Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
[Draft] This document explains how to run multiple tor processes on one host.
Managing multiple Tor processes on one host
Due to Tor's internal architecture, running only one Tor process per physical
host is often not enough. As a thumb rule, you should run one Tor process per
physical CPU core to make full use of the host's CPU power. This, however
brings with it other difficulties: The tor network limits the number of Tor
relays per IP in the consensus to 2. Also, the relay nodes should be rechable
on Port 80 and 443 since those ports are often unfiltered and unblocked.
1. Preparing Your Host
This guide assumes that you have a Host with 4 CPU cores and that the IP
Addresses x.y.z.11 - x.y.z.15 are routed to it correctly.
2. Tor Configuration
Managing multiple Tor processes requires an initscript that is different from
the one distributed by Tor's Debian Package.
# cd /etc/init.d
# mv tor tor.dist
# wget -O tor
The new initscript itself requires some changes in the Tor configs. Instead
of one `torrc` file, one file called `tor<n>.cfg` is needed per process.
Feel free to use the config file provided by which you find
at as a template.
After editing the template according to your needs, copy it for each process
you want to run. The Following Attributes should be changed per process:
* ``Nickname``
* ``Address``
* ``OutboundBindAddress``
* ``ORListenAddress``
* ``DirListenAddress``
* ``DataDirectory``
* ``PidFile``
* ``Log notice file``
Make sure the locations that ``DataDirectory``, ``PidFile`` and
``Log notice file`` point to actually exist and are writable for the user running
If you don't plan on running a web server on Port 80 that forwards Directory
requests to the tor processes, you should change ``DirListenAddress`` to a publicly
reachable IP Address, and - by convention - Port 80.
3. Running Tor
# /etc/init.d/tor start # starts tor 0-3
# /etc/init.d/tor stop # stops tor 0-3
# /etc/init.d tor reload tor2 tor3
# /etc/init.d/tor stop tor1
4. Infopages
Most Tor exit relay operators consider it best practice to run a webserver on all
Exit nodes in order to facilitate Abuse handling [1]. has a special page that clearly shows that this host is an exit
relay and offers contact information in case of abuse.
HTTP Requests to a resource under ``/tor`` are reverse-proxied to the corresponding
tor process by the webserver.
The first thing to do, is, of course install the webserver:
# apt-get install lighttpd
Now you should delete the default index that comes with lighttpd and deploy your own
info page to html.
# rm /var/www/index.lighttpd.html
For reverse Proxying the requests to the Tor processes, you need to activate lighttpd's
proxy module:
# lighttpd-enable-mod proxy
Now we need to edit the proxy config file at ``/etc/lighttpd/conf-enabled/10-proxy.conf``
to contain a block like this for every Tor process:
$SERVER["socket"] == "x.y.z.<n>:80" {
$HTTP["url"] =~ "^/tor(/|$)" {
proxy.server = ( "" => ( ( "host" => "",
"port" => 903<n> ) ) )
Counterintuitively, You need to change lighttpd's bind address to localhost, the
``$SERVER["socket"]`` directive opens a port on its own.
# vi /etc/lighttpd/lighttpd.conf
server.bind = ""
One last restart of lighttpd and the Tor processes and everything should be working:
# service tor stop
# service lighttpd restart
# service tor start
5. Feedback? Questions?
If you have any questions or feedback regarding this document, feel free to contact
me via mail: johannes [at]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment