From Telecomix Crypto Munitions Bureau
Host a tor relay with Debian
For French see Héberger un relais tor (host a TOR relay)
Considering you are here, you already know what TOR is. Else you can search on the web and find plenty of docs. there are already plenty of tutorials on how to host a TOR relay, we've done this one the shortest and the simplest as possible. Quick and easy to go! This page is for building an internal relay within the network, so you're neither an entry nor an exit point which mean your are in between two relays. (exit point can be built but might lead to problems with Internet providers who do not like TOR, an how to is https://cryptoanarchy.org/wiki/Tor_Exitnode).
I only put the lines which have to be changed. /!\ the number is the line number coming from vim, it's there for an indication, do NOT add it.
If you have not yet installed TOR you may follow these following install guidelines.
:~$ gpg --keyserver keys.gnupg.net --recv 886DDD89
:~$ gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
:~$ apt-get update
:~$ apt-get install deb.torproject.org-keyring
:~$ apt-get install tor
(more details can be seen there : https://www.torproject.org/docs/debian.html.en#ubuntu) Now TOR should be running, You can test it whlie putting your browser on 127.0.0.1:9050 and the go to https://check.torproject.org/. (If it's a dedicated server, it's normal that this doesn't work).
Then we'll edit the configuration file which is /etc/tor/torrc. I use vim, but you can use any other text editor.
:~$ vim /etc/tor/torrc
I'll let the line number to be changed /!\ to find it quicker but please make sure you don't put the number in your script.
48 RunAsDaemon 1
To start the process in the background.
83 ORPort 9001
You can use the port 443 if you don't have any HTTPS services. It permits people behind a proxy or a firewall to access TOR.
100 Nickname Put_your_relay's_name
107 RelayBandwidthRate 100 KB # Throttle traffic to 100KB/s (800Kbps) 108 RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
You can set a limit if you don't want the tor relay to use too much bandwidth.
115 ## Set a maximum of 4 gigabytes each way per period. 116 #AccountingMax 4 GB 117 ## Each period starts daily at midnight (AccountingMax is per day) 118 #AccountingStart day 00:00 119 ## Each period starts on the 3rd of the month at 15:00 (AccountingMax 120 ## is per month) 121 #AccountingStart month 3 15:00
If you want to a set a limit on the amount of data going through you relay.
126 ContactInfo Random Person <nobody AT example dot com>
Contact info to be published in the directory, so we can contact you if your relay is misconfigured or something else goes wrong. Google indexes this, so spammers might also collect it.
128 ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
You might also include your PGP or GPG fingerprint if you have one.
132 DirPort 9030 # what port to advertise for directory connections
You can use the port 80 if you don't have any HTTP services. It permits people behind a proxy or a firewall to access TOR.
175 ExitPolicy reject *:* # no exits allowed
To disallow exit.
183 #BridgeRelay 1
Uncomment this line if you want to be a bridge (Bridge relays (or "bridges" for short) are Tor relays that aren't listed in the main directory, this can be useful if your ISP doesn't like TOR).
To save the configuration file, just type
Now we're going to start TOR.
:~$ /etc/init.d/tor restart
Let's see what we have in the log
:~$ tail -f /var/log/tor/log
You should see scroll
13 Jul 05 16:39:12.000 [notice] Tor 0.2.3.18-rc (git-a2015428e4698ff9) opening log file. 14 Jul 05 16:39:12.000 [notice] Parsing GEOIP file /usr/share/tor/geoip. 15 Jul 05 16:39:12.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now. 16 Jul 05 16:39:12.000 [notice] No AES engine found; using AES_* functions. 17 Jul 05 16:39:12.000 [notice] This version of OpenSSL has a slow implementation of counter mode; not using it. 18 Jul 05 16:39:13.000 [notice] OpenSSL OpenSSL 0.9.8o 01 Jun 2010 looks like version 0.9.8m or later; I will try SSL_OP to enable renegotiation 19 Jul 05 16:39:13.000 [notice] Your Tor server's identity key fingerprint is 'spécifique à votre serveur' 20 Jul 05 16:39:14.000 [notice] Reloaded microdescriptor cache. Found 6671 descriptors. 21 Jul 05 16:39:15.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 22 Jul 05 16:39:15.000 [notice] Guessed our IP address as **.**.**.** (source: **.**.**.**). 23 Jul 05 16:39:16.000 [notice] Bootstrapped 5%: Connecting to directory server. 24 Jul 05 16:39:16.000 [notice] Heartbeat: It seems like we are not in the cached consensus. 25 Jul 05 16:39:16.000 [notice] Heartbeat: Tor's uptime is 0:00 hours, with 2 circuits open. I've sent 0 kB and received 0 kB. 26 Jul 05 16:39:16.000 [notice] Bootstrapped 10%: Finishing handshake with directory server. 27 Jul 05 16:39:16.000 [notice] We weren't able to find support for all of the TLS ciphersuites that we wanted to advertise. This won't hurt security, but it might make your Tor (if ...... 67 Jul 05 16:39:23.000 [notice] Bootstrapped 80%: Connecting to the Tor network. 68 Jul 05 16:39:24.000 [notice] Bootstrapped 85%: Finishing handshake with first hop. 69 Jul 05 16:39:25.000 [notice] Bootstrapped 90%: Establishing a Tor circuit. 70 Jul 05 16:39:26.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. 71 Jul 05 16:39:26.000 [notice] Bootstrapped 100%: Done. 72 Jul 05 16:39:26.000 [notice] Now checking whether ORPort **.**.**.**:9001 and DirPort **.**.**.**:9030 are reachable... (this may take up to 20 minutes -- look for log messages indicating success) 73 Jul 05 16:39:28.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. 74 Jul 05 16:39:28.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. 75 Jul 05 16:39:30.000 [notice] Performing bandwidth self-test...done.
It's mandatory to have this message.
73 Jul 05 16:39:28.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. 74 Jul 05 16:39:28.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
This shows that your relay works.
Later if you keep watching the log, you should should have every 6 hours a message about how much data went through your tor relay.
6 Jul 06 22:54:45.000 [notice] Heartbeat: Tor's uptime is 6:00 hours, with ** circuits open. I've sent *.** GB and received *.** GB. 7 Jul 07 04:54:45.000 [notice] Heartbeat: Tor's uptime is 12:00 hours, with **circuits open. I've sent *.** GB and received *.** GB.
(date is not the same, I had restarted my relay between).
To shut down your relay
:~$ /etc/init.d/tor stop
This will takes 30 seconds to not to break current connections, so please wait those 30 seconds.
If you have any problem, you can ask on #telecomix, #tor or on the OFTC irc #tor