Changes between Version 6 and Version 7 of TorRelayGuide


Ignore:
Timestamp:
Dec 8, 2017, 9:29:27 PM (12 months ago)
Author:
alison
Comment:

added relay config info

Legend:

Unmodified
Added
Removed
Modified
  • TorRelayGuide

    v6 v7  
    1515A guard or middle relay will also generally receive very few (near-zero) abuse complaints. This relay will be listed in the public consensus, so may be blocked by certain services that don't understand how Tor works. If you are running a relay from home and have one static IP, you may want to consider running a bridge instead so that your non-Tor traffic doesn't get blocked as though it's coming from Tor. If you have a dynamic IP or multiple static IPs, this isn't as much of an issue.
    1616
    17 It takes some time for the traffic directed to new guard/middle relay to ramp up. To understand this process, read about the [lifecycle of a new relay https://blog.torproject.org/lifecycle-new-relay].
     17It takes some time for the traffic directed to new guard/middle relay to ramp up. To understand this process, read about the lifecycle of a new relay: https://blog.torproject.org/lifecycle-new-relay.
    1818
    1919
    2020
    2121=== Bridge ===
    22 The design of the Tor network means that the identity of most Tor relays is public. However, one of the ways Tor can be blocked by governments or ISPs is by blacklisting the IP addresses of these public Tor nodes. Bridge relays are Tor relays that are not listed in the public Tor directory, which make it harder for ISPs and governments to block them. Bridges are useful for Tor users under oppressive regimes, and for people who want an extra layer of security because they're worried somebody will recognize that they are contacting a public Tor relay IP address. Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges. [https://www.torproject.org/docs/pluggable-transports.html.en ​Pluggable Transports], a special kind of bridge, address this by adding an additional layer of obfuscation.
     22The design of the Tor network means that the identity of most Tor relays is public. However, one of the ways Tor can be blocked by governments or ISPs is by blacklisting the IP addresses of these public Tor nodes. Bridge relays are Tor relays that are not listed in the public Tor directory, which make it harder for ISPs and governments to block them. Bridges are useful for Tor users under oppressive regimes, and for people who want an extra layer of security because they're worried somebody will recognize that they are contacting a public Tor relay IP address. Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges. Pluggable transports (https://www.torproject.org/docs/pluggable-transports.html.en), a special kind of bridge, address this by adding an additional layer of obfuscation.
    2323
    2424
     
    3030
    3131
    32 The exit relay is the final relay in the Tor circuit, the one that sends traffic out its destination. The service you are connecting to (website, chat service, email provider, etc) will see the IP address of the exit relay instead of your real IP address. Exit relays have the greatest legal exposure and liability of all the relays. For example, if a user downloads copyrighted material while using your exit relay, you the operator may receive a DMCA notice. Any abuse complaints about the exit will go directly to you. Generally, these complaints can be handled pretty easily through template letters, which we'll discuss more in the section below. Because of the legal exposure that comes with running an exit relay, we do not recommend running it from your home. Ideal exit relay operators are affiliated with some institution, like a university or a library. An institution can not only provide greater bandwidth for the exit, but is better positioned to handle abuse complaints or the rare law enforcement inquiry. Here are some [more tips https://blog.torproject.org/tips-running-exit-node] for running an exit relay with minimal difficulty.
     32The exit relay is the final relay in the Tor circuit, the one that sends traffic out its destination. The service you are connecting to (website, chat service, email provider, etc) will see the IP address of the exit relay instead of your real IP address. Exit relays have the greatest legal exposure and liability of all the relays. For example, if a user downloads copyrighted material while using your exit relay, you the operator may receive a DMCA notice. Any abuse complaints about the exit will go directly to you. Generally, these complaints can be handled pretty easily through template letters, which we'll discuss more in the section below. Because of the legal exposure that comes with running an exit relay, we do not recommend running it from your home. Ideal exit relay operators are affiliated with some institution, like a university or a library. An institution can not only provide greater bandwidth for the exit, but is better positioned to handle abuse complaints or the rare law enforcement inquiry. Here are some more tips for running an exit relay with minimal difficulty: https://blog.torproject.org/tips-running-exit-node
    3333
    3434== Requirements ==
    3535=== Minimal bandwidth ===
    36 == Choosing a suitable location ==
     36== Choosing a server ==
     37If you have access to a high speed internet connection and a physical piece of computer hardware, this is the best way to run a relay. Having full control over the hardware and connection gives you a more controllable and (if done correctly) secure environment. You can host your own physical hardware at home or in a data center. Sometimes this is referred to as installing the relay on "bare metal".
     38
     39If you do not own physical hardware, you could run a relay on a VPS. This can cost anywhere between $3.00/month and thousands per month, depending on your provider, hardware configuration, and bandwidth usage. Many VPS providers will not allow you to run exit relays, and some will not allow you to run relays at all. You must follow the VPS provider's terms of service, or risk having your account disabled. Not having control over the physical hardware or the host operating system, you are relying on the VPS provider to configure the host machine safely, and not over-subscribe their hardware. You are also relying on the hosting provider for physical security. For more information on ISPs and VPS providers and their policies on allowing Tor relays, please see this guide maintained by the Tor community: https://trac.torproject.org/projects/tor/wiki/doc/GoodBadISPs.
    3740== AS/location diversity ==
    3841== Installation ==
    3942=== Debian/Ubuntu ===
    40 ==== unconditionally use deb.tpo repo ====
     43==== Configuring your Tor relay on Debian/Ubuntu ====
     44* [[OperatorsTips/DebianUbuntuConfiguringYourTorRelay]]
     45
    4146==== auto update instructions (for tor package only or entire OS?) ====
    42 
    43 * [[OperatorsTips/DebianUbuntuUpdates]] - Keeping your relay software up to date with Debian/Ubuntu
     47* [[OperatorsTips/DebianUbuntuUpdates]] - Keeping your relay software up to date with Debian/Ubuntu (this is the Debian guide, which someone else flagged as too complex: https://wiki.debian.org/UnattendedUpgrades)
    4448
    4549
     
    5357=== ArchLinux ===
    5458=== FreeBSD/HardeneBSD ===
     59* https://torbsd.github.io/relay-guides.html
    5560* [[OperatorsTips/BSDUpdates]] - Keeping your relay software up to date with (FreeBSD, HardenedBSD, OpenBSD, etc.)
    5661
    5762=== OpenBSD ===
     63* https://torbsd.github.io/relay-guides.html
    5864* [[OperatorsTips/RPMUpdates]] - Keeping your relay software up to date with RPM-based distributions (RedHat, Fedora, CentOS, etc.)
    5965
     
    6571
    6672== Configuring your Tor ==
     73You'll make slight changes to the torrc file depending on what kind of relay you want to run.
     74
    6775=== guard/middle relay ===
    6876=== bridge ===
     
    7987=== Legal resources ===
    8088
    81 The [EFF Tor Legal FAQ https://www.torproject.org/eff/tor-legal-faq.html.en] answers many common questions about relay operation and the law. We also like [Noisebridge's wiki https://www.noisebridge.net/wiki/Noisebridge_Tor/FBI] for additional legal resources.  In general it's a good idea to consult with a lawyer before deciding to operate an exit relay, especially if you live in a place where exit relay operators have been harassed, or if you're the only exit relay operator in your region. Get in touch with your local digital rights organization to see if they have recommendations about legal assistance, and if you're not sure what organizations are working in your region, [write to EFF https://www.eff.org/about/contact] and see if they can help connect you.
     89The EFF Tor Legal FAQ (https://www.torproject.org/eff/tor-legal-faq.html.en) answers many common questions about relay operation and the law. We also like Noisebridge's wiki for additional legal resources: https://www.noisebridge.net/wiki/Noisebridge_Tor/FBI.  In general it's a good idea to consult with a lawyer before deciding to operate an exit relay, especially if you live in a place where exit relay operators have been harassed, or if you're the only exit relay operator in your region. Get in touch with your local digital rights organization to see if they have recommendations about legal assistance, and if you're not sure what organizations are working in your region, write to EFF and see if they can help connect you: https://www.eff.org/about/contact.
    8290
    8391=== Responding to abuse complaints ===
    8492
    85 Operators can put together their own abuse complaint template responses from one of many templates, including some that [Tor has collected https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates, one that [Boing Boing used to respond to a US federal subpoena about their exit relay https://boingboing.net/2015/08/04/what-happened-when-the-fbi-sub.html], and [these https://github.com/coldhakca/abuse-templates/blob/master/dmca.template] [two https://github.com/coldhakca/abuse-templates/blob/master/generic.template] from Coldhak, an organization in Canada that runs multiple relays.
     93Operators can put together their own abuse complaint template responses from one of many templates that Tor has created: https://trac.torproject.org/projects/tor/wiki/doc/TorAbuseTemplates.
     94
     95Other docs we like include:
     96
     97* a letter Boing Boing used to respond to a US federal subpoena about their exit relay: https://boingboing.net/2015/08/04/what-happened-when-the-fbi-sub.html
     98* abuse response templates from Coldhak, an organization in Canada that runs multiple relays: https://github.com/coldhakca/abuse-templates/blob/master/dmca.template, https://github.com/coldhakca/abuse-templates/blob/master/generic.template
    8699
    87100== Running a relay with other people ==