BTCPay Server on Tor: Self-Hosted Anonymous Bitcoin Payment Processing
BTCPay Server is a self-hosted, open-source Bitcoin payment processor that eliminates third-party custodians, KYC requirements, and payment processor surveillance. Deploying BTCPay Server as a Tor hidden service creates a payment infrastructure where neither the merchant's server IP nor customer transaction endpoints are exposed. Combined with a full Bitcoin node and Lightning Network, a .onion BTCPay instance enables truly private commerce: merchants receive payments directly to their wallets without intermediaries knowing their identity, server location, or business volume. This setup is used by privacy-focused online stores, journalists accepting donations, content creators operating anonymously, and any business operating in jurisdictions where financial surveillance or sanctions create operational risk. This guide covers the complete deployment from Bitcoin full node integration through .onion configuration and Lightning Network setup.
Need this done for your project?
We implement, you ship. Async, documented, done in days.
BTCPay Server requires substantial resources for full Bitcoin node operation: minimum 4GB RAM, 4 CPU cores, 500GB SSD storage for the full blockchain (growing at ~5GB/month). The recommended installation method is BTCPay's Docker deployment script which installs Bitcoin Core, NBXplorer (wallet indexer), and the BTCPay web application. Install: git clone https://github.com/btcpayserver/btcpayserver-docker, cd btcpayserver-docker, set environment variables BTCPAY_HOST=youronion.onion and NBITCOIN_NETWORK=mainnet, then run setup.sh. The Docker Compose stack handles all service dependencies. Initial blockchain sync takes 2-5 days on first install. Use Bitcoin Core's pruning mode to reduce storage to ~10GB if a pruned node is acceptable - but Lightning requires the full UTXO set.
Tor Integration for BTCPay Hidden Service
BTCPay Server's Docker stack includes built-in Tor support. Set the environment variable BTCPAY_ADDITIONAL_HOSTS=youronion.onion and BTCPAY_TORRC_FILE with the path to custom torrc configurations before running setup. BTCPay's Tor integration automatically: creates a HiddenServiceDir for the web interface, configures port 80 mapping, and generates the .onion address. Find the generated address in /var/lib/docker/volumes/generated_tor_datadir/_data/hostname or via BTCPay's admin panel under Services. For Lightning over Tor, set LIGHTNING_ALIAS and ensure LND or c-lightning is configured to use Tor for peer connections. Bitcoin Core connects to peers over Tor by default when BTCPay's Tor integration is active, hiding the node's IP from the Bitcoin network.
Lightning Network over Tor for Private Payments
Lightning Network payments require establishing payment channels with other Lightning nodes. Operating Lightning over Tor hides your node's IP address from channel peers and the broader Lightning Network graph. Configure LND (the Lightning implementation used in BTCPay) to operate exclusively over Tor by setting tor.active=true and tor.v3=true in lnd.conf. Set externalip= to your .onion address - this is announced to the Lightning Network gossip protocol, allowing other nodes to connect to you via Tor. Opening channels requires an initial on-chain Bitcoin transaction. Manage channels through BTCPay's Lightning dashboard or the lncli command line. Use Autopilot for automatic channel opening or manually select well-connected, high-uptime nodes as channel partners.
Payment Flow and Store Configuration
Create stores in BTCPay's web interface, each with its own wallet and payment settings. Connect a hardware wallet or use BTCPay's built-in wallet (xpub import). For each store, configure payment methods (on-chain Bitcoin, Lightning, or both). Generate payment buttons and invoices from BTCPay that can be embedded in websites hosted on .onion addresses or clearnet. BTCPay supports WooCommerce, Shopify, PrestaShop, and custom integrations via its API. For anonymous merchant stores, configure the store to not collect customer emails or shipping information. Payment notifications via email can use a .onion Postfix relay or be disabled entirely. Webhooks on payment events can notify internal services on the same .onion network.
Security Hardening for .onion Payment Infrastructure
Restrict BTCPay's web interface to the .onion address only - ensure no clearnet listening ports are exposed. Configure fail2ban on the host for SSH brute force protection. Use BTCPay's Two-Factor Authentication for the admin account. Regularly back up the wallet seed phrase to offline storage - this is the critical recovery material. Bitcoin Core's wallet is distinct from BTCPay's application wallet - back up both. For Lightning, back up channel state regularly using LND's static channel backups (SCB) - stored in the BTCPay backup system. Monitor for unexpected outbound connections from the server using netstat or ss - the only outbound connections should be to Tor and to Docker's internal network. Rotate the .onion address only if necessary (changes all existing bookmarks and shared links).