Version 6 (modified by alison, 21 months ago) (diff)

legal info

The Ultimate Guide to Running a Relay

Why run a relay?

Types of relays in the Tor network

All relays are important, but they have different technical requirements and legal implications. Understanding the different kinds of relays is the first step to learning which one is right for you.

Guard/middle relay

A guard is the first relay in a Tor circuit when the user is not using a bridge. A middle relay is neither a guard nor an exit, but acts as the middle point between the two. Non-exit relays can function as either a guard or a middle for different users.

A guard or middle relay will also generally receive very few (near-zero) abuse complaints. This relay will be listed in the public consensus, so may be blocked by certain services that don't understand how Tor works. If you are running a relay from home and have one static IP, you may want to consider running a bridge instead so that your non-Tor traffic doesn't get blocked as though it's coming from Tor. If you have a dynamic IP or multiple static IPs, this isn't as much of an issue.

It takes some time for the traffic directed to new guard/middle relay to ramp up. To understand this process, read about the [lifecycle of a new relay].


The design of the Tor network means that the identity of most Tor relays is public. However, one of the ways Tor can be blocked by governments or ISPs is by blacklisting the IP addresses of these public Tor nodes. Bridge relays are Tor relays that are not listed in the public Tor directory, which make it harder for ISPs and governments to block them. Bridges are useful for Tor users under oppressive regimes, and for people who want an extra layer of security because they're worried somebody will recognize that they are contacting a public Tor relay IP address. Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges. Pluggable Transports, a special kind of bridge, address this by adding an additional layer of obfuscation.

Bridges are relatively easy and low-risk relays to operate, but they have a big impact on users. A bridge isn't likely to receive any abuse complaints, and since bridges are not listed in the public consensus, they are unlikely to be blocked by popular services. Bridges are a great option if you can only run a relay from your home network, have only one static IP, and don't have a huge amount of bandwidth to donate -- we recommend giving your bridge at least 1Mbit/sec.

Exit relay

The exit relay is the final relay in the Tor circuit, the one that sends traffic out its destination. The service you are connecting to (website, chat service, email provider, etc) will see the IP address of the exit relay instead of your real IP address. Exit relays have the greatest legal exposure and liability of all the relays. For example, if a user downloads copyrighted material while using your exit relay, you the operator may receive a DMCA notice. Any abuse complaints about the exit will go directly to you. Generally, these complaints can be handled pretty easily through template letters, which we'll discuss more in the section below. Because of the legal exposure that comes with running an exit relay, we do not recommend running it from your home. Ideal exit relay operators are affiliated with some institution, like a university or a library. An institution can not only provide greater bandwidth for the exit, but is better positioned to handle abuse complaints or the rare law enforcement inquiry. Here are some [more tips] for running an exit relay with minimal difficulty.


Minimal bandwidth

Choosing a suitable location

AS/location diversity



unconditionally use deb.tpo repo

auto update instructions (for tor package only or entire OS?)


yum/dnf install tor

auto update instructions

  • OperatorsTips/RPMUpdates - Keeping your relay software up to date with RPM-based distributions (RedHat, Fedora, CentOS, etc.)





  • OperatorsTips/RPMUpdates - Keeping your relay software up to date with RPM-based distributions (RedHat, Fedora, CentOS, etc.)



Configuring your Tor

guard/middle relay


exit relay

DNS considerations

Maintaining a relay

Setting up outage notifications

Relay Search

tor-relays mailing list

Legal considerations

Relay operators should understand the potential risks associated with running a relay. For the majority of operators in most countries, bridges and guard/middle relays are very low risk. Exits are the ones that present some legal concerns, but operators under most circumstances will be able to handle legal matters by having an abuse response letter, running the exit from a location that isn't their home, and reading through some of the legal resources that Tor-supportive lawyers have put together.

Legal resources

The [EFF Tor Legal FAQ] answers many common questions about relay operation and the law. We also like [Noisebridge's wiki] for additional legal resources. In general it's a good idea to consult with a lawyer before deciding to operate an exit relay, especially if you live in a place where exit relay operators have been harassed, or if you're the only exit relay operator in your region. Get in touch with your local digital rights organization to see if they have recommendations about legal assistance, and if you're not sure what organizations are working in your region, [write to EFF] and see if they can help connect you.

Responding to abuse complaints

Operators can put together their own abuse complaint template responses from one of many templates, including some that [Tor has collected, one that [Boing Boing used to respond to a US federal subpoena about their exit relay], and [these] [two] from Coldhak, an organization in Canada that runs multiple relays.

Running a relay with other people

More resources