Setting up a Tor Relay on a Solar VPS
This guide is being written for someone who knows their way around Linux/Unix and is comfortable with the responsibility of running their own server. Running this configuration should cost you about $5/month. If you're not comfortable setting up your own server then donating that $5 to other Tor relay operators is still helpful.
Open the following pages up for reference. Ideally you should read through them before beginning.
- My First 5 Minutes On A Server; Or, Essential Security for Linux Servers
- Running a 1 MB/s Tor Relay on Linode
- Tor Exit Full Setup
- Configuring a Tor relay on Debian/Ubuntu
- How to Run a Secure Tor Server
- Tor Exit Guidelines
- The Legal FAQ for Tor Relay Operators
- Tips for Running an Exit Node with Minimal Harassment
I'm not going to present much if any new information in this guide. Mainly I'm putting it together while I follow all of these guides myself.
- make a new 0.5GB pod with Ubuntu 13.04 (the latest they offer, we'll upgrade it shortly)
- Once it's created follow the notification to reset the root password
- Add a DNS A record for your new node. I use
torrelay1, torrelay2 ....
- IMPORTANT: Contact Solar and tell them you plan to run a tor relay. They're currently OK with this and will appreciate the heads up.
- ssh into your new vps as root
sudo sed -i -e 's/archive.ubuntu.com\|security.ubuntu.com/old-releases.ubuntu.com/g' /etc/apt/sources.list-- This make is possible to upgrade to 13.10 since 13.04 is at EOL.
apt-get update && sudo apt-get dist-upgrade
do-release-upgrade -dand answer
yto the questions. The upgrade can take quite awhile to complete. The last step is to reboot.
You'll now be upgraded to Ubuntu 13.10. Now do the following to upgrade to 14.04.
do-release-upgrade -d. Answer
yto all of the questions EXCEPT the question about disabling root access - we'll do that later.
Now you'll follow the Ubuntu directions for upgrading to 14.10.
Securing your server
- Follow the instructions at My First 5 Minutes On A Server; Or, Essential Security for Linux Servers to get yourself a secure foundation to begin.
Other Server Configuration
sudo dpkg-reconfigure tzdataand set your local timezone.
sudo hostnamectl set-hostname hostname.your_domain.comto set your hostname
sudo apt-get install unboundthen
sudo nano /etc/resolv.confand add
nameserver 127.0.0.1to the top.
- I'm going to paraphrase from the Tor instructions
- find your ubuntu version codename by running
lsb_release -c. For Ubuntu 14.10 it's
deb http://deb.torproject.org/torproject.org utopic mainto
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
sudo apt-get update
sudo apt-get install tor tor-arm
Configuring Tor as a non-exit relay
/etc/tor/torrcand make the following changes
ORPort 443 # We pick 443 because other ports might be blocked in censored countries Address hostname.your_domain.com Nickname somenickname AccountingStart month 1 00:00 AccountingMax 2000 GBytes ContactInfo Your Name <contact@your_domain.com> ExitPolicy reject *:* DirPort 80 DirPortFrontPage /etc/tor/tor-exit-notice.html
cp /usr/share/doc/tor/tor-exit-notice.html /etc/tor/tor-exit-notice.html
service tor restartand ensure there are no errors
/var/lib/tor/fingerprintto a secure location. You'll need this key if you want to set up the same node on a new server.
Configuring your relay as an exit node
You should fully understand the implications of running an exit node before doing so. Read Tips for Running an Exit Node with Minimal Harassment before proceeding.
To become an exit node you simply need to change your
ExitPolicy. Take a look at the recommended Reduced Exit Policy and add that to
/etc/tor/torrc in place of
ExitPolicy reject *:*.
Mirroring a website via a tor hidden service.
- Sign up for the tor-announce and tor-relays mailing lists.
sudo -u debian-tor armto get a nice console for your relay