This is the guide to install and configure Tor for your *Linux* machine. Windows need not apply, frankyly because the tools we need do not exist. For Debian, Tor is already in the main repo. To install: sudo apt-get install tor For Ubuntu, you have to add the repo in order to install it. To do so, follow this: deb http://deb.torproject.org/torproject.org xenial main gpg --keyserver keys.gnupg.net --recv 886DDD89 gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add - apt-get update apt-get install tor deb.torproject.org-keyring This was pulled from https://www.torproject.org/docs/debian.html.en . That is the authoratative document, if there are any questions about how to install for your version. Once installed, we need to turn on the Hidden Services and configure appropriate ports for it. The config file for Tor is /etc/tor/torrc . Tor is, by default in a secure mode. Adding a Hidden Service allows your machine to be communicated with regardless the network and its location. It is essential that we only forward ports we need, and have full authentication turned on for these services. in /etc/tor/torrc, find the section commented out regarding Hidden Services, and copy/paste this block in. HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 22 127.0.0.1:22 This creates a unique key for your computer (and a new domain address in /var/lib/tor/hidden_service/hostname) and allows to remotely access your computer via SSH. These keys are a [random 16 character hash].onion . I would suggest that you do this for each computer you have, so you can log into any of your machines at any time. I would suggest a long password on your account.. Or better yet, use the SSH key method seen here: ( https://www.debian.org/devel/passwordlessssh ) If you need Node-Red also available through Tor, you need to include its ports. The default Node-Red port is 1880. This means you would add another line beneath the HiddenServicePort of the following: HiddenServicePort 1880 127.0.0.1:1880 Do note, that Node-Red has NO SECURITY by default. So if someone knows your [hash].onion address at port 1880, they have full control of your Node-Red instance. Now, to allow access to Mosquitto, a common MQTT broker (their name for an MQTT server), you will need to also add the below line to /etc/tor/torrc HiddenServicePort 8883 127.0.0.1:8883 Again, I warn that Mosquitto has NO SECURITY by default. You must configure it and turn security on in order to have a login/password on this service. If you do not, anyone who knows [hash].onion:8883 can subscribe and post data to your broker.