What is best Practices for Hosting Tor Onion Hidden Service?

I want to host Tor onion hidden service, I want to know what is the best technique to host it, can someone helps me with the below questions

What is the best server operating system for hosting Tor onion hidden service ( Debian - Fedora - Ubuntu - Red Hat Linux - Gentoo - SUSE Linux - Ipredia OS - Black Arch Linux - Discreete Linux - Linux Kodachi - Parrot Security OS - Mofo Linux - Subgraph OS - TrueOS - FreeBSD - OpenBSD - Qubes-Whonix)

Can Qubes-Whonix use it as server OS for hosting Tor onion hidden service?

Is Whonix mandatory for anonymity and privacy or can I just use any other Linux distribution?

If Whonix Mandatory for anonymity and privacy which approach below should I use to host tor onion hidden service?

1)Linux with VirtualBox
3)Linux with KVM

Is it safe to use a VPN like NordVPN with TOR for more anonymity and privacy or just Tor?

Is mini pc like intel nuc or kingdel good for being used as server machine for hosting Tor onion hidden service? what is hardware System Requirements (CPU & GPU & Ram)?

What can I do in PHP or Laravel framework configuration to ensure it is anonymous and compatible with tor and don’t exploit anything to show identity and to be anonymous and safe?

All best practices we’re aware off are documented or at least mentioned here:

Since this is a Whonix forum, the answer will be Whonix-Workstation:

If you mean through a remote server (VPS or root server): currently usability for this is still very lacking at time of writing.

  • SSH into Qubes dom0 is hard
  • no CLI version
  • no documentation on how to use with CLI on a remote server as far as I am aware off

Define mandatory.

Biggest advantage is that server software running inside Whonix-Workstation cannot find out its real, external IP address. Therefore the server software cannot leak it.


If going for performance KVM can’t be beat.

Depends on how much traffic you intend on receiving.

PHP = goodbye security. As a matter of fact, server webapps are not that hardened in general.

If whatever you are hosting is static content I would upload it to Freenet over Tor and pass on onions as the opportunity for attack is extremely limited by an adversary (only possible during the time the content was originally uploaded) and there is no way they can compromise the site unless they break the crypto key used to sign the pages. However an onion is a sitting duck for the whole time it is online and is vulnerable to DDoS and being taken over. You can also communicate on Freenet’s distributed FMS forums system if you want something more interactive.

Thanks alot @Patrick and @HulaHoop.

My web site is dynamic using Laravel and MySQL, i ask if is there any changes and configuration can i made in Larabel framework and PHP to improve the scurity of Laravel & PHP before upload it or can you give me hint or link to help me.

Can you recommend me the best brand for mini pc (Intel NUC, Kingdel, HP, Lenovo) or something else oe all are same?
is Intel i7 and 16 GB Ram and 250 GB SSD will be good?

What about Qubes-Whonix is it good for Server OS or it shouden’t use as Server OS it is Desktop OS?
If i use Linux with VirtualBox will be good for anonymity and security and performance?

Can any of you guggest me the best linux distribution system to host Whonix on it (Debian, Fedora, Ubuntu, etc…)?

Is Nginx good web server for security or lighttpd or apache?

Many Thanks to @Patrick and @HulaHoop for your support. I appraiate it.

There are some dedicated server hardening projects and forums you can read up on for tips. OWASP, openwall lists an so on.

Intel anything is not recommended.Their CPUs have more bugs than average and the fixes are destroying performance.

Xen (which is what powers Qubes) is used in some cloud centers and is therefore also OK for the usecase. VBox is neither performant nor secure.

Debian if you want the most stable option and widest possible free support options.


[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]