commit 9b2aebc2b7e2ca0e48eedc1eb4570f70df693f62 Author: gus gus@torproject.org Date: Thu Jul 4 11:18:19 2019 -0400

Move technical considerations to a new section --- .../technical-considerations/contents.lr | 93 ++++++++++++++++++++++ 1 file changed, 93 insertions(+)

diff --git a/content/relay-operations/technical-considerations/contents.lr b/content/relay-operations/technical-considerations/contents.lr new file mode 100644 index 0000000..b9038b9 --- /dev/null +++ b/content/relay-operations/technical-considerations/contents.lr @@ -0,0 +1,93 @@ +_model: page +--- +title: Technical considerations +--- +_template: layout.html +--- +body: + +# Considerations when choosing a hosting provider + +If you have access to a high speed internet connection (>=100 Mbit/s in both directions) and a physical piece of computer hardware, this is the best way to run a relay. +Having full control over the hardware and connection gives you a more controllable and (if done correctly) secure environment. +You can host your own physical hardware at home (do NOT run a Tor exit relay from your home) or in a data center. +Sometimes this is referred to as installing the relay on "bare metal". + +If you do not own physical hardware, you could run a relay on a rented dedicated server or virtual private server (VPS). +This can cost anywhere between $3.00/month and thousands per month, depending on your provider, hardware configuration, and bandwidth usage. +Many VPS providers will not allow you to run exit relays. +You must follow the VPS provider's terms of service, or risk having your account disabled. +For more information on hosting providers and their policies on allowing Tor relays, please see this list maintained by the Tor community: [GoodBadISPs](FIXME). + +## Questions to consider when choosing a hoster + +* How much monthly traffic is included? (Is bandwidth "unmetered"?) +* Does the hoster provide IPv6 connectivity? (it is recommended, but not required) +* What virtualization / hypervisor (if any) does the provider use? (anything but OpenVZ should be fine) +* Does the hoster start to throttle bandwidth after a certain amount of traffic? +* How well connected is the autonomous system of the hoster? To answer this question you can use the AS rank of the autonomous systems if you want to compare: http://as-rank.caida.org/ (a lower value is better) + +## If you plan to run Exit Relays + +* Does the hoster allow Tor exit relays? (explicitly ask them before starting an exit relay there) +* Does the hoster allow custom WHOIS records for your IP addresses? This helps reduce the amount of abuse sent to the hoster instead of you. +* Does the hoster allow you to set a custom DNS reverse entry? (DNS PTR record) + + This are probably things you will need to ask the hoster in a Pre-Sales ticket + +# AS/location diversity + +When selecting your hosting provider, consider network diversity on an autonomous system (AS) and country level. +A more diverse network is more resilient to attacks and outages. +Sometimes it is not clear which AS you are buying from in case of resellers. +To be sure it is best to ask the hoster about the AS number before ordering a server. + +It is best to avoid hosters where many Tor relays are already hosted, but it is still better to add one there than to run no relay at all. + + **Try to avoid** the following hosters: + +* OVH SAS (AS16276) +* Online S.a.s. (AS12876) +* Hetzner Online GmbH (AS24940) +* DigitalOcean, LLC (AS14061) + +To find out which hoster and countries are already used by many other operators (that should be avoided) you can use Relay Search: + +* [Autonomous System Level Overview](https://metrics.torproject.org/rs.html#aggregate/as) +* [Country Level Overview](https://metrics.torproject.org/rs.html#aggregate/cc) + +# Choosing an Operating System + +We recommend you use the operating system you are most familiar with. + +Please keep in mind that since most relays run on Debian and we want to avoid a monoculture, BSD and other non-Linux based relays are greatly needed. + +The following table shows the current OS distribution on the Tor network to give you an idea of how much more non-Linux relays we should have: + +* https://nusenu.github.io/OrNetStats/#os-distribution-relays + +# OS Level Configuration + +OS configuration is outside the scope of this guide but the following points are crucial for a Tor relay, so we want to mention them here nonetheless. + +## Time Synchronization (NTP) + +Correct time settings are essential for Tor relays. It is recommended that you use the network time protocol (NTP) for time synchronization and ensure your timezone is set correctly. + +## Automatic Software Updates + +One of the most imported things to keeps your relay secure is to install security updates timely and ideally automatically so you can not forget about it. +We collected the steps to enable automatic software updates for different operating systems: + +* [RPM-based distributions](FIXME) (RHEL, CentOS, Fedora, openSUSE) +* [Debian/Ubuntu](FIXME) +* [FreeBSD/HardenedBSD](FIXME) + +--- +html: two-columns-page.html +--- +section: relay operations +--- +section_id: relay-operations +--- +key: 2