How to create Hidden Service on Debian

1. Update packages and install apache and tor
sudo apt-get update
sudo apt-get install -y apache2 tor
2. Limit apache to only listen to localhost over port 80
echo "Listen 127.0.0.1:80" >  /etc/apache2/ports.conf
3. Set permissions for debian-tor
vim /etc/apache2/envvars
Comment out:
#export APACHE_RUN_USER=www-data
#export APACHE_RUN_GROUP=www-data
And add:
export APACHE_RUN_USER=debian-tor
export APACHE_RUN_GROUP=debian-tor
Save (Esc :w) and quit(:q).
service apache2 stop
sudo chown -R debian-tor:debian-tor /var/{lock,log}/apache2 /var/www

4. Secure your private key
vim /etc/apache2/apache2.conf
<FilesMatch "private_key">
        Require all denied
</FilesMatch>
Save and quit.
vim /etc/apache2/conf-enabled/security.conf
ServerSignature Off
ServerTokens Prod
Save and quit.
5. Create a test page and start apache
echo "Test page" >  /var/www/index.html
service apache2 start
6. Configure tor
cat >> /etc/tor/torrc << EOF
HiddenServiceDir /var/www
HiddenServicePort 80 127.0.0.1:80
EOF
vim /etc/apparmor.d/system_tor
Add:
owner /var/www/** rwk,
Save and quit.
service apparmor restart
service tor restart
All done
You can get your domain from /var/www/hostname
cat /var/www/hostname