commit ea704abd8de6908876106b4881844f3299a6ae34 Author: Christopher King bunnyapocalypse@protonmail.com Date: Fri Aug 30 23:55:39 2019 +0000
Added Fedora Instructions
So this is what I needed to do in order to get my fedora server up and running as a bridge, and I've added these instructions as if these problems only affect Fedora users, but I would be surprised if that's the case, because the alternative ports that are encouraged in this guide for ORPort and ServerTransportListenAddr are exactly what selinux is supposed to stop. Because of that, I'd imagine that this would function the same on CentOS SUSE and RHEL.
As for why the fedora instructions install the executable into normal bin, that's because you run into selinux problems there too when it's in /usr/local/bin , but problems that were more complicated than my tiny selinux knowledge can deal with.
policycoreutils-python-utils is needed for semanage. --- .../bridge/centos-rhel-opensuse/contents.lr | 56 ++++++++++++++++++++++ 1 file changed, 56 insertions(+)
diff --git a/content/relay-operations/technical-setup/bridge/centos-rhel-opensuse/contents.lr b/content/relay-operations/technical-setup/bridge/centos-rhel-opensuse/contents.lr index 16e12e5..0ecdfc5 100644 --- a/content/relay-operations/technical-setup/bridge/centos-rhel-opensuse/contents.lr +++ b/content/relay-operations/technical-setup/bridge/centos-rhel-opensuse/contents.lr @@ -21,6 +21,12 @@ yum install git golang tor zypper install tor go git ```
+* Fedora: + +``` +dnf install git golang tor policycoreutils-python-utils +``` + ### 2. Build obfs4proxy and move it into place.
Heavily outdated versions of git can make `go get` fail, so try upgrading to a more recent git version if you're running into this problem. @@ -42,8 +48,18 @@ go get gitlab.com/yawning/obfs4.git/obfs4proxy sudo cp $GOPATH/bin/obfs4proxy /usr/local/bin/ ```
+* Fedora: + +``` +export GOPATH=`mktemp -d` +go get gitlab.com/yawning/obfs4.git/obfs4proxy +sudo cp $GOPATH/bin/obfs4proxy /usr/bin/ +``` + ### 3. Edit your Tor config file, usually located at `/etc/tor/torrc` and replace its content with:
+* CentOS / RHEL / OpenSUSE: + ``` RunAsDaemon 1 BridgeRelay 1 @@ -72,6 +88,36 @@ ContactInfo address@email.com # Pick a nickname that you like for your bridge. This is optional. Nickname PickANickname ``` +* Fedora: + +``` +RunAsDaemon 1 +BridgeRelay 1 + +# Replace "TODO" with a Tor port of your choice. This port must be externally +# reachable. Avoid port 9001 because it's commonly associated with Tor and +# censors may be scanning the Internet for this port. +ORPort TODO + +ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy + +# Replace "TODO" with an obfs4 port of your choice. This port must be +# externally reachable. Avoid port 9001 because it's commonly associated with +# Tor and censors may be scanning the Internet for this port. +ServerTransportListenAddr obfs4 0.0.0.0:TODO + +# Local communication port between Tor and obfs4. Always set this to "auto". +# "Ext" means "extended", not "external". Don't try to set a specific port +# number, nor listen on 0.0.0.0. +ExtORPort auto + +# Replace "address@email.com" with your email address so we can contact you if +# there are problems with your bridge. This is optional but encouraged. +ContactInfo address@email.com + +# Pick a nickname that you like for your bridge. This is optional. +Nickname PickANickname +```
Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`, and `Nickname` options.
@@ -79,8 +125,18 @@ Nickname PickANickname
### 4. Restart tor
+* CentOS / RHEL / OpenSUSE: + `systemctl restart tor`
+* Fedora: + +``` +sudo semanage port -a -t tor_port_t -p tcp [desired ORPort number set earlier] +sudo semanage port -a -t tor_port_t -p tcp [desired ServerTransportListenAddr port number set earlier] +systemctl restart tor +``` + ### 5. Monitor your logs (usually in your syslog)
To confirm your bridge is running with no issues, you should see something like this: