Forcing .onion on Whonix.org
Consistent use of the Whonix Onion Service affords several benefits. It provides alternative end-to-end encryption which is independent from SSL certificate authorities and the mainstream Domain Name System and it also reduces the load on Tor exit nodes.
To use .onion services when browsing Whonix.org simply follow these links below to the Whonix main page, homepage, forums, download page, phabricator site, or the Whonix Debian repository. :
Once a user rule is configured (see below), no further intervention is needed to seamlessly browse the Whonix .onion addresses. Users should note that if a user rule is not configured, some resources from the clearnet Whonix.org address will be utilized when navigating to the v2 or v3 onion address. 
- The user must have Tor Browser installed, which is the default in Whonix.
- v3 onion connections require Tor v3.2 or above running in the Whonix-Gateway (
HTTPS Everywhere is a browser add-on produced as a collaboration between the Tor Project and the EFF. It uses clever technology to automatically force encrypted communications (HTTPS) on many major websites (where it is offered), preventing the user from browsing the HTTP (insecure) version. However, HTTPS Everywhere supports user rules, and it is not limited to HTTP(S). This means the user can configure it to rewrite requests from the .org extension to .onion domains instead! 
Adding User Rules
Using "HTTPSEverywhereUserRules" directory for user rules is no longer supported. HTTPSEverywhere developer jeremyn clearly stated :
HTTPSEverywhereUserRules/ is not supported with WebExtensions and won't be supported.
Now that Firefox uses WebExtensions, rules must now be added from the HTTPS-Everywhere GUI. We will use the Whonix homepage in this example. Please note that you may have to repeat the steps below for redirection of forums.
- Go to the site. (https://www.whonix.org)
- Once it has loaded, click the blue HTTPS-Everywhere icon in the upper corner of Tor Browser and select the text, "add a rule for this site".
- Click the text that says "show advanced" under the host field. You will need to edit two fields.
- Change "matching regex" from ^http:// to ^https?:// so redirects work from both HTTP and HTTPS. If this value is not changed, redirects can be broken(because the default rule set in the extension already has a rule that redirects from http).
- Change "redirect to" to the onion address you want to use. (http://dds6qkxpwdeubwucdiaord2xgbbeyds25rbsgr73tbfpqpt4a6vjwsyd.onion/)
- Click "add a new rule for this site" and refresh the page. It should now redirect automatically. Multiple rules may be needed for an address to work completely. In that case, you will need to repeat this process.
What if I made a mistake or the rule won't work?
Rules can not easily be changed from the GUI, especially in the case of a broken redirect. Furthermore user rules are stored in a sqlite3 binary file that can not be edited using a text editor. While it might be possible to edit this file, instructions to do this fall outside the scope if this wiki. Therefore it is recommended that users create periodic backups of this file so it can be restored to its previous state in the event of a broken redirect or a mistake is made. If this file is deleted it will be re-created to its defaults on the next browser start. The file is stored in: /home/user/.tb/tor-browser/Browser/TorBrowser/Data/Browser/profile.default/storage-sync.sqlite. A rule will look something like this:
A trailing comma and space as shown above will appear if there are multiple rules. As a reminder be sure to create a backup of this file before you make any changes.
Other similar rulesets - like those found on the Darkweb Everywhere github page - do not work either, since they also depend on using the "HTTPSEverywhereUserRules" directory.
The v3 onion service is only available for those running the Tor client v3.2 or higher in Whonix-Gateway (
sys-whonix)Note: Whonix maintains compatibility with both v2 and v3 onion services so users can access web resources while staying in the Tor network. However, while v2 onions services are available, users are encouraged to use v3 (next generation) onion services when visiting whonix.org. This will allow users to benefit from the many improvements over the v2 legacy system https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions, aka prop224
- The reason is mediawiki, wordpress and discourse are using the primary Whonix https domain. These webapps do not support multiple domains for the same website.
- Because of the way most popular webapps are written, they expect to be at one location, for example whonix.org/blog, and not at multiple locations. That is why this workaround is needed. https://forums.whonix.org/t/whonix-blog-inaccessible-through-hidden-service
- See details here: https://github.com/EFForg/https-everywhere/issues/14375#issuecomment-359449102
No user support in comments. See Support.
Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix, then Edit! Edits are held for moderation.
Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix is a trademark. Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix itself. (Why?)