Skip to content
🐋 Simple Docker image for Onion Hidden Service (.onion)
Dockerfile HTML Batchfile Shell
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


... or "Onion (Hidden) Service". Onser is a simple Docker image allowing you to very quickly create an Onion hidden service for the TOR network. Based on NGINX and latest Tor.


  1. Get Docker
  2. Get Tor Browser via, via email, via twitter
  3. git clone
  4. Put your files into the www folder
  5. Run the run.bat (Windows) or source (MacOS or GNU/Linux)
  6. Get your .onion address: docker exec -it $(docker ps -q) cat www/hostname
  7. Navigate to the .onion address in the Tor Browser
  8. Enjoy

Multiple services

You can use docker-compose.yml to run multiple separate onion services with multiple www folders set via build argument www_folder (similarly nginx_conf). See the default compose file.

To build and run the services you need just a single command:

docker-compose up -d

which will build the images and run the containers.

To get the .onion URLs use:

docker-compose exec one cat www/hostname
docker-compose exec two cat www/hostname
docker-compose exec three cat www/hostname

Each service has a separate volume specified in the compose file thus holds a unique private_key for the service.

To remove containers, volumes, images, networks use:

docker-compose down --volumes --rmi all

Default permissions

By default the permissions will be changed during the Docker image build this way:

  • www folder permissions to 0700 (user: rwx, group: ---, others: ---)

  • the contents of the www folder to 0644 (user: rw-, group: r--, others: r--).

Custom permissions

To modify the permissions to your liking you can use this example:

FROM keyweeusr/onser:<tag>
USER root

# folder
RUN chmod 0123 /home/onser/www

# folder + files
RUN chmod -R 0123 /home/onser/www
USER onser


Sometimes building the Docker image fails due to importing the gpg keys.

gpg: directory '/root/.gnupg' created
gpg: keybox '/root/.gnupg/pubring.kbx' created
gpg: keyserver receive failed: Cannot assign requested address


Made for educational purposes, in my free time, unrelated to any institution/company/subject/... I was or am in contact with.


Please do not use it for nasty crap and/or don't connect me with it if you do anyway.

You can’t perform that action at this time.