Have you ever wanted to contribute to the Tor project, but never knew how to do it? Why not running a Tor relay? The more people running relays, the faster the Tor network will be.
This short guide from the recent CryptoParty workshop helps you with launching a virtual machine and configuring it as a Tor relay.
Registering with a cloud provider
The first step is registering a user account with a cloud provider. If you have your own virtual server already, or you prefer a different server hosting provider, then skip to the next section.
#1. Click here (affiliate link) to register a new user account on Vultr
Disclosure: Get +$20 when you spend $10 and I will receive $30 for the referral. All referral bonus supports Privacy for Journalists.
#2. You should receive an email from Vulr. Click on the link inside to verify your email address.
#3. Link credit card or PayPal account under ‘Billing‘ from the control panel. The verification is a pre-requisite of launching virtual machines (VM).
#4. Apply a promo code under ‘Billing‘:
Launching a virtual machine
Once you have registered and verified the user account, you can launch a virtual server for the Tor agent.
#1. Go to ‘Deploy‘ to launch a new VM
#2. Configure the VM as the following:
Server Location: <your preferred location>
Server Type: Ubuntu 16.04 x64
Server Size: 15 GB SSD for $5/mo
Additional Features: Enable IPv6
Startup Script: None
SSH Keys: None (you can add later)
Server Hostname: myrelay
Server Label: tor
#3. Click on ‘Deploy Now‘ button at the bottom to launch the VM
#4. Go to ‘Servers‘ and click on your new server to open its details
#5. Click on the eye icon in the bottom-left corner to reveal the root password
#6. Take note of your SSH login details
IP Address: <shown on the server details page>
Password: <as shown at step #5>
Configuring the operating system
Once the VM is up and running, we need to keep everything up-to-date before we install Tor. Let’s update the system and configure auto-update, shall we?
#1. Log into your VM with SSH
#2. Upgrade the operating system
# apt-get update && apt-get dist-upgrade -y
Note: If this fails with “E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?”, it means that the packages are already updated automatically in the background. Wait a few minutes and try again.
#3. Configure auto-upgrade
# apt-get install unattended-upgrades -y
# dpkg-reconfigure –priority=low unattended-upgrades
Choose ‘Yes‘ when prompted and press ‘Enter‘ for the default settings
Install the Tor agent
Finally, we are installing the Tor agent onto the virtual machine. We prefer using the software repositories provided by the Tor project over the Ubuntu release.
#1. Add the Tor software repository to Ubuntu:
# echo ‘deb http://deb.torproject.org/torproject.org xenial main’ >> /etc/apt/sources.list.d/tor.list
# echo ‘deb-src http://deb.torproject.org/torproject.org xenial main’ >> /etc/apt/sources.list.d/tor.list
#2. Add the gpg key used to sign the packages by running the following commands at your command prompt:
# gpg –keyserver keys.gnupg.net –recv 886DDD89
# gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –
#3. You can install the agent with the following commands. Choose ‘Yes‘ when prompted
# apt-get update && apt-get install tor tor-arm deb.torproject.org-keyring -y
Configuring the Tor agent as a relay
The Tor agent needs some reconfiguration before it can start serving as a middle relay.
#1. Rename the default Tor configuration file
# mv /etc/tor/torrc /etc/tor/torrc.default
#2. Open /etc/tor/torrc with your favourite text editor and add the following:
AccountingMax 950 GBytes
AccountingStart month 1 00:01
ContactInfo John Doe <[email protected]>
ExitPolicy reject *:* # no exits allowed
#3. Change ‘Nickname‘ and ‘ContactInfo‘
Note: The email address in the ‘ContactInfo’ is public. We suggest obscuring the email addresses to avoid spam harvesting.
#4. Save the configuration file and exit the editor
#5. Start the Tor service
# systemctl stop tor
# systemctl start tor
#6. Verify if the relay is starting up correctly by monitoring the log file
# tail -f /var/log/tor/log
You should have “[notice] Bootstrapped 100%: Done” in the log file if everything is working a-okay.
#7. Confirm Tor is running with the ‘arm’ utility
You can exit the arm utility by pressing ‘q‘
Check out the relay on Tor Atlas
Once everything is up and running, the relay should be publicly available on Tor Atlas. This service is a global catalogue of Tor relays and exit nodes.
#1. Get the Tor relay fingerprint with the following command
# cat /var/lib/tor/fingerprint
The fingerprint is the second block of long string of letters and numbers
#2. Open the following URL in your browser:
https://atlas.torproject.org/#details/<fingerprint from step #1>
Note: It may take up to 2-4 hours for your server to appear in Atlas. You should be able to find it by searching for its nickname set by the ‘Nickname’ parameter in /etc/tor/torrc
Further things to do
Congratulations, you are now a proud contributor to the Tor network! Here are a few additional things you may want to try out later:
- Check out the guides at Tor Project
- Change the ‘root‘ password
- Add your SSH public key and disable password authentication
- Set up server monitoring (NewRelic, Uptime Robot)
- Patch Ubuntu manually on a regular basis (unattended-upgrades does not apply every available update)
- Secure your Vultr account with two-factor authentication
- Add swap
- Configure firewall (iptables)
- Protect Ubuntu with two-factor authentication
- Forward OS logs to a remote location (Loggly, Papertrail)
- Backup Tor private keys
- Join the Tor community
- Join the CryptoParty Sydney community
- Join the CyrptoParty Sydney Telegram channel
The original guide was created for the CryptoParty Sydney Tor relay workshop. Images courtesy of Jun Seita and The Hacker News.