Code Control
Hosting My Own Dark Web Server on a Raspberry Pi
By: ek0mssavi0r.dev of churchofmalware.org
In two days, I moved my code off being dependent on billion-dollar platforms and onto my own server - a Raspberry Pi tucked behind Tor. I wanted a place where takedowns, surveillance, and arbitrary rules can't erase my work.
So I built my own little corner of the dark web - on a Raspberry Pi, running NGINX + Tor. It cost me nothing but time, and it now serves my files to anyone with the onion link.
This is a creators manifesto. It's a hands-on walkthrough so you can do the same, whether you're hosting code, a blog, or an artist portfolio. The dark web is just a network. With Tor hidden services, you can create your own ".onion" website that exists entirely under your control, with no domain fees, no SSL cert hassle, and no middleman.
Why I Did This
Ownership & permanence: GitHub and mainstream hosts can remove content, suspend accounts, or be taken offline. A hidden service gives you full control of your files.
Privacy & censorship resistance: Tor onion services are end-to-end encrypted, anonymous by default, and not indexed by search engines.
Cost & Decentralization : No DNS fees, no SSL cert purchases, no GoDaddy upsells. If you have a Pi and a flash drive, you already have a server. Corporations control the clear net, Users control the dark web.
You don't need to be a hacker. If you can run a few terminal commands, you can have your own dark web site by tonight.
What You Need
Raspberry Pi 5 (i used a pi 4b it was a lot of troubleshooting) running a clean install of Kali Linux (or Raspberry Pi OS).
USB flash drive (to hold your site files).
A stable Internet connection.
read-only mount for your USB so nothing can overwrite your files.
Step 1: Prepare the Pi
sudo apt update && sudo apt upgrade -y
shutdown -r now #restart
Install NGINX and Tor
sudo apt install nginx tor -y
Step 2: Mount Your USB Drive Read-Only
Read-only means your files can't be altered by accident or by an attacker who somehow reaches the Pi.
Find the drive:
lsblk
Create a mountpoint
sudo mkdir -p /mnt/usb
Mount read-only
sudo mount -o ro,uid=www-data,gid=www-data /dev/sda1 /mnt/usb
Now drop your site files in /mnt/usb
For example:
index.html → your homepage (disclaimer, intro, etc.)
list/ → a folder of downloadable files
Step 3: Configure NGINX (Tor-only)
Edit the default site:
sudo nano /etc/nginx/sites-enabled/default
Nano will open and then paste in your server:
server {
listen 127.0.0.1:80 default_server;
server_name localhost;
root /mnt/usb;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /list/ {
alias /mnt/usb/list/;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
location ~ /\. {
deny all;
}
}
To save & exit, ctrl + x, then y to select yes and finally enter to leave nano:
Now we enable it
sudo nginx -t
sudo systemctl enable nginx --now
Congratulations, You now have an HTTP server, but it's only listening on localhost…
Step 4: Configure Tor Hidden Service
Create a hidden service directory:
sudo mkdir -p /var/lib/tor/your_service
sudo chown -R debian-tor:debian-tor /var/lib/tor/your_service
sudo chmod 700 /var/lib/tor/your_service
Edit Tor config
open nano to edit:
sudo nano /etc/tor/torrc
Scroll all the way to the bottom and paste in:
User debian-tor
DataDirectory /var/lib/tor
SocksPort 9050
HiddenServiceDir /var/lib/tor/your_service/
HiddenServiceVersion 3
HiddenServicePort 80 127.0.0.1:80
(If you already see - User debian-tor - in your torrc, you don't need to duplicate it)
save and exit nano (ctrl+x, y, enter)
Then Restart Tor:
sudo systemctl restart tor@default
And you made it, now just get your onion address:
sudo cat /var/lib/tor/your_service/hostname
Save your key and address in case you need to relocate your server and want to keep the same address.
It will look like:
vno7jb3h4cksmmwxat374yotss6kdzc43rcazu420y69zrjsqwnvoopp.onion/list/
hs_ed42069_secret_key
This is your dark web URL. Paste it into Tor Browser and you'll see your site.
Step 5: Lock It Down
Bind to localhost (we already did). Your Pi does not serve anything on the open Internet.
Mount USB read-only (yay, we did this too) so nothing can be altered.
Don't share your onion link publicly unless you're ready for traffic.
Optional: add iptables rules to control traffic (we will do this in another article)
Results
You now have a working onion service serving our code straight from a flash drive, on your own hardware.
No domain registrar. No SSL. No corporate gatekeeper.
Your little mirror sits quietly behind Tor, accessible only to those who know the link.
Final Thoughts
This isn't just for coders. Web designers, journalists, activists, and photographers can all use onion services to share work without a middleman. At the end of the day, an onion service is just HTTP running behind Tor - no special server stack, no SSL headaches, no DNS registration.
In a time of creeping surveillance, corporate overreach, and arbitrary takedowns, publishing directly from your own hardware is an act of resistance. It's not glossy or corporate - it's small, raw, DIY, and entirely yours.
For me, it means my code will never vanish at the whim of a billion-dollar platform. For you, it could mean your art, your words, or your research - preserved, unfiltered, and beyond the reach of gatekeepers. The dark web isn't some mysterious underworld; it's just another network. One you can build on. One you can own.
My current mirror:
fsv46pzkusigadeqaedwyteogxtyf2pvywypodxk45yc7pft4mz2jcqd.onion
DISCLAIMER
This guide is for educational and personal publishing purposes. Don't host illegal content - onion services are powerful tools for privacy, not crime.
Stay Tuned
In the next part of this series, I cover:
https://medium.com/@ekoms1/code-control-part-ii-994aa3c3dc9a
adding iptables rules to lock traffic down even further.
and building a clean homepage template so your onion service looks less like a file dump and more like a real site.
Because a server isn't just a machine. It's a statement.
follow ek0ms:
https://ek0mssavi0r.dev
https://churchofmalware.org
https://instagram.com/ekoms.is.my.savior
https://github.com/ekomsSavior