I’m posting this in the developers section, because it’s meant to be read by developers, rather than the wider public, because the project I’m going to talk about, is in a too early stage to be interesting for most users.
I’ve written some ansible scripts meant to enable people to setup a raspberry pi as a very cheap server for hosting hidden services without too much hassle. What I have made so far, sets up a set of LXC containers, of which one acts as a proxy to the tor network, another acts as a proxy for everything regarding APT, and an arbitrary number of containers are acting as containers for hosting hidden services.
Within those containers, applications don’t know the IP of the host, and don’t have any access to the internet, but can be reached from the tor proxy, so they can host hidden services, as well use the APT tools normally, thanks to the APT proxy.
In short, this setup is meant to eliminate the risk, that an attacker can learn the IP of an hidden service due to an configuration error (like enabling modinfo.php), or manipulate a software in a way, that those software contacts something like fbi.gov from its real IP. Additionally the playbooks take measures to harden the host in many ways, but that part is not completely done yet.
I’m posting this, because I want to make you aware of my project, so that those of you, who are interested, can test my project, steal the parts, that are good, and tell me, which parts are bad or could be improved.
Finally, the link to my little project is: http://studygarden2nrpb.onion
Please use my own forum to answer.