Need help with: Running Ghost CMD (Ghost Blog) only with Tor

TheOrangeExcavator · February 29, 2024, 9:27am

Good afternoon dear community,

I’ve been using Tor for a long time and love it. Now I want to publish a few articles and start a blog. I want to create a blog using Ghost CMD and only publish the whole thing to the Tor network. I don’t want clearnet access. In addition, there is no need to specify the domain, SSL and legal notice, which is unfortunately mandatory in my country.

I did a lot of research on Tor and Ghost CMD. Unfortunately, I’ve been divorced for weeks. Unfortunately, I’m not that good at programming yet. This is why it becomes Ghost CMD (Ghost Blog) in the first place.

1 question
Are there any instructions for Ghost CMD and Tor, where access is only possible via Tor? I only ever see Tor + Clearnet. But I do not want that.

I’m having trouble installing Tor and connecting. But unfortunately I can’t reach my Onion address. So the problem must be with NGINX. Here I can’t reach my localhost and onion address. But the connection to Tor is activated and active.

I always installed Tor first and then Ghost CMD. Unfortunately never achieved so far…

I run the whole thing on my Proxmox in the LXC. On an Ubuntu as research shows it works best for Ghost CMD. Even though I love Debian more. But okay now.

My research so far:
Step 1 – Servers
Step 2 – Update
“sudo apt-get update”
“sudo apt-get upgrade”
[ Kostenlos eine Webseite im Darknet mit Raspberry Pi bereitstellen über Onion Service – Wenzlaff.de – Rund um die Programmierung ]
[ https://servers.guru ]

Step 3 – Firewall Configuration
[ Building a Tor Hidden Service From Scratch - Part 1 - Design and Setup | www.bentasker.co.uk ]
[ Hardening SSH. Check out my podcast, “Talking… | by Jason Rigden | Medium ]
[ A Guide to the Uncomplicated Firewall (UFW) for Linux | by Jason Rigden | Medium ]

Step 4 – Lock SSH
Step 5 – Protect History
Step 6 – Special features of preparation
[ Building a Tor Hidden Service From Scratch - Part 1 - Design and Setup | www.bentasker.co.uk ]
[ Hardening SSH. Check out my podcast, “Talking… | by Jason Rigden | Medium ]

Step 3 – Install Gate
“sudo apt-get install tor”
Step 4 – Configure Gate
Step 5 – Check the service gate status
Step 6 – Active
[ Tor Project | Set up Your Onion Service ]
[ How to Host Your Own Tor Hidden Service with a Custom Onion Address « Null Byte :: WonderHowTo ]
[ How to Host a Site on the Dark Web | by Jason Rigden | Medium ]

Step 8 – Nginx Installation and Configuration
“sudo apt install nginx”
Step 9 – Port Forwarding
Step 10 – Plausibility check of our changes
[ Building a Tor Hidden Service From Scratch - Part 2 - HTTP and HTTPS | www.bentasker.co.uk ]
[ How to Host a Site on the Dark Web | by Jason Rigden | Medium ]

Step 11 – v3 onion address
Step 12 – Install, Build, Achieve
[ Generating a Vanity Address for Version 3 Onions | www.bentasker.co.uk ]
[ GitHub - mikeperry-tor/vanguards: Vanguards help guard you from getting vanned... ]
Step 13 – RSA Key
Step 14 – CGI scripts / PHP-FPM / HTTPS / SSL (Can, doesn’t have to!)
Step 15 – CAPTCHAS
Step 16 – 2-factor authentication
[ Hardening SSH. Check out my podcast, “Talking… | by Jason Rigden | Medium ]

Step 17 – Backups
[ Building a Tor Hidden Service From Scratch - Part 3 - General User Anonymity and Security | www.bentasker.co.uk ]
[ How to Host Your Own Tor Hidden Service with a Custom Onion Address « Null Byte :: WonderHowTo ]

Step 18 – Create website
The current index.html is located in the /var/www/html/ directory. I open and edit this with nano /var/www/html/index.html replacing the content with my website. As an example, I select the text My website on the dark web works! and test the function in the Tor browser.
[ (M)Eine Website im Darknet hosten (Juli 2022) – blog.resch.cloud ]

Step 19 – Ghost Theme

Install Node.js (is it possible without it?)
Install Ghost CLI
[ How to install & setup Ghost on Ubuntu 20.04 or 22.04 ]

Orientation, but with errors in the video.

Video: Create Your Own Dark Web Website - Invidious
Eigene Webseite im Darkweb hosten mit Raspberry Pi [Anleitung auf Deutsch] - Invidious

Further orientations:

Self host your own website - 4rkal
Setup a tor website (hidden service) - 4rkal
Hosting Anonymous Website on Tor Network | by Abed Samhuri | Axon Technologies | Medium
(M)Eine Website im Darknet hosten (Juli 2022) – blog.resch.cloud
How to Host a Site on the Dark Web | by Jason Rigden | Medium
How to Host a Website on the Dark Web | by Frost | CyberScribers | Medium

Errors that happen:

https://blog.resch.cloud/meine-website-im-darknet-hosten-der-erste-treib

TheOrangeExcavator · March 4, 2024, 12:55pm

Ghost CMD (Ghost Blog) with only tor access.

You have to create a config under /etc/nginx/sites-available.

server {
    listen 80;
    server_name XXX.onion;

     location / {
         proxy_set_header X-Forwarded-Proto https;
         proxy_pass http://127.0.0.1:2368/;
     }
}

Of course, you first have to generate an onion address.
To do this, make an entry under /etc/tor in the torrc file.

HiddenServiceDir /var/lib/tor/yourserviecname/
HiddenServiceVersion 3
HiddenServicePort 80
HiddenServicePort 443

When you go to the site using the Tor Browser, you also want to see the suggestion that there is an onion site for it. To do this you have to set a normal SSL entry here. (Optional):

# Tor Alt-Svc header add_header Alt-Svc 'hs="XXX.onion:443";ma=86400;persist=1';
# Tor onion header add_header Onion-Location http://XXX.onion$request_uri;

Ghost can then be installed.

Currently with me.

Ghost is running, Tor is running, ngninx is running and accessible, node.js is running.
Ports are enabled in the firewall. However, I still can’t reach the onion page and the localhost page. Although everything should fit.

I’ll keep looking for the error.
But the above part might help some people.

If I manage to get everything done.
I will write instructions on how to do this and post it here.

TheOrangeExcavator · March 5, 2024, 1:29pm

I suspect that my UniFi Dream machine is using the ports. I’ll try and test it today. If that’s the case… I’ll change the ports in the protocol.

To check whether these ports are occupied, you can use netstat command in the command line.

Open the command line
Enter the following command to check if port 80 is in use: netstat -ano | find “80” or sudo ss -ltn | grep ':80 ’
Repeat the process for port 443: netstat -ano | find “443” or sudo ss -ltn | grep ':443 ’

When a process uses these ports, the process ID (PID) is displayed. If nothing is displayed, it means the port is free.

Will remove the UniFi soon. Open source should be prioritized more… A change has to happen. It remains exciting.

TheOrangeExcavator · March 6, 2024, 11:03am

I tested ports last night. She was really used. I have now changed it and changed everything. Everything works… But localhost and onion cannot be reached. It’s crazy… We’re not giving up.

I got an anonymous server from Server Guru and will give it a try. If it works there. Then it’s my firewall. Although the ports are released and everything should fit and run in the UniFi. Will report again. It still remains exciting.

At least it works:

Ghost (Running) (Not reachable via Onion-Address/localhost)
Node.js (Running)
Ngnix (Running) (can even be reached via address)
MySQL (Running)

TheOrangeExcavator · March 7, 2024, 7:56am

It seems that the favicon favicon.ico was giving a problem and that was a problem with…

To solve the problem I need to make sure the favicon exists in the current directory or provide the correct path to the favicon. Here use the ls command to list the files in the current directory and check if the favicon exists there.

If the favicon is in a different location, specify the full path to the favicon when you run the sudo cp command:

Example:
sudo cp /path/to/your/favicon.ico /var/www/html/

Replace the /path/to/your/favicon.ico with the actual path to the favicon.

To find it quickly use:
sudo find / -name “*.ico”

This command searches for files with the “.ico” extension across the entire file system. Once you find the path to the favicon, remember that path.
Copy the favicon: Use the sudo cp command to copy the favicon to the destination directory /var/www/html/. Replace path/to/your/favicon.ico with the actual path to the favicon that you found in the previous step:
sudo cp /path/to/your/favicon.ico /var/www/html/

So now I get the following under my localhost:

502 Bad Gateway
nginx/1.18.0 (Ubuntu)

I’m glad that I can still see the site now. Even if with an error message.

Now I found out that Node.js is not properly coordinated - main file. I haven’t found the problem yet. Anyone who continues to do so on the weekend.