Changes between Version 68 and Version 69 of TorRelayGuide


Ignore:
Timestamp:
Dec 18, 2017, 4:40:17 PM (5 months ago)
Author:
alison
Comment:

copyediting first few paragraphs, adding section "using this guide", separated into parts 1-3

Legend:

Unmodified
Added
Removed
Modified
  • TorRelayGuide

    v68 v69  
    44= The Ultimate Guide to Running a Relay =
    55
    6 == Why run a Tor relay? ==
    7 
    8 If you are looking at this guide you probably already know what Tor is and maybe used Tor Browser as well and appreciate its privacy properties.
     6This guide is for people who probably already know what Tor is, likely have used Tor Browser as well, and are looking to support the Tor network by running a relay.
     7
     8== Using this guide ==
     9
     10This guide includes the best practices that are essential for healthy Tor relays. We've included technical steps, legal considerations, and information about running relays with others. Part one
     11
     12== Part one: Deciding to run a relay ==
     13=== Why run a Tor relay? ===
    914
    1015By running a Tor relay you can help make the Tor network:
     
    1419* safer for its users (spying on more relays is harder than on a few)
    1520
    16 == Types of relays in the Tor network ==
     21=== Types of relays in the Tor network ===
    1722
    1823All relays are important, but they have different technical requirements and legal implications. Understanding the different kinds of relays is the first step to learning which one is right for you.
    1924
    20 === Guard/middle (aka non-exit) relay
     25==== Guard/middle (aka non-exit) relay
    2126
    2227A guard is the first relay in the chain of 3 relays building a Tor circuit. A middle relay is neither a guard nor an exit, but acts as the second hop between the two. To become a guard relay, a relay has to be stable and fast (at least 2MByte/s) otherwise it will remain a middle relay.  Non-exit relays can function as either a guard or a middle relay for different users.
     
    2631A non-exit Tor relay requires minimal maintenance efforts and bandwidth usage can be highly customized in Tors' configuration (will be covered in more detail later in this guide). The so called "exit policy" of the relay decides if it is a relay allowing clients to exit or not. A non-exit relay does not allow exiting in its exit policy.
    2732
    28 === Exit relay ===
     33==== Exit relay ====
    2934
    3035The exit relay is the final relay in a Tor circuit, the one that sends traffic out its destination. The services Tor clients are connecting to (website, chat service, email provider, etc) will see the IP address of the exit relay instead of their real IP address of the Tor user. Exit relays have the greatest legal exposure and liability of all the relays. For example, if a user downloads copyrighted material while using your exit relay, you the operator may receive a [https://www.dmca.com/Solutions/view.aspx?ID=712f28a5-93f2-467b-ba92-3d58c8345a32&?ref=sol08a2 DMCA notice]. Any abuse complaints about the exit will go directly to you (via your hoster, depending on the WHOIS records). Generally, most complaints can be handled pretty easily through template letters, which we'll discuss more in the section below. Because of the legal exposure that comes with running an exit relay, **you should not run a Tor exit relay from your home**. Ideal exit relay operators are affiliated with some institution, like a university, a library, a hackerspace or a privacy related organization. An institution can not only provide greater bandwidth for the exit, but is better positioned to handle abuse complaints or the rare law enforcement inquiry.
    3136
    32 === Bridge ===
     37If you are considering running an exit relay, please read the section on legal considerations for exit relay operators: [[OperatorsTips/Legalconsiderationsforexitrelayoperators]].
     38
     39==== Bridge ====
    3340The design of the Tor network means that the IP address of Tor relays is public. However, one of the ways Tor can be blocked by governments or ISPs is by blacklisting the IP addresses of these public Tor nodes. Tor Bridges are nodes in the network that are not listed in the public Tor directory, which make it harder for ISPs and governments to block them. Bridges are useful for Tor users under oppressive regimes, and for people who want an extra layer of security because they're worried somebody will recognize that they are contacting a public Tor relay IP address. Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges. Pluggable transports (https://www.torproject.org/docs/pluggable-transports.html.en), a special kind of bridge, address this by adding an additional layer of obfuscation.
    3441
    3542Bridges are relatively easy, low-risk and low bandwidth Tor nodes to operate, but they have a big impact on users. A bridge isn't likely to receive any abuse complaints, and since bridges are not listed in the public consensus, they are unlikely to be blocked by popular services. Bridges are a great option if you can only run a Tor node from your home network, have only one static IP, and don't have a huge amount of bandwidth to donate -- we recommend giving your bridge at least 1Mbit/sec.
    3643
    37 == Relay Requirements ==
     44=== Relay Requirements ===
    3845Requirements for Tor relays depend on the type of relay and the bandwidth they provide.
    3946
    40 === Bandwidth
     47==== Bandwidth
    4148A relay should be able to handle at least 6k concurrent connections (exit relays even more). This can overwhelm some consumer-level routers.
    4249
     
    4855Note: That is only about 1 day worth of traffic on a 10MBit/s (Mbps) connection. More (>2 TB/month) is better and recommended.
    4956
    50 === Memory Requirements
     57==== Memory Requirements
    5158
    5259* A <50MBit/s non-exit relay should have at least 512 MB of RAM available.
    5360* A > 50MBit/s non-exit relay should have at least 1GB of RAM.
    5461
    55 === CPU
     62==== CPU
    5663
    5764Any modern CPU should be fine. It is recommended to use CPUs with AESNI support (that will improve performance). [[BR]]
     
    6067Hardware support first started about 2008.
    6168
    62 === Uptime
     69==== Uptime
    6370
    6471Tor has no hard uptime requirement but if your relay is not running for more than 2 hours a day its usefulness is limited. Ideally the relay runs on a server which runs 24/7. Reboots and Tor daemon restarts are fine.
    6572
    66 == Considerations when choosing a hosting provider
     73== Part two: technical setup
     74
     75=== Considerations when choosing a hosting provider
    6776
    6877If you have access to a high speed internet connection (>=100MBit/s in both directions) and a physical piece of computer hardware, this is the best way to run a relay. Having full control over the hardware and connection gives you a more controllable and (if done correctly) secure environment. You can host your own physical hardware at home or in a data center. Sometimes this is referred to as installing the relay on "bare metal".
     
    7685* How well connected is the autonomous system of the hoster?
    7786
    78 === For Exit Relays
     87==== For Exit Relays
    7988
    8089* Does the hoster allow Tor exit relays?
     
    8291* Does the hoster allow you to set a custom DNS reverse entry? (PTR)
    8392
    84 === AS/location diversity
     93==== AS/location diversity
    8594
    8695When selecting your hosting provider, consider network diversity on an autonomous system (AS) and country level. A more diverse network is more resilient to attacks and outages.
     
    98107 * https://atlas.torproject.org/#aggregate/cc
    99108
    100 === Choosing an Operating System
     109==== Choosing an Operating System
    101110
    102111We recommend you use the operating system you are most familiar with. Since most of the relay run on Debian and we want to avoid a monoculture BSD based relays are preferred. The drawback with BSD based relays is that they do not support automatic updates for installed packages.
     
    104113TODO: add OS comparison table
    105114
    106 == OS Level Configuration
     115=== OS Level Configuration
    107116
    108117OS configuration is outside the scope of this guide but the following points are crucial for a Tor relay, so we want to mention them here nonetheless.
    109118
    110 === Time Synchronization (NTP)
     119==== Time Synchronization (NTP)
    111120
    112121Correct time settings are crucial for Tor relays. We recommend you use NTP or openntpd (or similar) for time synchronization and ensure your timezone is set correctly.
    113122
    114 === Automatic Software Updates
     123==== Automatic Software Updates
    115124
    116125* [[OperatorsTips/RPMUpdates]] - Keeping your relay software up to date with RPM-based distributions (RedHat, Fedora, CentOS, etc.)
     
    120129
    121130
    122 == Tor Relay Setup: Installation and Configuration  ==
     131=== Tor Relay Setup: Installation and Configuration  ===
    123132
    124133This section covers the installation and configuration of the program required to run a Tor relay, it is split in multiple sub-chapters, jump to your operating system to find out how to install a Tor relay on your platform. For some operating systems also alpha packages (tor versions with new features not deemed to be stable yet) are available. They are only recommended for people actively testing bleeding edge Tor releases/features eager to report bugs. If you are looking to run a relay with minimal effort we recommend you stick to stable releases.
     
    136145The installation commands are shown in code blocks, it needs to be executed with root privileges.
    137146
    138 === Configuration Management
     147==== Configuration Management
    139148
    140149Tor does not scale well on multi-core machines. If you run a Tor relay on a server with a fast Internet uplink (>200 MBit/s) you might want to consider running multiple Tor instances on a single server. Note: You can only run two Tor relays per public IPv4 address.
     
    147156* TODO Puppet
    148157
    149 === CentOS/RHEL ===
     158==== CentOS/RHEL ====
    150159
    151160To install the "tor" package on CentOS/RHEL, you need to install the [https://fedoraproject.org/wiki/EPEL EPEL] repository first:
     
    181190}}}
    182191
    183 === Debian/Ubuntu ===
     192==== Debian/Ubuntu ====
    184193'''Automatic Configuration'''
    185194
     
    223232}}}
    224233
    225 === Fedora
     234==== Fedora
    226235
    227236{{{
     
    244253}}}
    245254
    246 === FreeBSD ===
     255==== FreeBSD ====
    247256Install the "tor" package:
    248257{{{
     
    275284}}}
    276285
    277 === HardenedBSD ===
     286==== HardenedBSD ====
    278287Install the "tor" package:
    279288{{{
     
    304313}}}
    305314
    306 === openSUSE
     315==== openSUSE
    307316
    308317Install the "tor" package:
     
    326335}}}
    327336
    328 == Exit Relay Configuration
     337=== Exit Relay Configuration
    329338
    330339The sample configuration above configures a non-exit relay.
     
    334343Here are some more tips for running an exit relay with minimal difficulty: https://blog.torproject.org/tips-running-exit-node
    335344
    336 === DNS on Exit Relays
    337 
    338 ==  Tor relay lifecycle
     345==== DNS on Exit Relays
     346
     347===  Tor relay lifecycle
    339348
    340349It takes some time for the traffic directed to new guard/middle relay to ramp up. To understand this process, read about the lifecycle of a new relay: https://blog.torproject.org/lifecycle-new-relay.
    341350
    342 == Maintaining a relay
    343 === System Health Monitoring
     351=== Maintaining a relay
     352==== System Health Monitoring
    344353* Bandwidth
    345354* Memory
     
    365374Note: do not make your munin graphs public since this could help attackers with deanonymizing tor users.
    366375
    367 === Setting up outage notifications
    368 ===  Relay Search ===
    369 === tor-relays mailing list ===
     376==== Setting up outage notifications
     377====  Relay Search ====
     378==== tor-relays mailing list ====
    370379[placed under "additional resources" but it can be expanded/moved]
    371 == Legal considerations (for exit relay operators)
     380
     381== Part three: legal info, social info, and more resources
     382=== Legal considerations (for exit relay operators)
    372383
    373384Relay operators should understand the potential risks associated with running a relay. For the majority of operators in most countries, bridges and guard/middle relays are very low risk. Exits are the ones that present some legal concerns, but operators under most circumstances will be able to handle legal matters by having an abuse response letter, running the exit from a location that isn't their home, and reading through some of the legal resources that Tor-supportive lawyers have put together.
    374385
    375 === Legal resources
     386==== Legal resources
    376387
    377388The EFF Tor Legal FAQ (https://www.torproject.org/eff/tor-legal-faq.html.en) answers many common questions about relay operation and the law. We also like Noisebridge's wiki for additional legal resources: https://www.noisebridge.net/wiki/Noisebridge_Tor/FBI.  In general it's a good idea to consult with a lawyer before deciding to operate an exit relay, especially if you live in a place where exit relay operators have been harassed, or if you're the only exit relay operator in your region. Get in touch with your local digital rights organization to see if they have recommendations about legal assistance, and if you're not sure what organizations are working in your region, write to EFF and see if they can help connect you: https://www.eff.org/about/contact.
    378389
    379 === Responding to abuse complaints ===
     390==== Responding to abuse complaints ====
    380391
    381392Operators can put together their own abuse complaint template responses from one of many templates that Tor has created: https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates.
     
    386397* abuse response templates from Coldhak, an organization in Canada that runs multiple relays: https://github.com/coldhakca/abuse-templates/blob/master/dmca.template, https://github.com/coldhakca/abuse-templates/blob/master/generic.template
    387398
    388 == Running a relay with other people ==
     399=== Running a relay with other people ===
    389400
    390401Running relays is more fun with other people! You can work with your university department, your employer or institution, or an organization like Torservers.net to run a relay.
    391402
    392 === Torservers.net ===
     403==== Torservers.net ====
    393404
    394405Torservers is an independent, global network of organizations that help the Tor network by running high bandwidth Tor relays. Becoming a Torservers partner is a good way to become more involved in the Tor relay community, and can help you connect with dedicated relay operators around the world for solidarity and support. To start a Torservers partner, the most important thing is to have a group of people (3-5 suggested to start) interested in helping with the various activities required for running relays. There should be mutual trust between the people in the group, and members should commit to running relays for the long term. If you do not know anyone in your social network interested in running relays, one place to meet people is your local hackerspace: https://wiki.hackerspaces.org/Hackerspaces.
     
    398409Once you have a group and a corporation (if you are incorporating), the next step is to figure out hardware, transit, and server hosting. Depending on your location and connections within the technical community of the area, the last one may be the hardest step. Small local ISPs often have extra bandwidth, and may be interested in supporting your group with some bandwidth or rackspace. It is extremely important to maintain good relationships with these ISPs. Older server hardware can often be found on places like eBay for cheap, but be aware that cheap hardware may be cheap for a reason!
    399410
    400 === At your university ===
     411==== At your university ====
    401412
    402413Many computer science departments, university libraries, and individual students and faculty run relays from university networks. These universities include the Massachusetts Institute of Technology [MIT CSAIL], Boston University, the University of Waterloo, the University of Washington, Northeastern University, Karlstad University, Universitaet Stuttgart, and Friedrich-Alexander University Erlangen-Nuremberg. To learn more about how to get support for a relay on your university's network, check out EFF's resources: https://www.eff.org/torchallenge/tor-on-campus.html.
     
    404415[should we include a long list of all the universities running relays? is that too hard to maintain?]
    405416
    406 === At your company or organization ===
     417==== At your company or organization ====
    407418
    408419[this section needs work. maybe it should merge with the above section? either way, resources on *how* to do this (eg making the argument for it) are necessary here]
     
    420431Inteligente runs a middle relay (both non-profits).
    421432
    422 == todos
     433=== todos
    423434* [[OperatorsTips/DebianUbuntuConfiguringYourTorRelay]]
    424435* [Automatic configuration script: ​https://github.com/coldhakca/tor-relay-bootstrap Please add more documentation on this]
     
    428439* change 10MBit/s to "recommended" bandwidth and set a "required" bandwidth lower (2Mbit/s?)
    429440
    430 == More resources ==
     441=== More resources ===
    431442Congratulations, you're officially a Tor relay operator! What now?
    432443