content/articles/site-backend.md: add "Onion Service" section

1 files changed, 73 insertions, 0 deletions

diff --git a/content/articles/site-backend.md b/content/articles/site-backend.md
index 49f7497..af64015 100644
--- a/content/articles/site-backend.md
+++ b/content/articles/site-backend.md
@@ -296,6 +296,9 @@ redirects removed:
   # POST needed for /hooks
   Header append "Access-Control-Allow-Methods" "POST, GET, HEAD, OPTIONS"
 
+  # expose onion service
+  Header set "Onion-Location" "http://pabstordmsrzhushs5drpb5mtb2ml56iyacidsjfebl2jlss65rlbsqd.onion%{REQUEST_URI}s"
+
   # cache images, stylesheets, and javascript for 1 year
   <FilesMatch "\.(ico|jpg|jpeg|png|gif|webp|svg|js|json|css)$">
     Header set Cache-Control "max-age=31536000, public"
@@ -534,6 +537,49 @@ The generated [HTML][] has been modified to:
 
 [Download][webhook.conf]
 
+## Onion Service
+
+This site is available as an [onion service][] at the following [URL][]:
+
+[http://pabstordmsrzhushs5drpb5mtb2ml56iyacidsjfebl2jlss65rlbsqd.onion/][pabstor]
+
+Notes:
+
+- Vanity [.onion][] address generated with [mkp224o][].
+- Hosted with [Nginx][] instead of [Apache][].
+- Public site sets [Onion-Location][] response header.
+
+[Nginx][] configuration:
+
+```nginx
+server {
+  listen unix:/var/run/tor/pabstor.sock;
+  server_name pabstordmsrzhushs5drpb5mtb2ml56iyacidsjfebl2jlss65rlbsqd.onion;
+  root /store/www/pabstordmsrzhushs5drpb5mtb2ml56iyacidsjfebl2jlss65rlbsqd.onion/htdocs;
+  index index.html;
+  access_log /var/log/nginx/pabstor-access.log;
+
+  # enable compression, compress common types
+  gzip on;
+  gzip_types text/html text/plain text/xml text/css text/javascript application/x-javascript text/csv application/json text/json image/svg+xml;
+}
+```
+
+[Download][pabstor.conf]
+
+[Tor][] configuration:
+
+```ini
+HiddenServiceDir /var/lib/tor/pabstor/
+HiddenServicePort 80 unix:/var/run/tor/pabstor.sock
+```
+
+References:
+
+- [Set up Your Onion Service][onion-service-setup]
+- [Vanity .onion addresses][vanity-onion-address]
+- [Onion-Location][]
+
 ## Validation
 
 I periodically use the following tools to verify this site:
@@ -596,6 +642,7 @@ published.
 - 2025-03-31: Update wording to reflect the following changes: default to dark mode and remove [`prefers-color-scheme`][prefers-color-scheme] detection.
 - 2025-04-26: Document [PNG][] [favicon][].
 - 2025-05-12: Document [htmltest][] and [goaccess][].
+- 2025-05-18: Add [Onion Service](#onion-service "Onion Service") section.
 
 [s-hugo-configuration]: #hugo-configuration
   "Hugo Configuration"
@@ -823,3 +870,29 @@ published.
   "ICO icon file format (ICO)"
 [goaccess]: https://goaccess.io/
   "Fast, real-time web log analyzer."
+[tor]: https://torproject.org/
+  "The Onion Router"
+[onion service]: https://community.torproject.org/onion-services/
+  "Service that can only be accessed via the Tor network."
+[.onion]: https://en.wikipedia.org/wiki/.onion
+  "Top-level domain for onion services."
+[pabstor]: http://pabstordmsrzhushs5drpb5mtb2ml56iyacidsjfebl2jlss65rlbsqd.onion
+  "Onion service URL for this site."
+[nginx]: https://en.wikipedia.org/wiki/Nginx
+  "NGINX web server."
+[domain socket]: https://en.wikipedia.org/wiki/Unix_domain_socket
+  "Unix domain socket."
+[tcp port]: https://en.wikipedia.org/wiki/Transmission_Control_Protocol#TCP_ports
+  "TCP port."
+[pabstor.conf]: /files/articles/site-backend/pabstor.conf.txt
+  "Download Nginx configuration for onion service"
+[mkp224o]: https://github.com/cathugger/mkp224o/
+  "Vanity .onion address generator"
+[onion-service-setup]: https://community.torproject.org/onion-services/setup/
+  "Set up Your Onion Service"
+[vanity-onion-address]: https://community.torproject.org/onion-services/advanced/vanity-addresses/
+  "Vanity .onion address."
+[onion-location]: https://community.torproject.org/onion-services/advanced/onion-location/
+  "Onion-Location HTTP response header."
+[tor browser]: https://en.wikipedia.org/wiki/Tor_(network)#Tor_Browser
+  "Tor browser."