Onion hosting puts your site, app, or drop behind a .onion address on the Tor network — no public IP, no DNS, no exposed origin. Rent an anonymous VPS with full root, point your service at Tor, and pay in Monero. You don't exist. We don't ask.
Onion hosting means running a service as a Tor onion service, reachable at a .onion address instead of a public IP and a DNS name. When someone visits, Tor routes the connection through a chain of relays to a rendezvous point, so the visitor never learns your server's IP and your server never learns theirs. There is no clearnet front door to scan, geolocate, or knock over.
Underneath, an onion service is still just software on a real machine. You run a web server, an API, a chat backend, or a file drop on localhost, and you tell the Tor daemon to publish that local port as a v3 onion address. Tor handles the introduction points, the descriptor, and the cryptography; you handle the service. That split is the whole appeal — you get a globally reachable endpoint with no exposed origin, no certificate authority in the loop, and address authentication baked into the name itself.
The catch is that the anonymity of the address is only as good as the anonymity of the machine behind it. A hidden service hides your server's IP from the world, but it does nothing about the account that rented the server. If your provider knows your name, your card, and the clearnet IP you SSH in from, then the hard part of your privacy has quietly been handed to a third party. Onion hosting done properly closes that gap end to end — and that is exactly what HushVPS is built for.
A shared onion platform hands you convenience in exchange for control. Self-hosting flips that: more setup, but the keys, the software, and the data are yours.
The v3 onion key material is generated inside your VPS and never leaves it. Nobody can impersonate your address or seize it from a platform operator, because there is no platform operator holding it.
A private Nextcloud, a Matrix homeserver, a static site, an SSH endpoint, an internal dashboard, a SecureDrop-style intake — if it listens on a port, you can publish it as an onion service. No platform whitelist decides for you.
Because there is no public IP behind the service, there is nothing to port-scan, geolocate, or hit with a volumetric flood aimed at the origin. The clearnet attack surface you would normally defend simply is not there.
Onion hosting sits next to two related things worth knowing about: contributing bandwidth to the network with a VPS built for running a Tor relay, and doing your day-to-day administration privately, covered in our guide to managing your VPS entirely over Tor.
This is the shape of the process, not a copy-paste script — the exact commands and hardening steps change between Tor versions, so follow the source of truth linked below. On a HushVPS box you have full root, so every step is yours to run.
Install and bind your app to the loopback interface — for example a web server on 127.0.0.1:80. Keeping it off the public interface means it is only ever reachable through the tunnel you are about to build.
Install the Tor daemon and add a HiddenServiceDir and HiddenServicePort to your torrc, mapping the onion's port to your localhost port. Restart Tor and it generates your v3 .onion hostname and keys.
Lock down file permissions on the key directory, consider client authorization for private services, encrypt your disk, and back up the onion key somewhere safe. Lose it and the address is gone for good.
Use the authoritative, version-current instructions from the Tor Project — their onion service documentation is the reference to trust over any third-party walkthrough. We provide the anonymous machine and full root; the onion configuration lives entirely inside your VPS.
A .onion address hides your server's IP from visitors. It does nothing about the trail that leads from the server back to you. Three links have to hold, or the weakest one defines your exposure.
No KYC, no real name, no identity document. The account that owns the server never becomes a record that ties the onion service to a person. Email is optional; leave it blank and there is nothing to correlate.
Pay in XMR and no card processor writes your name into a ledger next to the box. A hidden service funded by a traceable card is only pseudonymous — the payment is the thread investigators pull first.
Administer the machine through Tor so your management sessions do not stamp your clearnet IP onto the server. Our walkthrough on managing a VPS over Tor shows the SSH-over-onion pattern.
This is the same minimisation model behind our anonymous VPS: collect nothing at signup, bill in Monero, and let you keep your identity off the wire. The onion address is the last mile; the account and the payment are the first.
Every plan runs the same anonymity posture — there is no "privacy tier." Pick the size your service needs; a small onion site is happy on Phantom, while a busy Matrix or Nextcloud wants more headroom. Prices are in USD, billed monthly, charged in Monero at checkout.
A quiet, low-cost box for a single onion site, a small drop, or a static hidden service.
The sweet spot for a real service behind Tor — a Nextcloud, a Matrix homeserver, or an app stack with headroom.
For heavier onion workloads — a busy community server, media backend, or several hidden services on one hardened host.
Our biggest ghost — for dense containers, high-traffic onion services, and anything that eats CPU and RAM for breakfast.
Want to weigh monthly against yearly, or see the full spec grid side by side? The pricing page lays every plan out in one place.
No KYC, no name, no card. The account that owns your onion service never becomes a record that can be tied back to you.
Payment confirms without a processor writing your identity to a ledger. No card trail means no thread leading from the box to a person.
The onion private key is generated and stays inside your VPS. Encrypt the disk and even our operational layer only ever sees ciphertext.
Minimisation is paired with a clear acceptable-use policy — no CSAM, malware, spam, or DDoS. Offshore-legal, not anything-goes.
Onion services are a legitimate, everyday part of the Tor network — used by newsrooms for secure tips, by messaging tools for metadata-resistant delivery, and by anyone routing around censorship or surveillance. HushVPS exists to serve those lawful uses. Our acceptable-use policy prohibits CSAM, malware and botnet command-and-control, spam operations, and DDoS, and we enforce it. Privacy is protection for people who need it — not a shield for abuse. If your hidden service falls inside the AUP, you are exactly who we built this for.
Spin up an anonymous VPS paid in Monero and publish your onion service on your own terms — or read the surrounding pieces first: the anonymity model, running a relay, and administering the box over Tor.