Webtunnel installation

Guide to install Tor Webtunnel network bridge with Docker on Linux.

WebTunnel is a pluggable transport bridge (PT) for the Tor ecosystem. It is a censorship-resistant proxy that attempts to mimic HTTPS traffic.

Steps for the installation and commissioning of a Webtunnel bridge.

  1. Prerequisites
  2. Software installation
  3. Configuration
  4. Up the Webtunnel application in a container

1. Prerequisites

  • Internet domain with its DNS enabled
  • A virtual or dedicated machine running Debian 11 or 12
  • Public IP address

2. Software installation

  • Docker CE
  • Cerbot
  • Nginx
Docker installation
sudo apt install curl

curl -fsSL https://get.docker.com -o get-docker.sh

sudo sh ./get-docker.sh

Certbot installation
sudo apt install certbot
Nginx installation
sudo apt install nginx python3-certbot-nginx

3. Configuration

  • Certificate creation
  • nginx server configuration
  • Create the .env configuration file for docker-compose.yml
Certificate creation

Before proceeding to the creation of the certificates with Certbot, it is necessary to add to the DNS of our domain the A record necessary for the domain to point to the IP address of our machine.

sudo certbot --nginx -d mydominio.org
Nginx server configuration

Configuring http forwarding for the domain in /etc/nginx/site-enabled/default

Replace $PATH with a random string generated by the following command:

echo $(cat /dev/urandom | tr -cd "qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321"|head -c 24)

Add the following configuration block to the /etc/nginx/site-enabled/default file


Dowload file docker-compose.yml

curl https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/raw/main/release/container/docker-compose.yml?inline=false > docker-compose.yml

Create the .env file in the same directory.

truncate --size 0 .env

We add the following configuration variables. This will create an environment file for the bridge configuration.

Domain or subdomain name variable. We will have to change the domain name or subdomain we have for our bridge.

echo "URL=https://domain.org/$path" >> .env

Email address variable that will be associated with our bridge.

echo "OPERATOR_EMAIL=your@email.org" >> .env

We add the name of the bridge

echo "BRIDGE_NICKNAME=WTBr$(cat /dev/urandom | tr -cd 'qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321'|head -c 10)" >> .env

We add port number

echo "GENEDORPORT=4$(cat /dev/urandom | tr -cd '0987654321'|head -c 4)" >> .env

4. Up the Webtunnel application in a container

Once we have our .env with the complete variables we start our application with docker compose. In order to run the Webtunnel application in a container inside our machine.

docker compose up -d

We can now check that our Webtunnel bridge is functioning properly.

docker compose exec webtunnel-bridge get-bridge-line.sh


Pluggable Transport based on HTTP Upgrade(HTTPT), the Tor Project

Image featured, “Tunel” by Sah Elizabeth is licensed under CC BY 2.0

HTTPT: A Probe-Resistant Proxy