1) Buy any cheap VPS.
You can find good deals on http://www.lowendbox.com/
and also check out http://www.lowendtalk.com/wiki/
with examples of some common VPS installations, such as web-server.
2) Install nginx, mysql, php or anything your website needs to run.
3) Configure your web-server to listen ONLY to 127.0.0.1:4986
server.port = 4986
server.bind = "127.0.0.1"
Now restart your webserver.
4) Install Tor.
apt-get install tor as root
sudo yum install tor
or you can find instructions here https://www.torproject.org/docs/debian.html.en
(not only for Debian)
5) Configure Tor:
HiddenServicePort 80 127.0.0.1:4986
Now restart Tor:
And your tor hidden service is now up and running.
It's *.onion address is written to this file:
Type it in your browser & go check out!
!!! Take care:
1) Since your website is running on VPS, admins of host system could probably have access to all of your files & data. By simply reading that data they can easily match you and your hidden service. Using truecrypt or EncFS greatly reduce this possibility, but it is still possible to read passphrase or unencrypted data from VPS's memory image.
A good choice is to buy physical server & use encryption on it.
Even better choice - stay yourself anonymous to your VPS provider.
Google "bitcoin vps", or use some gift-card, anonymous coupon, ask for test period or whatever. Then, never show your real IP to hoster
(create account, pay and later connect to your VPS only via Tor), use only secure protocols for that (https, ssh) and always verify signatures to avoid mitm attack of Tor exit node, that are popular.
2) Beware of web-based attacks. This is true for any website, not only hidden-one, but I'll repeat here once again: never trust user's data.
3) Limit access to your VPS from outside Tor. Configure iptables, or at least make sure you don't have Memcached listening to the whole world.