# Install Tor using the package manager available
yum install tor
# Review/modify the configuration
You can change the default port, or specify multiple IP addresses and ports for binding.
SOCKSPort 9050 # Default
SOCKSPort 10.10.1.23:9999 # Bind to specific IP/port
# Control the service using standard systemctl or service commands
service tor restart
systemctl restart tor
TestTest out your connection by setting your browser to use SOCKS5 localhost:9050 or follow the examples using cURL or Go.
Setting up Hidden Service
Hidden services are created by modifying the Tor configuration file. You need to specify how the ports are forwarded and where in the file system the hidden service information (.onion URL and private key file) should reside. Of course, the service will need write permission to the folder. By default, the permissions are set correctly for /var/lib/tor/*. You can specify var/lib/tor/AnythingYouWant and it will automatically create the folder when the service is restarted. You can have as many services as you want and you can map multiple ports for each service. See the examples below.
# Edit the config file to enter hidden service information
# Hidden service #1 is a web app that supports HTTP and HTTPS
HiddenServicePort 80 127.0.0.1:80
HiddenServicePort 443 127.0.0.1:443
# Hidden service #2 will have a different .onion URL but
# still point to this same server.
HiddenServicePort 22 127.0.0.1:22
After adding these lines to /etc/tor/torrc restart the service using service tor restart and it should create those folders and start serving requests. Make sure you keep the hidden service directories protected and backed up if you ever need to move the service to a different machine. Inside the hidden service directory will be two generated files: hostname with your .onion url, and private_key with your private RSA key.
If you have permission problems with the hidden service directory after restarting the service, try fixing it by editing the tor.service file for systemd and modifying the CapabilityBoundingSet.
# And add these two abilities:
# CAP_CHOWN CAP_DAC_OVERRIDE to CapabilityBoundingSet
# So the line looks like this:
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_CHOWN CAP_DAC_OVERRIDE
# Reload daemons
systemctl restart tor
Use journalctl to view any errors after starting the service. Type G to get to the end of the log.