PHP Laravel Deployment as a Tor Hidden Service

Configure Laravel to generate correct URLs for the .onion address. Set APP_URL=http://youronionaddress.onion in the .env file. In config/app.php, ensure url is set from the APP_URL environment variable. Since all Tor connections arrive from 127.0.0.1 (the Tor daemon proxy), configure trusted proxies in app/Http/Middleware/TrustProxies.php to trust all proxies (class TrustProxies extends Middleware { protected $proxies = '*'; }). This allows Laravel to correctly determine client connection properties when all connections appear to arrive from localhost.

Laravel's session driver can optionally bind sessions to IP addresses (encrypt_cookies option and session IP validation). Disable IP-based session validation for .onion deployments since all clients appear from 127.0.0.1 - IP binding would make all sessions collide. In config/session.php, ensure lottery-based session invalidation is not based on client IP. Use the database or Redis session driver rather than file sessions for better performance and easier session management. Configure SESSION_SECURE_COOKIE=false for HTTP-only .onion deployments (Tor provides transport security without HTTPS).

Laravel's queue system processes background jobs (email sending, notifications, image processing). For .onion deployments, outbound email is a major concern - if the mail server is configured to use an external SMTP relay, it will make outbound connections that could reveal the server's real IP. Configure mail to use a local Postfix server that routes through Tor SOCKS: postfix with socks4a://127.0.0.1:9050 proxy configuration for all outbound SMTP. Alternatively, disable all outbound email in .onion deployments and replace with onion-native notification mechanisms. Queue workers run as separate processes - ensure they do not make unproxied outbound connections in any job processing logic.

Configure Nginx to serve the Laravel public/ directory through the Tor hidden service. Bind Nginx to listen on 127.0.0.1:8080. Set the root to /var/www/laravel/public. Enable PHP-FPM processing with fastcgi_pass 127.0.0.1:9000. Configure try_files $uri $uri/ /index.php?$query_string for Laravel's front controller pattern. Set fastcgi_param HTTPS off (since .onion uses HTTP) and fastcgi_param SERVER_NAME to the .onion address for correct URL generation in Laravel. The Tor hidden service configuration points port 80 to 127.0.0.1:8080.

Laravel's performance on .onion services benefits significantly from caching. Enable Laravel's route caching (php artisan route:cache), configuration caching (php artisan config:cache), and view caching (php artisan view:cache) to reduce PHP processing overhead per request. Configure Redis as the cache driver (CACHE_DRIVER=redis in .env) for the performance advantages of in-memory caching. Use Laravel's eager loading for database queries (with() calls in Eloquent) to avoid N+1 query problems that compound Tor latency. Enable OPcache in PHP configuration for bytecode caching. Set appropriate cache TTLs for rate limiting, sessions, and application caches to reduce database load.