Hi Tor-Relays,
I wrote the following documentation after figuring out how to get my Tor relay working with a manual install. The goal is to give easy to follow and concise instructions that explain just enough to understand what you're doing.
I'm trying to find out the best way to make this available - would it be possible to add it to the externally facing documentation? I'd also really appreciate it if someone looks it over and sees if I made any typos/forgot something.
I can help with whatever needs to be done.
Thanks, Zach
### Manually configuring a Tor Relay on OS X (Yosemite, Tor 0.2.5.11)
This guide walks you through the process of configuring your very own tor relay explaining each step along the way.
First install homebrew which will allow us to install the most recent version of Tor (http://brew.sh) The following command pasted into a terminal will download and install homebrew. {code} ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" {code}
Once that completes we'll use homebrew to install tor with the following command. {code} brew install tor {code}
At this point tor should be installed and the homebrew command should have printed the following: {quote} You will find a sample `torrc` file in /usr/local/etc/tor. It is advisable to edit the sample `torrc` to suit your own security needs: https://www.torproject.org/docs/faq#torrc After editing the `torrc` you need to restart tor.
To have launchd start tor at login: ln -svn /usr/local/opt/tor/*.plist ~/Library/LaunchAgents Then to load tor now: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist {quote}
Notice that it mentions the location of the torrc file (we're going to edit that next). It also explains how to have tor run at startup and how to start it now. Before we go ahead and run those commands let's create the location logging is supposed to go since for some reason it doesn't already exist. These commands are creating directories. {code} mkdir /usr/local/Cellar/tor/0.2.5.11/var mkdir /usr/local/Cellar/tor/0.2.5.11/var/log mkdir /usr/local/Cellar/tor/0.2.5.11/var/log/tor {code}
Similarly create the following for the DataDirectory if it doesn't already exist. {code} mkdir /usr/local/Cellar/tor/0.2.5.11/var/lib mkdir /usr/local/Cellar/tor/0.2.5.11/var/lib/tor {code}
Next let's edit the torrc.sample file and save it as torrc. To open its location in a finder window use the following command: {code} open /usr/local/etc/tor {code} Then open the torrc.sample file in your chosen editor (text edit works fine).
Read through the file and try to understand what each of the options are, at a minimum we're going to want to uncomment and use the following options. {code} #Sets the logging location Log notice file /usr/local/Cellar/tor/0.2.5.11/var/log/tor/notices.log
#Sets the DataDirectory DataDirectory /usr/local/Cellar/tor/0.2.5.11/var/lib/tor
#If you're only configuring this as a relay SocksPort 0
#Your main ORPort ORPort 9001
#Name of your relay Nickname supercoolrelay
#Bandwidth limits RelayBandwidthRate 5000 KB RelayBandwidthBurst 10000 KB
#Way for the tor project to conact you ContactInfo Random Person <a special email you should make just for this>@gmail.com
#What port to advertise for directory connections DirPort 9030
#If you don't want to run an exit (if you're able to run an exit please use the file default!) ExitPolicy reject *:* # no exits allowed {code}
Once you've uncommented/edited those lines save the file as torrc and exit.
Now it's time for an oversimplified and possibly inaccurate lesson about Networking. You are probably sitting at a home network at a computer connected wirelessly or wired to a router which is connected to a modem which is connecting you to the outside Internet.
Your entire network connection has one IPv4 address facing the outside world. Your router then uses NAT which stands for Network Address Translation to remap traffic to the unique IP addresses you have per device on your local intranet. When we configure 'port forwarding' we're telling your router to take the ports we need on your computer's local IP behind the router and forward them to the ports exposed to the real internet as part of this NAT process. In this case this allows the tor relay we've configured to receive incoming connections on the port we've specified. Unfortunately this process is different for every router, but in order to provide an example I'll show what the changes look like for an Apple Airport Extreme and hopefully you'll be able to translate them to your own router's settings. First though we need to know your computer's local IP.
Open System Preferences Click Network Click Advanced Click TCP/IP In this window you should see "IPv4 Address: XX.X.X.X"
That's the address we need.
Next open Airport Utilty (this is to configure port forwarding on an Apple Airport Extreme router) Click on the Airport Extreme Click Edit on the tooltip that pops up Click Network Notice the Port Settings Box, Click + Add the following settings: Description: Tor Ports Public UDP Ports: 9001, 9030 Public TCP Ports: 9001, 9030 Private IP Address: XX.X.X.X (this is the IP we found in Network) Priave UDP Ports: 9001, 9030 Public TCP Ports: 9001, 9030 Click Save Click Update (note the router will reboot)
Note: This example shows the default ports we configured in our torrc, if you need to or decide to use different ports you'd have to configure the forwarding differently. I think only the TCP settings matter here, but I ended up setting both while trying to get this to work.
Now we can set tor to launch on startup as well as start it right now with these two commands. {code} ln -svn /usr/local/opt/tor/*.plist ~/Library/LaunchAgents launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist {code}
Note: If you make changes to torrc in the future you need to restart tor. You can restart tor with the following command. {code} pkill -sighup tor {code}
Now let's check out the logs and verify things are working. This command will show the end of the log and any new lines as they appear. {code} tail -f /usr/local/Cellar/tor/0.2.5.11/var/log/tor/notices.log {code}
In a few mintues you should see the following lines if things are working: 19:29:38 [NOTICE] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. 19:29:36 [NOTICE] Self-testing indicates your DirPort is reachable from the outside. Excellent.
If you see something like the following it's irrelevant: Apr 02 22:33:02.000 [notice] Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up.
And if you see this it's not working (the X's here represent your public internet facing IPv4): Apr 03 17:10:41.000 [warn] Your server (XX.XXX.XXX.XXX:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Apr 03 17:10:41.000 [warn] Your server (XX.XXX.XXX.XXX:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
If you're still having trouble try hopping on IRC. ###
I ended up putting it up on stack exchange since it'll probably be helpful there anyway.
http://tor.stackexchange.com/questions/6567/how-do-i-manually-setup-a-relay-...
Thanks, Zach
On Fri, Apr 3, 2015 at 8:47 PM, Zachary Alberico fossuser@gmail.com wrote:
Hi Tor-Relays,
I wrote the following documentation after figuring out how to get my Tor relay working with a manual install. The goal is to give easy to follow and concise instructions that explain just enough to understand what you're doing.
I'm trying to find out the best way to make this available - would it be possible to add it to the externally facing documentation? I'd also really appreciate it if someone looks it over and sees if I made any typos/forgot something.
I can help with whatever needs to be done.
Thanks, Zach
### Manually configuring a Tor Relay on OS X (Yosemite, Tor 0.2.5.11)
This guide walks you through the process of configuring your very own tor relay explaining each step along the way.
First install homebrew which will allow us to install the most recent version of Tor (http://brew.sh) The following command pasted into a terminal will download and install homebrew. {code} ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" {code}
Once that completes we'll use homebrew to install tor with the following command. {code} brew install tor {code}
At this point tor should be installed and the homebrew command should have printed the following: {quote} You will find a sample `torrc` file in /usr/local/etc/tor. It is advisable to edit the sample `torrc` to suit your own security needs: https://www.torproject.org/docs/faq#torrc After editing the `torrc` you need to restart tor.
To have launchd start tor at login: ln -svn /usr/local/opt/tor/*.plist ~/Library/LaunchAgents Then to load tor now: launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist {quote}
Notice that it mentions the location of the torrc file (we're going to edit that next). It also explains how to have tor run at startup and how to start it now. Before we go ahead and run those commands let's create the location logging is supposed to go since for some reason it doesn't already exist. These commands are creating directories. {code} mkdir /usr/local/Cellar/tor/0.2.5.11/var mkdir /usr/local/Cellar/tor/0.2.5.11/var/log mkdir /usr/local/Cellar/tor/0.2.5.11/var/log/tor {code}
Similarly create the following for the DataDirectory if it doesn't already exist. {code} mkdir /usr/local/Cellar/tor/0.2.5.11/var/lib mkdir /usr/local/Cellar/tor/0.2.5.11/var/lib/tor {code}
Next let's edit the torrc.sample file and save it as torrc. To open its location in a finder window use the following command: {code} open /usr/local/etc/tor {code} Then open the torrc.sample file in your chosen editor (text edit works fine).
Read through the file and try to understand what each of the options are, at a minimum we're going to want to uncomment and use the following options. {code} #Sets the logging location Log notice file /usr/local/Cellar/tor/0.2.5.11/var/log/tor/notices.log
#Sets the DataDirectory DataDirectory /usr/local/Cellar/tor/0.2.5.11/var/lib/tor
#If you're only configuring this as a relay SocksPort 0
#Your main ORPort ORPort 9001
#Name of your relay Nickname supercoolrelay
#Bandwidth limits RelayBandwidthRate 5000 KB RelayBandwidthBurst 10000 KB
#Way for the tor project to conact you ContactInfo Random Person <a special email you should make just for this>@gmail.com
#What port to advertise for directory connections DirPort 9030
#If you don't want to run an exit (if you're able to run an exit please use the file default!) ExitPolicy reject *:* # no exits allowed {code}
Once you've uncommented/edited those lines save the file as torrc and exit.
Now it's time for an oversimplified and possibly inaccurate lesson about Networking. You are probably sitting at a home network at a computer connected wirelessly or wired to a router which is connected to a modem which is connecting you to the outside Internet.
Your entire network connection has one IPv4 address facing the outside world. Your router then uses NAT which stands for Network Address Translation to remap traffic to the unique IP addresses you have per device on your local intranet. When we configure 'port forwarding' we're telling your router to take the ports we need on your computer's local IP behind the router and forward them to the ports exposed to the real internet as part of this NAT process. In this case this allows the tor relay we've configured to receive incoming connections on the port we've specified. Unfortunately this process is different for every router, but in order to provide an example I'll show what the changes look like for an Apple Airport Extreme and hopefully you'll be able to translate them to your own router's settings. First though we need to know your computer's local IP.
Open System Preferences Click Network Click Advanced Click TCP/IP In this window you should see "IPv4 Address: XX.X.X.X"
That's the address we need.
Next open Airport Utilty (this is to configure port forwarding on an Apple Airport Extreme router) Click on the Airport Extreme Click Edit on the tooltip that pops up Click Network Notice the Port Settings Box, Click + Add the following settings: Description: Tor Ports Public UDP Ports: 9001, 9030 Public TCP Ports: 9001, 9030 Private IP Address: XX.X.X.X (this is the IP we found in Network) Priave UDP Ports: 9001, 9030 Public TCP Ports: 9001, 9030 Click Save Click Update (note the router will reboot)
Note: This example shows the default ports we configured in our torrc, if you need to or decide to use different ports you'd have to configure the forwarding differently. I think only the TCP settings matter here, but I ended up setting both while trying to get this to work.
Now we can set tor to launch on startup as well as start it right now with these two commands. {code} ln -svn /usr/local/opt/tor/*.plist ~/Library/LaunchAgents launchctl load ~/Library/LaunchAgents/homebrew.mxcl.tor.plist {code}
Note: If you make changes to torrc in the future you need to restart tor. You can restart tor with the following command. {code} pkill -sighup tor {code}
Now let's check out the logs and verify things are working. This command will show the end of the log and any new lines as they appear. {code} tail -f /usr/local/Cellar/tor/0.2.5.11/var/log/tor/notices.log {code}
In a few mintues you should see the following lines if things are working: 19:29:38 [NOTICE] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. 19:29:36 [NOTICE] Self-testing indicates your DirPort is reachable from the outside. Excellent.
If you see something like the following it's irrelevant: Apr 02 22:33:02.000 [notice] Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up.
And if you see this it's not working (the X's here represent your public internet facing IPv4): Apr 03 17:10:41.000 [warn] Your server (XX.XXX.XXX.XXX:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Apr 03 17:10:41.000 [warn] Your server (XX.XXX.XXX.XXX:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc.
If you're still having trouble try hopping on IRC. ###
tor-relays@lists.torproject.org