tor hidden #4

Supports: focal bionic xenial trusty


Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.

This charm publishes Juju services as Tor hidden services.

This instance of Tor does not operate as a relay, to avoid leaking information that could reveal the location of the hidden service, see


tor-hidden implements the http interface with a reverseproxy endpoint. Relating to a website endpoint will publish that website as a Tor hidden service.

For security reasons, this instance of Tor does not operate as a relay.


Deploying your own hidden website using the apache2 charm

Turn that website:

$ juju deploy apache2

into a hidden website:

$ juju deploy local:focal/tor-hidden
$ juju add-relation apache2:website tor-hidden:reverseproxy

The hidden service hostname will be visible via juju status

$ juju status | grep \.onion
tor-hidden/0*  active    idle   1           tor service ready: service apache2 running on wl2f5pijubf33mjb.onio


This charm was built from tor-layers.


Use at your own risk and peril.

This charm makes it easy to deploy a hidden service and attempts to do it well, but it is no substitute for the flawless execution of operational security needed to host things anonymously.

Know your threat model. Know and understand your potential exposure. Any activity in your private service that correlates with external activity (network traffic, resource consumption) reveals the true network location of your deployment over time.


Copyright 2015, 2016 Casey Marshall.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.


(string) Tor bridges to connect through, of the form "<addr> <fingerprint>", comma separated.
(string) Space separated list of extra deb packages to install.
(string) List of signing keys for install_sources package sources, per charmhelpers standard format (a yaml list of strings encoded as a string). The keys should be the full ASCII armoured GPG public keys. While GPG key ids are also supported and looked up on a keyserver, operators should be aware that this mechanism is insecure. null can be used if a standard package signing key is used that will already be installed on the machine, and for PPA sources where the package signing key is securely retrieved from Launchpad.
(string) List of extra apt sources, per charm-helpers standard format (a yaml list of strings encoded as a string). Each source may be either a line that can be added directly to sources.list(5), or in the form ppa:<user>/<ppa-name> for adding Personal Package Archives, or a distribution component to enable.
(string) The status of service-affecting packages will be set to this value in the dpkg database. Valid values are "install" and "hold".
(int) SOCKS5 proxy port