Tor Relay on Solar VPS w/ Ubuntu. Includes optional exit relay setup.

tor_relay_on_solar_vps.md

Setting up a Tor Relay on a Solar VPS (OUTDATED)

Please take extra care when following these instructions. They're outdated and may not reflect best practices any longer

This guide is being written for someone who knows their way around Linux/Unix and is comfortable with the responsibility of running their own server. Running this configuration should cost you about $5/month. If you're not comfortable setting up your own server then donating that $5 to other Tor relay operators is still helpful.

Open the following pages up for reference. Ideally you should read through them before beginning.

• My First 5 Minutes On A Server; Or, Essential Security for Linux Servers
• Running a 1 MB/s Tor Relay on Linode
• Tor Exit Full Setup
• Configuring a Tor relay on Debian/Ubuntu
• How to Run a Secure Tor Server
• Tor Exit Guidelines
• The Legal FAQ for Tor Relay Operators
• Tips for Running an Exit Node with Minimal Harassment

I'm not going to present much if any new information in this guide. Mainly I'm putting it together while I follow all of these guides myself.

Solar VPS

• make a new 0.5GB pod with Ubuntu 13.04 (the latest they offer, we'll upgrade it shortly)
• Once it's created follow the notification to reset the root password
• Add a DNS A record for your new node. I use torrelay1, torrelay2 ....
• IMPORTANT: Contact Solar and tell them you plan to run a tor relay. They're currently OK with this and will appreciate the heads up.

Upgrading Ubuntu

• ssh into your new vps as root
• sudo sed -i -e 's/archive.ubuntu.com\|security.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list -- This make is possible to upgrade to 13.10 since 13.04 is at EOL.
• apt-get update && sudo apt-get dist-upgrade
• do-release-upgrade -d and answer y to the questions. The upgrade can take quite awhile to complete. The last step is to reboot.

You'll now be upgraded to Ubuntu 13.10. Now do the following to upgrade to 14.04.

• do-release-upgrade -d. Answer y to all of the questions EXCEPT the question about disabling root access - we'll do that later.

Now you'll follow the Ubuntu directions for upgrading to 14.10.

Securing your server

• Follow the instructions at My First 5 Minutes On A Server; Or, Essential Security for Linux Servers to get yourself a secure foundation to begin.

Other Server Configuration

• sudo dpkg-reconfigure tzdata and set your local timezone.
• sudo hostnamectl set-hostname hostname.your_domain.com to set your hostname
• sudo apt-get install unbound then sudo nano /etc/resolv.conf and add nameserver 127.0.0.1 to the top.

Installing Tor

• I'm going to paraphrase from the Tor instructions
• find your ubuntu version codename by running lsb_release -c. For Ubuntu 14.10 it's utopic.
• add deb http://deb.torproject.org/torproject.org utopic main to /etc/apt/sources.list
• gpg --keyserver keys.gnupg.net --recv 886DDD89
• gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
• sudo apt-get update
• sudo apt-get install tor tor-arm

Configuring Tor as a non-exit relay

• edit /etc/tor/torrc and make the following changes

ORPort 443 # We pick 443 because other ports might be blocked in censored countries
Address hostname.your_domain.com
Nickname somenickname
AccountingStart month 1 00:00
AccountingMax 2000 GBytes
ContactInfo Your Name <contact@your_domain.com>
ExitPolicy reject *:*
DirPort 80
DirPortFrontPage /etc/tor/tor-exit-notice.html
BridgeDistribution email # it could be one of https, moat, email, telegram, settings, reserved
PublishServerDescriptor 1

• cp /usr/share/doc/tor/tor-exit-notice.html /etc/tor/tor-exit-notice.html
• service tor restart and ensure there are no errors
• backup /var/lib/tor/keys/secret_id_key and /var/lib/tor/fingerprint to a secure location. You'll need this key if you want to set up the same node on a new server.

Configuring your relay as an exit node

You should fully understand the implications of running an exit node before doing so. Read Tips for Running an Exit Node with Minimal Harassment before proceeding.

To become an exit node you simply need to change your ExitPolicy. Take a look at the recommended Reduced Exit Policy and add that to /etc/tor/torrc in place of ExitPolicy reject *:*.

Mirroring a website via a tor hidden service.

Final tasks

• Sign up for the tor-announce and tor-relays mailing lists.
• run sudo -u debian-tor arm to get a nice console for your relay

After your relay has been up for more than a day

• Check out your stats on Globe
• Sign up for Tor Weather so you're notified if the relay goes down.

Please update or delete these gits. This configuration is not up-to-date for a public relay and set up your relay as a private one.

@M-Razavi do you have a link to a more up-to-date guide I can replace this with?

I've checked, but even in the official document https://community.torproject.org/relay/setup/bridge/debian-ubuntu/ it didn't mention some of the parameters.
You need to add these two lines to the tor config:

BridgeDistribution email # it could be one of https, moat, email, telegram, settings, reserved
PublishServerDescriptor 1

@M-Razavi I added the lines you suggested as well as a caveat at the top