Bridge survival guide

SSH fingerprints:

  • 2048 SHA256:bP9tfPeIqkZkeKK1wcNT5t3CLyePz8oglFLRcdlP+gQ root@node (RSA)
  • 1024 SHA256:ji5FxcUh6gjLj7RHl6ffHTRMW62Gp+8ZmGoL0p5nVl0 root@node (DSA)
  • 256 SHA256:rl1WUhqOk3D2h2hwcK4x2HRPcnowUJuKnxQXYXOCXuk root@node (ED25519)

Upgrading snowflake-server. You need to give the new binary permission to bind ports 443 and 80. This cheat sheet is also commented in /etc/tor/torrc.

  1. service tor stop
  2. install --owner root ~/new-server /usr/local/bin/snowflake-server
  3. setcap 'cap_net_bind_service=+ep' /usr/local/bin/snowflake-server
  4. service tor start

Check /var/log/syslog and /var/log/tor/snowflake-server.log for error messages. If snowflake-server.log shows bind: permission denied, ensure that you have run the setcap command, and that the NoNewPrivileges=no configuration from AntiCensorshipTeam/SnowflakeBridgeInstallationGuide is in place.

Standalone proxy-go instances

The standalone proxy-go instances are managed by runit. You can see a list of possible instances under /etc/service. They are set up to periodically restart themselves in case of a hang.

        sv status snowflake-proxy-standalone-17h        # check status
        sv start snowflake-proxy-standalone-17h  # start
        sv stop snowflake-proxy-standalone-17h   # stop
        ps xww | grep runsvdir  # check for error in the run script

Logs are stored in /home/snowflake-proxy/*.log.d. Adding a new instance:

        cd /etc/runit
        mkdir -p my-instance/log
        cat > my-instance/run <<EOF
exec chpst -u snowflake-proxy timeout 17h /usr/local/bin/proxy-go -broker 2>&1
        cat > my-instance/log/run <<EOF
exec chpst -u snowflake-proxy svlogd /home/snowflake-proxy/my-instance.log.d
        chmod +x my-instance/run my-instance/log/run
        cd /etc/service
        ln -s /etc/runit/my-instance/
        mkdir /home/snowflake-proxy/my-instance.log.d
        chown snowflake-proxy:nogroup /home/snowflake-proxy/my-instance.log.d
        sv start my-instance

Firewall configuration is in /etc/ferm/ferm.conf. Run service ferm restart after making changes.

Last modified 8 months ago Last modified on Feb 27, 2020, 5:43:45 PM