Unspecific to KVM.
All documentation we have on the Onion Services - Whonix for now is:
OnionBalance [archive] can help to prevent de-anonymization of an onion service by protecting it from becoming unavailable through denial of service attacks (DDOS). OnionBalance is mentioned in the security readme [archive] by vanguards author and Tor developer Mike Perry where he discusses attacks against onion services and defenses. OnionBalance [archive] is now available for onion v3 services [18], see: Cooking with Onions: Reclaiming the Onionbalance [archive].
Vanguards protect against guard discovery and related traffic analysis attacks and is installed by default in Whonix ™. [19] See Vanguards for further information.
High Traffic Onion Service Scalability Performance
Although mostly focused on non-anonymous onion services, the tor-dev mailing list discussion onionbalance useful on same server / for high-spec non-location hidden servers? [archive] contains interesting information on scalability and performance of high traffic onion services. The tor-dev mailing list [archive] (sign-up [archive]) is considered a useful resource for technical information since they are receptive to genuine inquiries.
Not even using onionbalance for whonix.org yet.
Mostly undocumented.
Should that change, the wiki page Onion Services - Whonix will be updated.
Interesting!
I would guess so.
Forum / server software ought to run inside Whonix-Workstation.
It’s difficult enough to load balance anything. More difficult for dynamic content such as forums. It’s highly web application specific - unrelated to Whonix. How do you even load balance discourse or phpBB on clearnet… Without knowing this even in theory, I wouldn’t attempt to introduce another layer of complexity, namely Tor onion services.
I guess a realistic path forward might be 1 centralized web server for the webapps(s) (forum) and then onionbalance only to work around the onion connection layer bottleneck.