The New Guide to Running a Tor Relay

by nusenu-torblog | February 8, 2018

[Update] The Tor Relay Guide is now living in the new Community portal. Did you find a mistake or want to help improving the website? Let us know. Please file your suggestions on GitLab.

Have we told you lately how much we love our relay operators? Relays are the backbone of the Tor network, providing strength and bandwidth for our millions of users worldwide. Without the thousands of fast, reliable relays in the network, Tor wouldn't exist.

Have you considered running a relay, but didn't know where to start? Perhaps you're just looking for a way to help Tor, but you've always thought that running a relay was too complicated or technical for you and the documentation seemed daunting.

We're here to tell you that you can become one of the many thousands of relay operators powering the Tor network, if you have some basic command-line experience.

We've created The Tor Relay Guide to:

  • grow the Tor network
  • demystify relay operation for newcomers
  • organize important relay resources in one place
  • encourage everyone who reads it to support the Tor network by setting up their own relay
  • make the Tor network more robust (example: To reduce the overall fraction of outdated relays, we added instructions for enabling automatic updates.)
  • emphasize diversity on network and OS level (Most of the Tor network runs on Linux, so we emphasize OS-level diversity and encourage people who can to run BSD-based OSes.)

The guide is split into 3 parts:

  1. Deciding to run a Tor relay
  2. Technical setup
    In this section we cover installation steps for the following operating systems:
    • FreeBSD/HardenedBSD
    • Debian/Ubuntu
    • CentOS/RHEL
    • Fedora
    • openSUSE
  3. Legal info, social info, and more resources
<MEDIA>@https://media.torproject.org

We've made the guide read-only in order to maintain quality control over the content. This guide updates and replaces existing relay documentation. Eventually, the Tor Relay Guide will become part of our future Community Portal, which will live at sgapqzbrdr.oedi.net (not available yet). In addition to the Tor Relay Guide content, the Community Portal will include information for Tor trainers, ways to get involved with the Tor community, talks and other events happening in the Tor world, and more.

If you run into technical issues while setting up your relay, please reach out to the tor-relays mailing list (subscribing is required to post to the list).

Did you find a mistake or want to help improving the guide? Let us know. Please file your suggestions on trac.torproject.org under the "Community/Relays" component.

Thank you to all who helped with this.

 

Comments

Please note that the comment area below has been archived.

February 08, 2018

Permalink

The guy that needs a lot of our applaud is nusenu who helped a lot with the guide and is always helping out on the tor-relays mailing list, thank you for your service!

February 08, 2018

Permalink

It's a hobby/c.v. tag : usa old_U style.
Running a relay with the support of an organization/firm/asso/school could be an option, a challenge ; alone it should be a suicide, a waste of time & money.
This article asks participation & effort from "users" or from a politic/social class who could change an influence. They have failed definitively _netneutrality,freedom of speech,etc._ in the usa (canada-australia-newzealand-uk). I think that they should begin to work from NYC to the others towns of the united states and build their own network for their private resident first (melting-pot) : the usa is a materialist world not an idealist one (incompatibility).

February 08, 2018

Permalink

really great guide! Thanks tor for making all of this possible without being harrassed by the deep state

February 11, 2018

Permalink

@ nusenu:

The guide is awesome, and addresses the issues raised many times here (e.g. give us a sense of the minimum useful bw needed for non-exit node) which were not IMO clearly addressed in previous guides. Also very happy to see good advice regarding improving geolocation diversity. Thank you much!

Please try to make sure this guide is very easy to find in the torproject.org homepage and that the permalink can be easily cited. (Having at trac.torproject.org seems a bit awkward, but if there is a good reason for that, I can live with it.)

Quick question:

> Any modern CPU should be fine.

Do the Meltdown/Spectre vulnerabilities pose a potential threat to Tor nodes? According to what I've read at wired.com etc, these break the low-level distinction between kernel space memory and user space memory, potentially allowing unprivileged process to directly access cryptographic keys etc held in kernel space memory. If I understand correctly, this could enable a determined attacker to read Tor traffic if they compromise enough nodes.

Further, I understand that known forensic methods are unlikely to be able to detect that information has been accessed in this way.

Further, I understand that the Intel patches which prevent speculative execution can slow down performance by 30% in such areas as cryptographic processing and data transfers over internet, which would appear to affect Tor nodes. It appears possible that some software which expects computations to be completed quickly might break due to the slowdown. I guess that most tor servers should handle an unexpected 30% slowdown, but has anyone checked?

February 11, 2018

Permalink

Many thanks to the authors of the new Guide! It clearly addresses many of the basic issues which were not clearly addressed by previous guides (e.g. minimal useful bandwidth, how to increase geolocational diversity).

Can TP please ensure that this new guide remains easy to find/cite? The URL should be put high on the landing page, I think.

Also, thanks to nusenu for diligently searching for undeclared families which might be doing something bad (e.g. attacking the Tor network as per Carnegie-Mellon/FBI). That is a very important but tricky task.

February 12, 2018

Permalink

I certainly hope that TP is not simply ignoring FBI's continuing "Going Dark" lobbying of the US Congress:

thehill.com
Week ahead: FBI, intel chiefs head to Capitol Hill
Olivia Beavers
12 Feb 2018

> The head of the FBI is expected to appear before the Senate Intelligence Committee in the coming week for a routine hearing about global threats that pose a risk to U.S. national security.

So FBI Director Wray will be there--- will Tor Project be there to defend Tor users against FBI's latest "Going Dark" demands? Cannot TP leverage its former status as a product of USG to garner a little face time before Congress, in order to present our POV?

Director Wray is likely to blame Tor for the Dec 2015 cyberattack which brought down portions of the Ukraine power grid, and to use this to argue for making strong encryption (and thus, Tor and Wikipedia) illegal. It is relevant that the US House just passed a bill funding cybersecurity cooperation between USA and Ukraine, precisely to counter the threat of cyberattacks to power grids, including those using "smart meters" which are far more vulnerable (much higher attack profile).

We need Tor Project to try to make sure that Congress understands what Tor really does and how it works. We need to make sure Congress understands that Tor is not part of the problem but rather part of the solution. If we fail to do so, we may wake up to find our doors being kicked in because we are using something we need which has been declared in dead of night to be "illegal encryption".

Neither Wray nor longtime anti-encryption hawk Manhattan DA Cy Vance (son of the former Secretary of State) are likely to mention the fact in their testimony the fact that NYPD has issued encrypted-by-default "smart phones" (iPhone 7) to its officers:

techdirt.com
Will Cy Vance's Anti-Encryption Pitch Change Now That The NYPD's Using iPhones?
from the or-will-encryption-only-be-an-option-for-the-protected-class? dept
12 Feb 2018

It seems noteworthy that two outstanding civil rights figures have died: John Perry Barlow, author of the Internet Manifesto and founder of EFF, and Asma Jahangir, who fearlessly challenged the worse abuses of the PK government (unfortunately, disappearances of students and bloggers in PK is again rising).

https://en.wikipedia.org/wiki/John_Perry_Barlow

https://en.wikipedia.org/wiki/A_Declaration_of_the_Independence_of_Cybe…

https://en.wikipedia.org/wiki/Asma_Jahangir

So if USG declares unbackdoored encryption illegal, what is our plan? Will TP renege on its vow never to introduce backdoors into Tor? Will TP be able to immediately move overseas and to continue to provide Tor to USPERs? Are TP people prepared to go underground, or will key Tor People employees quit? Or will TP simply shut down?

I hate the first and last options. Perhaps if we had an honest public discussion we could find better options.

The USA does not rule the world ! They can make Tor illegal as much as they like in their own country, it will still exist.
PGP is illegal but you can still get it easily.

February 13, 2018

Permalink

We are discussing with libraries to setup exit nodes. This needs to be extremely easy.

So can we get a live-USB where the torrc + this-is-an-exit-node.html can be edited on the USB-disk?

This way they simply need to supply an old server that can boot on USB, and set network using DHCP.

Upgrading will be similarly simple: Send them a new USB-drive. Ask them to turn off the server and change the USB-drive.

To minimize the attack surface it is fine if there are no other services accessible from the internet (e.g. no ssh).

February 14, 2018

Permalink

Here is a good story which should help any newbies understand why Tor is so urgently needed by everyone:

theatlantic.com
China's Dystopian Tech Could Be Contagious
Adam Greenfield
14 Feb 2018

February 18, 2018

Permalink

Teresa May is moving down a list, attacking successively smaller messaging platforms. When will she come to Tor Project?

theguardian.com
May calls again for tech firms to act on encrypted messaging
Focus shifts to smaller platforms that can ‘quickly become home to criminals and terrorists’
Alex Hern
25 Jan 2018

> “These companies simply cannot stand by while their platforms are used to facilitate child abuse, modern slavery or the spreading of terrorist and extremist content,” she told the audience in Davos. ... “Just as these big companies need to step up, so we also need cross-industry responses because smaller platforms can quickly become home to criminals and terrorists. We have seen that happen with Telegram. And we need to see more cooperation from smaller platforms like this,” she said.

> Despite the years of strong words, however, actions from the UK government have been rare. The Investigatory Powers Act of 2016, strongly backed by May while she was home secretary, gave the government the power to demand the removal of encryption applied to messages, but the government has yet to apply that power to any major technology firm.

TP is neither "major" nor a "firm". Nor well-funded. Is TP ready for a removal order issued by the UK government? What is the plan if you are served with one?

March 08, 2018

Permalink

Why is openvz not recommended?
It's generally cheaper than KVM VPS's.

January 19, 2019

Permalink

A stress free method of setting up a GRSEC hardened relay is here: https://www.ipfire.org/

It's maintained. Tor updates are integrated rapidly as released.

The huge spike in traffic I witnessed on 03/01/2018 suggests this box is more survivable than many...."Jus works" and takes a pounding.