Update the obfsbridge setup instructions on the website

[asn]

​https://www.torproject.org/projects/obfsproxy-debian-instructions.html.en#instructions

As sysrqb noted, the official obfsbridge setup instructions are actually obfsproxy setup instructions which only support obfs3. The instructions should be updated to also include obfs4 which is the future PT. Then, we should also include instructions for FTE.

Furthermore, the page is missing ExtORPort auto from the sample torrc. Should we add it there? If yes, we need to make sure that all those people will have tor-0.2.5.x installed.

I hope this is not a duplicate ticket.

[yawning]

Sure, this is a good idea.

I'm not sure about how the Debian specific parts of this works, is "apt-get install obfs4proxy" sufficient (I know that both Debian's and our repo have the package)?

Basic obfs4 deployment would be something like:

SocksPort 0
ORPort 443 # or some other port if you already run a webserver/skype
BridgeRelay 1
Exitpolicy reject *:*
ExtORPort auto

## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like
#Nickname CHANGEME_1
## CHANGEME_2 -> provide some email address so we can contact you if there's a problem
#ContactInfo CHANGEME_2

ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy

(Optionally) For people that want to run both obfs3 and obfs4, the last line should read as:

ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy

I assume to avoid user confusion we should just entirely replace obfsproxy with obfs4proxy in our instructions till otherwise needed (NB: obfs4proxy packages only exist for i386/amd64 and ARM).

Would this also be the place to document how to use capabilities(7) and ServerTransportListenAddr to run the obfs4 bridge on reserved ports (eg: 443)?

Please let me know if there are any more questions.

[asn]

Replying to yawning:

Sure, this is a good idea.

I'm not sure about how the Debian specific parts of this works, is "apt-get install obfs4proxy" sufficient (I know that both Debian's and our repo have the package)?

Hm, I think you will probably want to use Tor's debian repository, since looking at:
​https://packages.debian.org/search?keywords=obfs4proxy
it seems that there is no obfs4proxy package for Debian stable.

We also need to revisit this page:
​https://www.torproject.org/projects/obfsproxy-instructions.html.en
for non-Debian instructions for obfs4proxy.

And also this page:
​https://www.torproject.org/docs/pluggable-transports.html.en
to add a "How to setup an obfsbridge" section that links to our instructions.

Basic obfs4 deployment would be something like:

SocksPort 0
ORPort 443 # or some other port if you already run a webserver/skype
BridgeRelay 1
Exitpolicy reject *:*
ExtORPort auto

## CHANGEME_1 -> provide a nickname for your bridge, can be anything you like
#Nickname CHANGEME_1
## CHANGEME_2 -> provide some email address so we can contact you if there's a problem
#ContactInfo CHANGEME_2

ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy

(Optionally) For people that want to run both obfs3 and obfs4, the last line should read as:

ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy

I assume to avoid user confusion we should just entirely replace obfsproxy with obfs4proxy in our instructions till otherwise needed (NB: obfs4proxy packages only exist for i386/amd64 and ARM).

I think that makes sense. Since obfs4proxy supports obfs3 and obfs4 we should be fine.

Would this also be the place to document how to use capabilities(7) and ServerTransportListenAddr to run the obfs4 bridge on reserved ports (eg: 443)?

Hm, maybe. But in a different section.
Or maybe put that in the wiki and link to the wiki?
Up to you.

[traumschule]

Since the ​https://www.torproject.org/projects/obfsproxy-instructions.html is gone and the other one links to wiki pages - doc/PluggableTransports/obfs4proxy and doc/PluggableTransports#BecomeaPTbridgeoperator - they can be updated there as needed.