@default.service: Failed with result 'exit-code'. Jan 21 13:57:43 raspberrypi systemd[1]: Failed to start Anonymizing overlay network for TCP. lines 1-15/15 (END)

[systemd1337]

i did curl localhost and got 502 bad gateway

[DanWin]

Ok, that means something with tor is wrong. Copy the output of this: journalctl -u tor@default.service -n 30 -o short Your nginx is running then, but probably php isn't running. Try restarting that with systemctl restart php8.0-fpm@default.service

[systemd1337]

still got the same errors https://privatebin.net/?3dee624c790b9496#HpvL4BuCGUtTm11LoL1F9PBshTW7kpE41hMUUcocNJb8

[systemd1337]

now i get this

systemctl restart php8.0-fpm@default.service
Job for php8.0-fpm@default.service failed because the control process exited with error code.
See "systemctl status php8.0-fpm@default.service" and "journalctl -xe" for details.
root@raspberrypi:~# 
root@raspberrypi:~# systemctl status php8.0-fpm@default.service
● php8.0-fpm@default.service - The PHP 8.0 FastCGI Process Manager
   Loaded: loaded (/etc/systemd/system/php8.0-fpm@default.service; disabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Thu 2021-01-21 14:45:26 EST; 15s ago
     Docs: man:php-fpm8.0(8)
  Process: 10291 ExecStart=/usr/sbin/php-fpm8.0 --nodaemonize --fpm-config /etc/php/8.0/fpm/php-fpm.conf (code=exited, status=203/EXEC)
 Main PID: 10291 (code=exited, status=203/EXEC)

Jan 21 14:45:26 raspberrypi systemd[1]: Starting The PHP 8.0 FastCGI Process Manager...
Jan 21 14:45:26 raspberrypi systemd[10291]: php8.0-fpm@default.service: Failed to execute command: No such file or directory
Jan 21 14:45:26 raspberrypi systemd[10291]: php8.0-fpm@default.service: Failed at step EXEC spawning /usr/sbin/php-fpm8.0: No such file or directory
Jan 21 14:45:26 raspberrypi systemd[1]: php8.0-fpm@default.service: Main process exited, code=exited, status=203/EXEC
Jan 21 14:45:26 raspberrypi systemd[1]: php8.0-fpm@default.service: Failed with result 'exit-code'.
Jan 21 14:45:26 raspberrypi systemd[1]: Failed to start The PHP 8.0 FastCGI Process Manager.

[DanWin]

Jan 21 14:32:24 raspberrypi tor[2535]: Jan 21 14:32:24.079 [warn] /var/lib/tor/hidden_service/ is not owned by this user (debian-tor, 115) but by root (0). Perhaps you You didn't change the ownership back to what it is supposed to be. Run chown debian-tor:debian-tor -R /var/lib/tor/

It looks like you didn't successfully compile and install php8. Did the install_binaries.sh script end with an error? Try running it again and post the error message of it.

[systemd1337]

./install_binaries.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 13527  100 13527    0     0   111k      0 --:--:-- --:--:-- --:--:--  111k
=> nvm is already installed in /home/pi/.config/nvm, trying to update using git
=> => Compressing and cleaning up git repository

=> nvm source string already in /root/.bashrc
=> bash_completion source string already in /root/.bashrc
=> Close and reopen your terminal to start using nvm or run the following to use it now:

export NVM_DIR="/home/pi/.config/nvm"
[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
./install_binaries.sh: 11: ./install_binaries.sh: nvm: not found

[infoabcd]

If you use Debian buster you can save yourself a lot of trouble, my Raspberry Pi 4b works perfectly

[systemd1337]

ok what is wrong with nginx

systemctl status nginx.service
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/etc/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: failed (Result: signal) since Thu 2021-01-21 21:41:43 EST; 15s ago
  Process: 4804 ExecStartPre=/usr/sbin/nginx -t -q (code=killed, signal=SEGV)

Jan 21 21:41:43 raspberrypi systemd[1]: Starting A high performance web server and a reverse proxy server...
Jan 21 21:41:43 raspberrypi systemd[1]: nginx.service: Control process exited, code=killed, status=11/SEGV
Jan 21 21:41:43 raspberrypi systemd[1]: nginx.service: Failed with result 'signal'.
Jan 21 21:41:43 raspberrypi systemd[1]: Failed to start A high performance web server and a reverse proxy server

[DanWin]

It looks like you have installed nvm previously in a different location than usual. For some reason it is installed, but not in your $PATH. Most likely you have unloaded or disabled loading nvm and then tried running that script. As for nginx, it has run into SIGSEGV (Segfault). That usually indicates an underlying memory corruption or access out of bounds. However, if you didn't successfully compile and install nginx using the provided script, I'm wondering how you got nginx setup. Did you install it manually via apt?

[systemd1337]

i just did sudo apt-get install nginx

[systemd1337]

ok i got nginx to work but now i can't reach my site

[systemd1337]

this is my /etc/tor/torrc/ config

https://pastebin.com/dQiin7pW

this is my nginx config

https://pastebin.com/800UWQji

[DanWin]

Why do you have the following in your Torrc?:

SocksPort 10.1.10.33:9050
SocksPolicy accept 192.168.1.0/24

You create a socks port on a 10.1.10.33 IP address, but only allow connections from a 192.168.1.0/24 IP to it. Those are two completely different networks and unless you have a weird/very complex network layout, this is most likely just wrong.

As for your nginx config, this doesn't at all look like the one provided. In general, look at the very first command in the instructions. It will UNinstall the nginx installed by apt, because it is replaced by a custom compiled version, which has unnecessary modules disabled and added some additional useful modules. If you do not follow the instructions, but just do whatever you feel like, then we can't help you!

[systemd1337]

i followed the instructions

[systemd1337]

i did this when i installed nginx

apt-get --no-install-recommends install libbrotli-dev libpcre3-dev zlib1g-dev
git clone https://github.com/nginx/nginx && cd nginx
git clone https://github.com/google/ngx_brotli
./auto/configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/tmp/body --http-fastcgi-temp-path=/tmp/fastcgi --http-proxy-temp-path=/tmp/proxy --with-threads --with-pcre-jit --with-http_ssl_module --with-http_v2_module --with-http_gzip_static_module --without-http_ssi_module --without-http_userid_module --without-http_access_module --without-http_mirror_module --without-http_geo_module --without-http_split_clients_module --without-http_uwsgi_module --without-http_scgi_module --without-http_grpc_module --without-http_memcached_module --without-http_limit_conn_module --without-http_limit_req_module --without-http_empty_gif_module --without-http_browser_module --without-http_upstream_hash_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_keepalive_module --without-http_upstream_zone_module --with-stream --with-stream_ssl_module --without-stream_limit_conn_module --without-stream_access_module --without-stream_geo_module --without-stream_map_module --without-stream_split_clients_module --without-stream_return_module --without-stream_upstream_hash_module --without-stream_upstream_least_conn_module --without-stream_upstream_zone_module --with-cc-opt='-O3 -march=native -mtune=native -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --add-module=ngx_brotli
make -j $(nproc) install

[DanWin]

Ok, a few comments up you said the opposite... Just comment out the installation of nvm + yarn in the install script and try fixing that at a later time. It's only required for phpmyadmin.

[systemd1337]

i already installed

curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash
export NVM_DIR="$HOME/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
nvm install node
npm i -g yarn

[systemd1337]

ok so i can access localhost:8080 it shows welcome to nginx

[systemd1337]

ok so nginx works and everything but somehow i cannot connect to my site

http://cdrazy5h3tcuq5chorvscdx4x6rdl3qaik5yuigpze5fgh5qlpkh4fqd.onion/

[systemd1337]

now i am getting these errors

tail -f /var/log/nginx/error.log
2021/01/25 06:49:17 [error] 23034#23034: *5 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dg5eki454m5jueqydpa2lhxmbmplcle2fcbhg33j2jliwiwgbrt242ad.onion"
2021/01/25 07:08:59 [notice] 23737#23737: signal process started
2021/01/25 07:11:57 [error] 23743#23743: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dg5eki454m5jueqydpa2lhxmbmplcle2fcbhg33j2jliwiwgbrt242ad.onion"
2021/01/25 07:12:02 [error] 23743#23743: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dg5eki454m5jueqydpa2lhxmbmplcle2fcbhg33j2jliwiwgbrt242ad.onion"
2021/01/25 07:12:04 [error] 23743#23743: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dg5eki454m5jueqydpa2lhxmbmplcle2fcbhg33j2jliwiwgbrt242ad.onion"
2021/01/25 07:13:08 [error] 23743#23743: *2 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /index.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dg5eki454m5jueqydpa2lhxmbmplcle2fcbhg33j2jliwiwgbrt242ad.onion"
2021/01/25 07:18:04 [error] 23743#23743: *7 connect() failed (111: Connection refused) while connecting to upstream, client: 127.0.0.1, server: , request: "GET /login.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dg5eki454m5jueqydpa2lhxmbmplcle2fcbhg33j2jliwiwgbrt242ad.onion"

[Stephansen112]

Hello, Anyone got this hosting service installed? I have troubles, so I am willing to pay for some help. Thanks.

[infoabcd]

Hello, Anyone got this hosting service installed? I have troubles, so I am willing to pay for some help. Thanks.

I can help you with the installation My email address is xzi@live.com

[DanWin]

@Stephansen112 I think you also sent me an email yesterday, which I just replied to. I can help you as well