Forcing .onion on Whonix.org
To use .onion services when browsing Whonix ™.org simply follow these links below to the Whonix ™ main page, homepage, forums, download page, phabricator site, or the Whonix ™ Debian repository. :
- homepage [archive] onion [archive]
- wiki [archive] onion [archive]
- forums [archive] onion [archive]
- downloads [archive] onion [archive]
- phabricator [archive] onion [archive]
- debian repository [archive] onion [archive]
Once a user rule is configured (see below), no further intervention is needed to seamlessly browse the Whonix ™ .onion addresses. Users should note that if a user rule is not configured, some resources from the clearnet Whonix ™.org address will be utilized when navigating to the v2 or v3 onion address. 
- The user must have Tor Browser installed, which is the default in Whonix ™.
- v3 onion connections require Tor v3.2 or above running in the Whonix-Gateway ™ (
HTTPS Everywhere [archive] is a browser add-on produced as a collaboration between the Tor Project and the EFF [archive]. It uses clever technology to automatically force encrypted communications (HTTPS) on many major websites (where it is offered), preventing the user from browsing the HTTP (insecure) version. However, HTTPS Everywhere supports user rules, and it is not limited to HTTP(S). This means the user can configure it to rewrite requests from the .org extension to .onion domains instead! 
Adding User Rules
Using "HTTPSEverywhereUserRules" directory for user rules is no longer supported. HTTPSEverywhere developer jeremyn clearly stated :
HTTPSEverywhereUserRules/ is not supported with WebExtensions and won't be supported.
Now that Firefox uses WebExtensions, rules must now be added from the HTTPS-Everywhere GUI. We will use the Whonix ™ homepage [archive] in this example. Please note that you may have to repeat the steps below for redirection of forums [archive].
- Go to the site. (https://www.whonix.org [archive])
- Once loaded, click the blue HTTPS-Everywhere icon in the upper corner of Tor Browser and select "See more".
- Next, click on "Add a rule for this site"
- Then, click on "Show advanced" under the host field. For each user rule set two fields require editing.
- Change "matching regex" from ^http:// to ^https?:// so redirects work from both HTTP and HTTPS. If this value is not changed, redirects can be broken(because the default rule set in the extension already has a rule that redirects from http).
- Change "redirect to" to the onion address you want to use. (http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/ [archive])
- Finally, click "Add a new rule for this site" and refresh the page. If configured correctly the page should now redirect automatically. Be mindful that multiple rules may be needed for an address to work completely. In that case, you will need to repeat this process.
What if I made a mistake or the rule won't work?
Rules can not easily be changed from the GUI, especially in the case of a broken redirect. Furthermore user rules are stored in a sqlite3 binary file that can not be edited using a text editor. While it might be possible to edit this file, instructions to do this fall outside the scope if this wiki. Therefore it is recommended that users create periodic backups of this file so it can be restored to its previous state in the event of a broken redirect or a mistake is made. If this file is deleted it will be re-created to its defaults on the next browser start. The file is stored in: /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/storage-sync.sqlite. A rule will look something like this:
A trailing comma and space as shown above will appear if there are multiple rules. As a reminder be sure to create a backup of this file before you make any changes.
The v3 onion service is only available for those running the Tor client v3.2 or higher in Whonix-Gateway ™ (
- The reason is mediawiki, wordpress and discourse are using the primary Whonix ™ https domain. These webapps do not support multiple domains for the same website.
- Because of the way most popular webapps are written, they expect to be at one location, for example whonix.org/blog, and not at multiple locations. That is why this workaround is needed. https://forums.whonix.org/t/whonix-blog-inaccessible-through-hidden-service [archive]
- See details here: https://github.com/EFForg/https-everywhere/issues/14375#issuecomment-359449102 [archive]
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)