Setting up your own Tor Relay

Have you ever wanted to contribute to the Tor project, but never knew how to do it? Why not running a Tor relay? The more people running relays, the faster the Tor network will be.

This short guide from the recent CryptoParty workshop helps you with launching a virtual machine and configuring it as a Tor relay.

Registering with a cloud provider

The first step is registering a user account with a cloud provider. If you have your own virtual server already, or you prefer a different server hosting provider, then skip to the next section.

#1. Click here (affiliate link) to register a new user account on Vultr

Disclosure: Get +$20 when you spend $10 and I will receive $30 for the referral. All referral bonus supports Privacy for Journalists.

vultr_main

#2. You should receive an email from Vulr. Click on the link inside to verify your email address.

#3. Link credit card or PayPal account under ‘Billing‘ from the control panel. The verification is a pre-requisite of launching virtual machines (VM).

#4. Apply a promo code under ‘Billing‘:

NGINX20 +$20.00
GIVEME10 +$10.00

Launching a virtual machine

Once you have registered and verified the user account, you can launch a virtual server for the Tor agent.

#1. Go to ‘Deploy‘ to launch a new VM

#2. Configure the VM as the following:

Server Location: <your preferred location>
Server Type: Ubuntu 16.04 x64
Server Size: 15 GB SSD for $5/mo
Additional Features: Enable IPv6
Startup Script: None
SSH Keys: None (you can add later)
Server Hostname: myrelay
Server Label: tor

#3. Click on ‘Deploy Now‘ button at the bottom to launch the VM

#4. Go to ‘Servers‘ and click on your new server to open its details

#5. Click on the eye icon in the bottom-left corner to reveal the root password

#6. Take note of your SSH login details

IP Address: <shown on the server details page>
Username: root
Password: <as shown at step #5>

Configuring the operating system

Once the VM is up and running, we need to keep everything up-to-date before we install Tor. Let’s update the system and configure auto-update, shall we?

#1. Log into your VM with SSH

#2. Upgrade the operating system

# apt-get update && apt-get dist-upgrade -y

Note: If this fails with “E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?”, it means that the packages are already updated automatically in the background. Wait a few minutes and try again.

#3. Configure auto-upgrade

# apt-get install unattended-upgrades -y
# dpkg-reconfigure –priority=low unattended-upgrades

Choose ‘Yes‘ when prompted and press ‘Enter‘ for the default settings

Install the Tor agent

Finally, we are installing the Tor agent onto the virtual machine. We prefer using the software repositories provided by the Tor project over the Ubuntu release.

#1. Add the Tor software repository to Ubuntu:

# echo ‘deb http://deb.torproject.org/torproject.org xenial main’ >> /etc/apt/sources.list.d/tor.list
# echo ‘deb-src http://deb.torproject.org/torproject.org xenial main’ >> /etc/apt/sources.list.d/tor.list

#2. Add the gpg key used to sign the packages by running the following commands at your command prompt:

# gpg –keyserver keys.gnupg.net –recv 886DDD89
# gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

#3. You can install the agent with the following commands. Choose ‘Yes‘ when prompted

# apt-get update && apt-get install tor tor-arm deb.torproject.org-keyring -y

Configuring the Tor agent as a relay

The Tor agent needs some reconfiguration before it can start serving as a middle relay.

tor_network_diagram

#1. Rename the default Tor configuration file

# mv /etc/tor/torrc /etc/tor/torrc.default

#2. Open /etc/tor/torrc with your favourite text editor and add the following:

RunAsDaemon 1
ORPort 9001

DirPort 9030
Nickname blah
AccountingMax 950 GBytes
AccountingStart month 1 00:01
ContactInfo John Doe <[email protected]>
ExitPolicy reject *:* # no exits allowed

#3. Change ‘Nickname‘ and ‘ContactInfo

Note: The email address in the ‘ContactInfo’ is public. We suggest obscuring the email addresses to avoid spam harvesting.

#4. Save the configuration file and exit the editor

#5. Start the Tor service

# systemctl stop tor
# systemctl start tor

#6. Verify if the relay is starting up correctly by monitoring the log file

# tail -f /var/log/tor/log

You should have “[notice] Bootstrapped 100%: Done” in the log file if everything is working a-okay.

#7. Confirm Tor is running with the ‘arm’ utility

# arm

You can exit the arm utility by pressing ‘q

Check out the relay on Tor Atlas

Once everything is up and running, the relay should be publicly available on Tor Atlas. This service is a global catalogue of Tor relays and exit nodes.

tor_atlas

#1. Get the Tor relay fingerprint with the following command

# cat /var/lib/tor/fingerprint

The fingerprint is the second block of long string of letters and numbers

#2. Open the following URL in your browser:

https://atlas.torproject.org/#details/<fingerprint from step #1>

Note: It may take up to 2-4 hours for your server to appear in Atlas. You should be able to find it by searching for its nickname set by the ‘Nickname’ parameter in /etc/tor/torrc

Further things to do

Congratulations, you are now a proud contributor to the Tor network! Here are a few additional things you may want to try out later:

The original guide was created for the CryptoParty Sydney Tor relay workshop. Images courtesy of Jun Seita and The Hacker News.

Gabor

Gabor Szathmari is a cybersecurity expert and digital privacy enthusiast. In his professional life, Gabor helps businesses, including many small and mid-size legal practices, with their cybersecurity challenges at Iron Bastion.