What is best Practices for Hosting Tor Onion Hidden Service?

I want to host Tor onion hidden service, I want to know what is the best technique to host it, can someone helps me with the below questions

What is the best server operating system for hosting Tor onion hidden service ( Debian - Fedora - Ubuntu - Red Hat Linux - Gentoo - SUSE Linux - Ipredia OS - Black Arch Linux - Discreete Linux - Linux Kodachi - Parrot Security OS - Mofo Linux - Subgraph OS - TrueOS - FreeBSD - OpenBSD - Qubes-Whonix)

Can Qubes-Whonix use it as server OS for hosting Tor onion hidden service?

Is Whonix mandatory for anonymity and privacy or can I just use any other Linux distribution?

If Whonix Mandatory for anonymity and privacy which approach below should I use to host tor onion hidden service?

1)Linux with VirtualBox
3)Linux with KVM

Is it safe to use a VPN like NordVPN with TOR for more anonymity and privacy or just Tor?

Is mini pc like intel nuc or kingdel good for being used as server machine for hosting Tor onion hidden service? what is hardware System Requirements (CPU & GPU & Ram)?

What can I do in PHP or Laravel framework configuration to ensure it is anonymous and compatible with tor and don’t exploit anything to show identity and to be anonymous and safe?

All best practices we’re aware off are documented or at least mentioned here:

Since this is a Whonix forum, the answer will be Whonix-Workstation:

If you mean through a remote server (VPS or root server): currently usability for this is still very lacking at time of writing.

  • SSH into Qubes dom0 is hard
  • no CLI version
  • no documentation on how to use with CLI on a remote server as far as I am aware off

Define mandatory.

Biggest advantage is that server software running inside Whonix-Workstation cannot find out its real, external IP address. Therefore the server software cannot leak it.


If going for performance KVM can’t be beat.

Depends on how much traffic you intend on receiving.

PHP = goodbye security. As a matter of fact, server webapps are not that hardened in general.

If whatever you are hosting is static content I would upload it to Freenet over Tor and pass on onions as the opportunity for attack is extremely limited by an adversary (only possible during the time the content was originally uploaded) and there is no way they can compromise the site unless they break the crypto key used to sign the pages. However an onion is a sitting duck for the whole time it is online and is vulnerable to DDoS and being taken over. You can also communicate on Freenet’s distributed FMS forums system if you want something more interactive.

Thanks alot @Patrick and @HulaHoop.

My web site is dynamic using Laravel and MySQL, i ask if is there any changes and configuration can i made in Larabel framework and PHP to improve the scurity of Laravel & PHP before upload it or can you give me hint or link to help me.

Can you recommend me the best brand for mini pc (Intel NUC, Kingdel, HP, Lenovo) or something else oe all are same?
is Intel i7 and 16 GB Ram and 250 GB SSD will be good?

What about Qubes-Whonix is it good for Server OS or it shouden’t use as Server OS it is Desktop OS?
If i use Linux with VirtualBox will be good for anonymity and security and performance?

Can any of you guggest me the best linux distribution system to host Whonix on it (Debian, Fedora, Ubuntu, etc…)?

Is Nginx good web server for security or lighttpd or apache?

Many Thanks to @Patrick and @HulaHoop for your support. I appraiate it.

There are some dedicated server hardening projects and forums you can read up on for tips. OWASP, openwall lists an so on.

Intel anything is not recommended.Their CPUs have more bugs than average and the fixes are destroying performance.

Xen (which is what powers Qubes) is used in some cloud centers and is therefore also OK for the usecase. VBox is neither performant nor secure.

Debian if you want the most stable option and widest possible free support options.


Thanks a lot @HulaHoop

Are you means i should use AMD Processors even if i use latest version of Intel?
Can you recommend me best processor from AMD or Intel can be used in server machine or suggest me mini pc that can be operate as server machine?

Sorrry, are you suggest here to use Xen or Qubes?
If i use Linux with KVM will be equivalent to (Xen or Qubes)


Really depends on prices right now and what your perf needs are. In some cases it would make sense to assemble your own than dumping a lot of cash in some OEM machine.

No I was clarifying that this is an OK choice too if you want to go that way.

You will have more hardware choice than with Xen ebcause they don;t have the resources to support every piece of hardware out there like the Linux kernel can. I’d argue better security since the Xen project is behind on getting the latest workarounds for CPU bugs and they have a two tier system for rolling out patches. Big companies have earlier access to emabargoed patches before users. Also KVM is superior performance wise.

Thanks alot @HulaHoop
I want buy fanless server machine most of them are intel, is it will be good to use it like “Intel NUC 10 Performance Kit – Intel Core i7 Processor with 16 RAM DDR4”?

Is fanless server good for hosting Tor hidden service (Linux(Debian) + KVM)?

You will have to read reviews for yourself.

I don’t see why not, if it can support your expected traffic influx.

Hello everyone,

If I summarize, the recommended and default setup for hidden services is Debian as server OS + Whonix CLI on KVM. Please correct if my assumption is wrong and there are updates.

Accordingly, the following page is relevant for the configuration, but should not be given in particular the download link for Whonix CLI instead of exclusively for Whonix XFCE at Whonix ™ for KVM?

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]