Changes between Version 68 and Version 69 of TorRelayGuide

Dec 18, 2017, 4:40:17 PM (14 months ago)

copyediting first few paragraphs, adding section "using this guide", separated into parts 1-3


  • TorRelayGuide

    v68 v69  
    44= The Ultimate Guide to Running a Relay =
    6 == Why run a Tor relay? ==
    8 If you are looking at this guide you probably already know what Tor is and maybe used Tor Browser as well and appreciate its privacy properties.
     6This guide is for people who probably already know what Tor is, likely have used Tor Browser as well, and are looking to support the Tor network by running a relay.
     8== Using this guide ==
     10This guide includes the best practices that are essential for healthy Tor relays. We've included technical steps, legal considerations, and information about running relays with others. Part one
     12== Part one: Deciding to run a relay ==
     13=== Why run a Tor relay? ===
    1015By running a Tor relay you can help make the Tor network:
    1419* safer for its users (spying on more relays is harder than on a few)
    16 == Types of relays in the Tor network ==
     21=== Types of relays in the Tor network ===
    1823All relays are important, but they have different technical requirements and legal implications. Understanding the different kinds of relays is the first step to learning which one is right for you.
    20 === Guard/middle (aka non-exit) relay
     25==== Guard/middle (aka non-exit) relay
    2227A guard is the first relay in the chain of 3 relays building a Tor circuit. A middle relay is neither a guard nor an exit, but acts as the second hop between the two. To become a guard relay, a relay has to be stable and fast (at least 2MByte/s) otherwise it will remain a middle relay.  Non-exit relays can function as either a guard or a middle relay for different users.
    2631A non-exit Tor relay requires minimal maintenance efforts and bandwidth usage can be highly customized in Tors' configuration (will be covered in more detail later in this guide). The so called "exit policy" of the relay decides if it is a relay allowing clients to exit or not. A non-exit relay does not allow exiting in its exit policy.
    28 === Exit relay ===
     33==== Exit relay ====
    3035The exit relay is the final relay in a Tor circuit, the one that sends traffic out its destination. The services Tor clients are connecting to (website, chat service, email provider, etc) will see the IP address of the exit relay instead of their real IP address of the Tor user. Exit relays have the greatest legal exposure and liability of all the relays. For example, if a user downloads copyrighted material while using your exit relay, you the operator may receive a [ DMCA notice]. Any abuse complaints about the exit will go directly to you (via your hoster, depending on the WHOIS records). Generally, most complaints can be handled pretty easily through template letters, which we'll discuss more in the section below. Because of the legal exposure that comes with running an exit relay, **you should not run a Tor exit relay from your home**. Ideal exit relay operators are affiliated with some institution, like a university, a library, a hackerspace or a privacy related organization. An institution can not only provide greater bandwidth for the exit, but is better positioned to handle abuse complaints or the rare law enforcement inquiry.
    32 === Bridge ===
     37If you are considering running an exit relay, please read the section on legal considerations for exit relay operators: [[OperatorsTips/Legalconsiderationsforexitrelayoperators]].
     39==== Bridge ====
    3340The design of the Tor network means that the IP address of Tor relays is public. However, one of the ways Tor can be blocked by governments or ISPs is by blacklisting the IP addresses of these public Tor nodes. Tor Bridges are nodes in the network that are not listed in the public Tor directory, which make it harder for ISPs and governments to block them. Bridges are useful for Tor users under oppressive regimes, and for people who want an extra layer of security because they're worried somebody will recognize that they are contacting a public Tor relay IP address. Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges. Pluggable transports (, a special kind of bridge, address this by adding an additional layer of obfuscation.
    3542Bridges are relatively easy, low-risk and low bandwidth Tor nodes to operate, but they have a big impact on users. A bridge isn't likely to receive any abuse complaints, and since bridges are not listed in the public consensus, they are unlikely to be blocked by popular services. Bridges are a great option if you can only run a Tor node from your home network, have only one static IP, and don't have a huge amount of bandwidth to donate -- we recommend giving your bridge at least 1Mbit/sec.
    37 == Relay Requirements ==
     44=== Relay Requirements ===
    3845Requirements for Tor relays depend on the type of relay and the bandwidth they provide.
    40 === Bandwidth
     47==== Bandwidth
    4148A relay should be able to handle at least 6k concurrent connections (exit relays even more). This can overwhelm some consumer-level routers.
    4855Note: That is only about 1 day worth of traffic on a 10MBit/s (Mbps) connection. More (>2 TB/month) is better and recommended.
    50 === Memory Requirements
     57==== Memory Requirements
    5259* A <50MBit/s non-exit relay should have at least 512 MB of RAM available.
    5360* A > 50MBit/s non-exit relay should have at least 1GB of RAM.
    55 === CPU
     62==== CPU
    5764Any modern CPU should be fine. It is recommended to use CPUs with AESNI support (that will improve performance). [[BR]]
    6067Hardware support first started about 2008.
    62 === Uptime
     69==== Uptime
    6471Tor has no hard uptime requirement but if your relay is not running for more than 2 hours a day its usefulness is limited. Ideally the relay runs on a server which runs 24/7. Reboots and Tor daemon restarts are fine.
    66 == Considerations when choosing a hosting provider
     73== Part two: technical setup
     75=== Considerations when choosing a hosting provider
    6877If you have access to a high speed internet connection (>=100MBit/s in both directions) and a physical piece of computer hardware, this is the best way to run a relay. Having full control over the hardware and connection gives you a more controllable and (if done correctly) secure environment. You can host your own physical hardware at home or in a data center. Sometimes this is referred to as installing the relay on "bare metal".
    7685* How well connected is the autonomous system of the hoster?
    78 === For Exit Relays
     87==== For Exit Relays
    8089* Does the hoster allow Tor exit relays?
    8291* Does the hoster allow you to set a custom DNS reverse entry? (PTR)
    84 === AS/location diversity
     93==== AS/location diversity
    8695When selecting your hosting provider, consider network diversity on an autonomous system (AS) and country level. A more diverse network is more resilient to attacks and outages.
    98107 *
    100 === Choosing an Operating System
     109==== Choosing an Operating System
    102111We recommend you use the operating system you are most familiar with. Since most of the relay run on Debian and we want to avoid a monoculture BSD based relays are preferred. The drawback with BSD based relays is that they do not support automatic updates for installed packages.
    104113TODO: add OS comparison table
    106 == OS Level Configuration
     115=== OS Level Configuration
    108117OS configuration is outside the scope of this guide but the following points are crucial for a Tor relay, so we want to mention them here nonetheless.
    110 === Time Synchronization (NTP)
     119==== Time Synchronization (NTP)
    112121Correct time settings are crucial for Tor relays. We recommend you use NTP or openntpd (or similar) for time synchronization and ensure your timezone is set correctly.
    114 === Automatic Software Updates
     123==== Automatic Software Updates
    116125* [[OperatorsTips/RPMUpdates]] - Keeping your relay software up to date with RPM-based distributions (RedHat, Fedora, CentOS, etc.)
    122 == Tor Relay Setup: Installation and Configuration  ==
     131=== Tor Relay Setup: Installation and Configuration  ===
    124133This section covers the installation and configuration of the program required to run a Tor relay, it is split in multiple sub-chapters, jump to your operating system to find out how to install a Tor relay on your platform. For some operating systems also alpha packages (tor versions with new features not deemed to be stable yet) are available. They are only recommended for people actively testing bleeding edge Tor releases/features eager to report bugs. If you are looking to run a relay with minimal effort we recommend you stick to stable releases.
    136145The installation commands are shown in code blocks, it needs to be executed with root privileges.
    138 === Configuration Management
     147==== Configuration Management
    140149Tor does not scale well on multi-core machines. If you run a Tor relay on a server with a fast Internet uplink (>200 MBit/s) you might want to consider running multiple Tor instances on a single server. Note: You can only run two Tor relays per public IPv4 address.
    147156* TODO Puppet
    149 === CentOS/RHEL ===
     158==== CentOS/RHEL ====
    151160To install the "tor" package on CentOS/RHEL, you need to install the [ EPEL] repository first:
    183 === Debian/Ubuntu ===
     192==== Debian/Ubuntu ====
    184193'''Automatic Configuration'''
    225 === Fedora
     234==== Fedora
    246 === FreeBSD ===
     255==== FreeBSD ====
    247256Install the "tor" package:
    277 === HardenedBSD ===
     286==== HardenedBSD ====
    278287Install the "tor" package:
    306 === openSUSE
     315==== openSUSE
    308317Install the "tor" package:
    328 == Exit Relay Configuration
     337=== Exit Relay Configuration
    330339The sample configuration above configures a non-exit relay.
    334343Here are some more tips for running an exit relay with minimal difficulty:
    336 === DNS on Exit Relays
    338 ==  Tor relay lifecycle
     345==== DNS on Exit Relays
     347===  Tor relay lifecycle
    340349It takes some time for the traffic directed to new guard/middle relay to ramp up. To understand this process, read about the lifecycle of a new relay:
    342 == Maintaining a relay
    343 === System Health Monitoring
     351=== Maintaining a relay
     352==== System Health Monitoring
    344353* Bandwidth
    345354* Memory
    365374Note: do not make your munin graphs public since this could help attackers with deanonymizing tor users.
    367 === Setting up outage notifications
    368 ===  Relay Search ===
    369 === tor-relays mailing list ===
     376==== Setting up outage notifications
     377====  Relay Search ====
     378==== tor-relays mailing list ====
    370379[placed under "additional resources" but it can be expanded/moved]
    371 == Legal considerations (for exit relay operators)
     381== Part three: legal info, social info, and more resources
     382=== Legal considerations (for exit relay operators)
    373384Relay operators should understand the potential risks associated with running a relay. For the majority of operators in most countries, bridges and guard/middle relays are very low risk. Exits are the ones that present some legal concerns, but operators under most circumstances will be able to handle legal matters by having an abuse response letter, running the exit from a location that isn't their home, and reading through some of the legal resources that Tor-supportive lawyers have put together.
    375 === Legal resources
     386==== Legal resources
    377388The EFF Tor Legal FAQ ( answers many common questions about relay operation and the law. We also like Noisebridge's wiki for additional legal resources:  In general it's a good idea to consult with a lawyer before deciding to operate an exit relay, especially if you live in a place where exit relay operators have been harassed, or if you're the only exit relay operator in your region. Get in touch with your local digital rights organization to see if they have recommendations about legal assistance, and if you're not sure what organizations are working in your region, write to EFF and see if they can help connect you:
    379 === Responding to abuse complaints ===
     390==== Responding to abuse complaints ====
    381392Operators can put together their own abuse complaint template responses from one of many templates that Tor has created:
    386397* abuse response templates from Coldhak, an organization in Canada that runs multiple relays:,
    388 == Running a relay with other people ==
     399=== Running a relay with other people ===
    390401Running relays is more fun with other people! You can work with your university department, your employer or institution, or an organization like to run a relay.
    392 === ===
     403==== ====
    394405Torservers is an independent, global network of organizations that help the Tor network by running high bandwidth Tor relays. Becoming a Torservers partner is a good way to become more involved in the Tor relay community, and can help you connect with dedicated relay operators around the world for solidarity and support. To start a Torservers partner, the most important thing is to have a group of people (3-5 suggested to start) interested in helping with the various activities required for running relays. There should be mutual trust between the people in the group, and members should commit to running relays for the long term. If you do not know anyone in your social network interested in running relays, one place to meet people is your local hackerspace:
    398409Once you have a group and a corporation (if you are incorporating), the next step is to figure out hardware, transit, and server hosting. Depending on your location and connections within the technical community of the area, the last one may be the hardest step. Small local ISPs often have extra bandwidth, and may be interested in supporting your group with some bandwidth or rackspace. It is extremely important to maintain good relationships with these ISPs. Older server hardware can often be found on places like eBay for cheap, but be aware that cheap hardware may be cheap for a reason!
    400 === At your university ===
     411==== At your university ====
    402413Many computer science departments, university libraries, and individual students and faculty run relays from university networks. These universities include the Massachusetts Institute of Technology [MIT CSAIL], Boston University, the University of Waterloo, the University of Washington, Northeastern University, Karlstad University, Universitaet Stuttgart, and Friedrich-Alexander University Erlangen-Nuremberg. To learn more about how to get support for a relay on your university's network, check out EFF's resources:
    404415[should we include a long list of all the universities running relays? is that too hard to maintain?]
    406 === At your company or organization ===
     417==== At your company or organization ====
    408419[this section needs work. maybe it should merge with the above section? either way, resources on *how* to do this (eg making the argument for it) are necessary here]
    420431Inteligente runs a middle relay (both non-profits).
    422 == todos
     433=== todos
    423434* [[OperatorsTips/DebianUbuntuConfiguringYourTorRelay]]
    424435* [Automatic configuration script: ​ Please add more documentation on this]
    428439* change 10MBit/s to "recommended" bandwidth and set a "required" bandwidth lower (2Mbit/s?)
    430 == More resources ==
     441=== More resources ===
    431442Congratulations, you're officially a Tor relay operator! What now?