wiki:doc/MacRunOnBoot

Run Tor When Mac OS X Boots

How to start Tor when your Mac boots, so that it is always running. This should also work for other Unices that use launchd .

It is called running Tor as a Dameon when you run it at boot.

Get Tor Working

Get Tor working with your preferences. You probably already have done that before you got to these steps.

See https://trac.torproject.org/projects/tor/wiki/doc/MacBuild for instructions on installing a recent tor, or building it from source.

Instructions for Obsolete Tor Manager Vidalia

Some Tor users used to use Vidalia. You can install Vidalia from source using the MacPorts tree or download an installer .

If you are installing Vidalia from Source using the MacPorts tree, you might also considering installing Tor that way as well ("sudo port install tor"). The path for will be installed to will be simpler to type than the path to Tor installed with Vidalia.

Find where your Tor Executable is

You might find it easier to find the location of your Tor executable by starting a Terminal Window and performing

ps -Ax | egrep "/tor"

Find where your Tor Executable is using Vidalia

If you are using Vidalia, you can use the Preferences menu to find where your Tor executable is.

Screencap of Vidalia showing location of Tor executable

If you are using the Tor that was installed with Vidalia the path to your Tor executable will be more complicated than the one shown above.

Add ControlSocket To Tor Config File

Add ControlSocket <path> or ControlPort <port number> to your torrc as shown in the Vidalia image below.

Once the ControlSocket or ControlPort is set up, you can use nyx to monitor tor while it's running. nyx used to be called arm.

See https://gitweb.torproject.org/nyx.git

Add "ControlSocket To Tor Config File with Vidalia

If you are using Vidalia there is a menu option for the tor control socket in the advanced options available from the Preference menu.

If Vidalia doesn't provide a default socket for you as circled in the image above, type the name of one in in your data directory (also circled).

Verify the torrc file is still valid

Create another Terminal window.

Verify your tor configuration file is valid. It is much easier to find errors now than when trying to launch Tor as a dameon (though the errors will be available in /var/log/system/log then). You can skip this step if all the changes have been made using Vidalia preference settings rather than editing the torrc directly.

Change /opt/local/bin to the path of your Tor executable and /opt/local/etc/tor/torrc to the path of your Tor configuration file.

unix prompt$/opt/local/bin/tor  --verify-config -f  /opt/local/etc/tor/torrc 
Sep 25 09:18:40.680 [notice] Tor v0.2.2.32 (git-877e17749725ab88). This is experimental software. Do not rely on it for strong anonymity. (Running on Darwin x86_64)
Sep 25 09:18:40.681 [notice] Your ContactInfo config option is not set. Please consider setting it, so we can contact you if your server is misconfigured or something else goes wrong.
Configuration was valid

Start a tail on the system log

This will help debugging if anything goes wrong or you make a typographical error. In your terminal window,

cd /var/log
tail -f system.log

Install the "plist" file

This is the file that will instruct the operating system to launch Tor on boot.

Download the the file org.torproject.tor.plist attached to this page to your /Library/LaunchDaemons folder. Be careful not to change the name of this file.

Edit the file with TextEdit or your favourite editor. You must carefully:

  • replace "/opt/local/bin/tor" to the path to your Tor executable.
  • replace "/opt/local/etc/tor/" with the path to your Tor Data Directory, which contains the torrc configuration file (a previous step showed how to find this path).
  • change the key right below user name from doug to your own login.
  • review the ExitTimeOut, Nice, and NumberOfFiles settings based on your needs.
  • if any of the optional keys aren't implemented in your version of launchd, please remove them. The essential keys are Label, ProgramArguments, UserName, and RunAtLoad/KeepAlive or the equivalent for your launchd version.

Here is what the file contents look like.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>Label</key>
	<string>org.torproject.tor</string>
	<key>ProgramArguments</key>
	<array>
        <!-- Replace /opt/local/bin/tor with your tor binary path -->
	<string>/opt/local/bin/tor</string>
	<string>-f</string>
        <!-- Replace /opt/local/etc/tor/ with your tor data directory path  -->
	<string>/opt/local/etc/tor/torrc</string>
	</array>
        <!-- Replace /opt/local/etc/tor/ with your tor data directory path  -->
	<key>StandardOutPath</key>
	<string>/opt/local/etc/tor/stdout.log</string>
        <!-- Replace /opt/local/etc/tor/ with your tor data directory path  -->
	<key>StandardErrorPath</key>
	<string>/opt/local/etc/tor/stderr.log</string>
        <!-- Replace doug with your short OS X username -->
	<key>UserName</key>
	<string>doug</string>
        <!-- How long OS X will give tor to shut down connections before restarting it. Decrease for faster reboots, increase to allow users to find other relays. -->
	<key>ExitTimeOut</key>
	<integer>60</integer>
        <!-- How much CPU priority tor will get, from 20 (low) to -20 (high) -->
	<key>Nice</key>
	<integer>15</integer>
	<key>HardResourceLimits</key>
	<dict>
        <!-- How many connections tor can make, for a relay, this should be at least the number of relays in the network, or around 8000 -->
        <!-- You may also need to add "kern.maxfiles=20480" to /etc/sysctl.conf -->
	<key>NumberOfFiles</key>
	<integer>10240</integer>
	</dict>
	<key>RunAtLoad</key>
	<true/>
	<key>KeepAlive</key>                                                          
	<true/>
	<key>ProcessType</key>
	<string>Background</string>
	<key>LowPriorityIO</key>
	<true/>
        <!-- If any keys are not implemented in your version of OS X, please feel free to delete them -->
</dict>
</plist>

Try it out

Exit Vidalia if you're using it.

Start a second Terminal window. The sudo commands will challenge you for an administrator password.

sudo launchctl load /Library/LaunchDaemons/org.torproject.tor.plist 
sudo launchctl start org.torproject.tor.plist 

Keep your eye on the second terminal window. You should see whether Tor launched successfully or not.

If you need to edit the plist file, then you will have to reload it.

sudo launchctl unload /Library/LaunchDaemons/org.torproject.tor.plist 
sudo launchctl load /Library/LaunchDaemons/org.torproject.tor.plist 

If you want to stop Tor

sudo launchctl stop org.torproject.tor 

To start it again

sudo launchctl start org.torproject.tor 

To verify the Tor process is running (Tor will exit rather quickly if the torrc is invalid).

ps -Ax | egrep  "/tor " 

In the terminal window, it will look something like this.

unix prompt$ ps -Ax | egrep "/tor"
30011 ??         2:22.60 /opt/local/bin/tor -f /opt/local/etc/tor/torrc
66810 ttys003    0:00.00 egrep /tor

Monitor with Nyx/Arm

Use nyx/arm to monitor tor while it's running.

nyx -i <control port number>
nyx -s <control socket path>

Monitor with Vidalia

One you know Tor is running, start Vidalia again. It should connect to the existing Tor process. You should not be challenged for a password.

Debugging

Keep an eye on /var/log/system.log.

If Tor is running after a reboot, but you see errors in the system log about access, you may need to configure your router to open the Tor ports. Vidalia may have used UPNP or something similar to open the ports on your router, but now you aren't running Vidalia when for starts.

Running as a different user

You will know if you have the necessary unix admin skills to set this up. You will have to configure Tor to use a network socket rather than a unix domain socket for Tor control - the Tor executable will not allow you to have a unix domain socket that more than one user can access.

Last modified 21 months ago Last modified on Jun 2, 2015, 9:03:11 PM

Attachments (5)

Download all attachments as: .zip