I'm working with some journalists who'd like to have a safe work environment using TOR.
It is possible to do it in 2 ways with the help of Opnsense.
First is using the transparent-proxy option and have a webserver behind it running TOR as well.
Second is using the hidden-service option and behind it just the webserver.
The first option would also allow to have all their wifi/networking behind TOR, but I do not know whether it would hurt the performance of the webserver much having to go through TOR twice.
The second option would be the "standard" solution but it would also mean having TOR setup on all their devices seperatly, or using a second router as a transparent TOR proxy.
Does anyone know if the first option would be useable performance wise?