Forcing .onion on Whonix.org
|Consistent use of the Whonix Onion Service affords several benefits. It provides alternative end-to-end encryption which is independent from SSL certificate authorities, independence from the mainstream domain name system, and it also reduces the load on Tor exit nodes.|
To do this, simply follow these links below to browse the Whonix main page, homepage, forums, download page, phabricator site, or the Whonix Debian repository. :
Once a user rule is configured (see below), using Whonix .onion addresses is easy and seamless. Users should note that if a user rule is not configured, some resources from the clearnet Whonix.org address will be utilized when navigating to the v2 or v3 onion address. 
- The user must have Tor Browser installed, which is the default in Whonix.
- v3 onion connections require Tor v3.2 or above running in the Whonix-Gateway (
HTTPS Everywhere is a very clever tool created by developers at the EFF. It automatically forces encrypted communications (HTTPS) on many major websites (where it is offered), preventing the user from browsing the HTTP (insecure) version. However, HTTPS Everywhere supports user rules, and it is not limited to HTTP(S). This means the user can configure it to rewrite requests from the .org extension to .onion domains instead! 
Adding User Rules
Using "HTTPSEverywhereUserRules" directory for user rules is no longer supported. HTTPSEverywhere developer jeremyn clearly stated :
HTTPSEverywhereUserRules/ is not supported with WebExtensions and won't be supported.
Now that Firefox uses WebExtensions, rules must now be added from the HTTPS-Everywhere GUI. We will use the Whonix homepage in this example. Please note that you may have to repeat the steps below for redirection of forums.
- Go to the site. (https://www.whonix.org)
- Once it has loaded, click the blue HTTPS-Everywhere icon in the upper corner of Tor Browser and select the text, "add a rule for this site".
- Click the text that says "show advanced" under the host field. You will need to edit two fields.
- Change "matching regex" from ^http:// to ^https?:// so redirects work from both HTTP and HTTPS. If this value is not changed, redirects can be broken.
- Change "redirect to" to the onion address you want to use. (http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/)
- Click "add a new rule for this site" and refresh the page. It should now redirect automatically. Multiple rules may be needed for an address to work completely. In that case, you will need to repeat this process.
What if I made a mistake or the rule won't work?
Rules cannot be easily changed from the GUI, especially in the case of a broken redirect. You may need to edit rules manually. Rules are stored in a plaintext file in the Tor Browser profile folder, which can be either edited or deleted. If deleted, it will be created as an empty file on the next browser start. The file is stored in: /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browseremail@example.com/storage.js. A rule will look something like this:
A trailing comma and space as shown above will appear if there are multiple rules. Be sure to create a backup of this file before you make any changes.
Other similar rulesets - like those found on the Darkweb Everywhere github page - do not work either, since they also depend on using the "HTTPSEverywhereUserRules" directory.
The v3 onion service is only available for those running the Tor client v3.2 or higher in Whonix-Gateway (
Note: Whonix maintains compatibility with both v2 and v3 onion services so users can access web resources while staying in the Tor network. However, while v2 onions services are available, users are encouraged to use v3 (next generation) onion services when visiting whonix.org. This will allow users to benefit from the many improvements over the v2 legacy system https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions, aka prop224
- The reason is mediawiki, wordpress and discourse are using the primary Whonix https domain. These webapps do not support multiple domains for the same website.
- Because of the way most popular webapps are written, they expect to be at one location, for example whonix.org/blog, and not at multiple locations. That is why this workaround is needed. https://forums.whonix.org/t/whonix-blog-inaccessible-through-hidden-service
- See details here: https://github.com/EFForg/https-everywhere/issues/14375#issuecomment-359449102
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! See Conditions for Contributions to Whonix, then Edit! IP addresses are scrubbed, but editing over Tor is recommended. Edits are held for moderation.