Code Control Hosting My Own Dark Web Server on a Raspberry Pi By: ek0mssavi0r.dev of churchofmalware.org In two days, I moved my code off being dependent on billion-dollar platforms and onto my own server - a Raspberry Pi tucked behind Tor. I wanted a place where takedowns, surveillance, and arbitrary rules can't erase my work. So I built my own little corner of the dark web - on a Raspberry Pi, running NGINX + Tor. It cost me nothing but time, and it now serves my files to anyone with the onion link. This is a creators manifesto. It's a hands-on walkthrough so you can do the same, whether you're hosting code, a blog, or an artist portfolio. The dark web is just a network. With Tor hidden services, you can create your own ".onion" website that exists entirely under your control, with no domain fees, no SSL cert hassle, and no middleman. Why I Did This Ownership & permanence: GitHub and mainstream hosts can remove content, suspend accounts, or be taken offline. A hidden service gives you full control of your files. Privacy & censorship resistance: Tor onion services are end-to-end encrypted, anonymous by default, and not indexed by search engines. Cost & Decentralization : No DNS fees, no SSL cert purchases, no GoDaddy upsells. If you have a Pi and a flash drive, you already have a server. Corporations control the clear net, Users control the dark web. You don't need to be a hacker. If you can run a few terminal commands, you can have your own dark web site by tonight. What You Need Raspberry Pi 5 (i used a pi 4b it was a lot of troubleshooting) running a clean install of Kali Linux (or Raspberry Pi OS). USB flash drive (to hold your site files). A stable Internet connection. read-only mount for your USB so nothing can overwrite your files. Step 1: Prepare the Pi sudo apt update && sudo apt upgrade -y shutdown -r now #restart Install NGINX and Tor sudo apt install nginx tor -y Step 2: Mount Your USB Drive Read-Only Read-only means your files can't be altered by accident or by an attacker who somehow reaches the Pi. Find the drive: lsblk Create a mountpoint sudo mkdir -p /mnt/usb Mount read-only sudo mount -o ro,uid=www-data,gid=www-data /dev/sda1 /mnt/usb Now drop your site files in `/mnt/usb` For example: `index.html` → your homepage (disclaimer, intro, etc.) `list/` → a folder of downloadable files Step 3: Configure NGINX (Tor-only) Edit the default site: sudo nano /etc/nginx/sites-enabled/default Nano will open and then paste in your server: server { listen 127.0.0.1:80 default_server; server_name localhost; root /mnt/usb; index index.html; location / { try_files $uri $uri/ /index.html; } location /list/ { alias /mnt/usb/list/; autoindex on; autoindex_exact_size off; autoindex_localtime on; } location ~ /\. { deny all; } } To save & exit, ctrl + x, then y to select yes and finally enter to leave nano: Now we enable it sudo nginx -t sudo systemctl enable nginx --now Congratulations, You now have an HTTP server, but it's only listening on localhost… Step 4: Configure Tor Hidden Service Create a hidden service directory: sudo mkdir -p /var/lib/tor/your_service sudo chown -R debian-tor:debian-tor /var/lib/tor/your_service sudo chmod 700 /var/lib/tor/your_service Edit Tor config open nano to edit: sudo nano /etc/tor/torrc Scroll all the way to the bottom and paste in: User debian-tor DataDirectory /var/lib/tor SocksPort 9050 HiddenServiceDir /var/lib/tor/your_service/ HiddenServiceVersion 3 HiddenServicePort 80 127.0.0.1:80 (If you already see - User debian-tor - in your torrc, you don't need to duplicate it) save and exit nano (ctrl+x, y, enter) Then Restart Tor: sudo systemctl restart tor@default And you made it, now just get your onion address: sudo cat /var/lib/tor/your_service/hostname Save your key and address in case you need to relocate your server and want to keep the same address. It will look like: vno7jb3h4cksmmwxat374yotss6kdzc43rcazu420y69zrjsqwnvoopp.onion/list/ hs_ed42069_secret_key This is your dark web URL. Paste it into Tor Browser and you'll see your site. Step 5: Lock It Down Bind to localhost (we already did). Your Pi does not serve anything on the open Internet. Mount USB read-only (yay, we did this too) so nothing can be altered. Don't share your onion link publicly unless you're ready for traffic. Optional: add iptables rules to control traffic (we will do this in another article) Results You now have a working onion service serving our code straight from a flash drive, on your own hardware. No domain registrar. No SSL. No corporate gatekeeper. Your little mirror sits quietly behind Tor, accessible only to those who know the link. Final Thoughts This isn't just for coders. Web designers, journalists, activists, and photographers can all use onion services to share work without a middleman. At the end of the day, an onion service is just HTTP running behind Tor - no special server stack, no SSL headaches, no DNS registration. In a time of creeping surveillance, corporate overreach, and arbitrary takedowns, publishing directly from your own hardware is an act of resistance. It's not glossy or corporate - it's small, raw, DIY, and entirely yours. For me, it means my code will never vanish at the whim of a billion-dollar platform. For you, it could mean your art, your words, or your research - preserved, unfiltered, and beyond the reach of gatekeepers. The dark web isn't some mysterious underworld; it's just another network. One you can build on. One you can own. My current mirror: fsv46pzkusigadeqaedwyteogxtyf2pvywypodxk45yc7pft4mz2jcqd.onion DISCLAIMER This guide is for educational and personal publishing purposes. Don't host illegal content - onion services are powerful tools for privacy, not crime. Stay Tuned In the next part of this series, I cover: https://medium.com/@ekoms1/code-control-part-ii-994aa3c3dc9a adding iptables rules to lock traffic down even further. and building a clean homepage template so your onion service looks less like a file dump and more like a real site. Because a server isn't just a machine. It's a statement. follow ek0ms: https://ek0mssavi0r.dev https://churchofmalware.org https://instagram.com/ekoms.is.my.savior https://github.com/ekomsSavior