commit 195b50bbf4a0ba1732b61ebfbd4b07a49a4d6d04 Author: Vinícius Zavam <egypcio@googlemail.com> Date: Sat Oct 23 10:10:53 2021 +0000 relay/setup (FreeBSD): follow Software Updates headline relay/setup (NetBSD): follow Software Updates headline - here the text for the topic was added too relay/setup (NetBSD): fix topics counter relay/setup (OpenBSD): follow Software Updates headline relay/setup (OpenBSD): fix topics counter relay/setup (DragonFlyBSD): follow Software Updates headline relay/setup (DragonFlyBSD): fix topics counter relay/setup: use same text to describe "torrc" - DragonFlyBSD, and NetBSD updated relay/setup (DragonFlyBSD): rename "configuration" step - follow very same standard used by the other BSD systems relay/setup (NetBSD): make sure we have a "Final Notes" section relay/setup (OpenBSD): make sure we have a "Final Notes" section relay/setup (FreeBSD): update 12.0 to 12.2, after reproduced setup to confirm it works relay/setup (*BSD): offer a standard "torrc" when possible relay/setup (DragonFlyBSD): rename "install" and "start" steps - follow same way described by other BSD systems relay/setup (NetBSD): add small note about "pkgin" and "pkg_add" relay/setup (DragonFlyBSD): shrink "Recommendations" about pkg relay/setup (OpenBSD): avoid long titles, and line breaks relay/setup (FreeBSD): avoid long titles, and line breaks relay/setup (*BSD): remove colon from "Start tor" step relay/setup (OpenBSD): fix mention about recent OpenBSD versions - that is not related to amd64 only relay/setup (DragonFlyBSD): minor fixes on markdown for shell console relay/setup (FreeBSD): minor fixes on markdown for shell console relay/setup (NetBSD): minor fixes on markdown for shell console relay/setup (OpenBSD): minor fixes on markdown for shell console relay/setup (NetBSD): minor typo fix setup/relay (OpenBSD): apply fix fished from #158 guard (OpenBSD): make tor daemon happy on OpenBSD --- content/relay/setup/guard/dragonflybsd/contents.lr | 57 ++++++++++------------ content/relay/setup/guard/freebsd/contents.lr | 40 +++++++-------- content/relay/setup/guard/netbsd/contents.lr | 36 +++++++++----- content/relay/setup/guard/openbsd/contents.lr | 48 ++++++++++-------- 4 files changed, 100 insertions(+), 81 deletions(-) diff --git a/content/relay/setup/guard/dragonflybsd/contents.lr b/content/relay/setup/guard/dragonflybsd/contents.lr index f5e9c39..d98ec6f 100644 --- a/content/relay/setup/guard/dragonflybsd/contents.lr +++ b/content/relay/setup/guard/dragonflybsd/contents.lr @@ -6,29 +6,30 @@ title: DragonflyBSD --- body: -# 1. Bootstrap `pkg` +# 1. Enable Automatic Software Updates -DragonFlyBSD's daily snapshots and releases (starting with 3.4) come with `pkg` already installed. -Upgrades from earlier releases, however, will not have it. +One of the most important things to keeps your relay secure is to install security updates timely and ideally automatically so you can not forget about it. Follow the instructions to enable automatic software updates for your operating system. -If `pkg` is missing on the system for any reason, it can be quickly bootstrapped without having to build it from source or even having **DPorts** installed: +# 2. Bootstrap `pkg` + +DragonFlyBSD's daily snapshots and releases (starting with 3.4) come with `pkg` already installed. Upgrades from earlier releases, however, will not have it. If `pkg` is missing on the system for any reason, it can be quickly bootstrapped without having to build it from source or even having **DPorts** installed: ``` -cd /usr -make pkg-bootstrap -rehash -pkg-static install -y pkg -rehash +# cd /usr +# make pkg-bootstrap +# rehash +# pkg-static install -y pkg +# rehash ``` -### 1.1. Recommended Steps to Setup `pkg` +### 2.1. Recommended Steps to Setup `pkg` Here, it will be similar to what we have on a **FreeBSD** system, and we are going to use HTTPS to fetch our packages, and updates - so here we also need an extra package to help us out (ca_root_nss). Installing the `ca_root_nss` package: ``` -pkg install ca_root_nss +# pkg install ca_root_nss ``` For fresh installations, the file `/usr/local/etc/pkg/repos/df-latest.conf.sample` is copied to `/usr/local/etc/pkg/repos/df-latest`. The files ending in the ".sample" extension are ignored; pkg(8) only reads files that end in ".conf" and it will read as many as it finds. @@ -43,53 +44,49 @@ We can simply edit the **URL** used to point out the repositories on `/usr/local After applying all these changes, we update the packages list again and try to check if there's already a new update to apply: ``` -pkg update -f -pkg upgrade -y -f +# pkg update -f +# pkg upgrade -y -f ``` -# 2. Package Installation +# 3. Install `tor` DragonFlyBSD's Package Install the `tor` package: ``` -pkg install tor +# pkg install tor ``` ... or install an alpha release: ``` -pkg install tor-devel +# pkg install tor-devel ``` -# 3. Configuration File - -Put the configuration file `/usr/local/etc/tor/torrc` in place: +# 4. Configure `/usr/local/etc/tor/torrc` +This is a very simple version of the `torrc` configuration file in order to run a Middle/Guard relay on the Tor network: ``` -#change the nickname "myBSDrelay" to a name that you like -Nickname myBSDRelay -# You might want to use/try a different port, should you want to -ORPort 443 +Nickname myNiceRelay # Change "myNiceRelay" to something you like +ContactInfo your@e-mail # Write your e-mail and be aware it will be published +ORPort 443 # You might use a different port, should you want to ExitRelay 0 SocksPort 0 Log notice syslog -# Change the email address below and be aware that it will be published -ContactInfo tor-operator@your-emailaddress-domain ``` -# 4. Start the service +# 5. Start `tor` Here we set `tor` to start at boot time and use the setuid feature, in order to bind to lower ports like 443 (the daemon itself will still run as a regular non-privileged user). ``` -echo "tor_setuid=YES" >> /etc/rc.conf -echo "tor_enable=YES" >> /etc/rc.conf -service tor start +# echo "tor_setuid=YES" >> /etc/rc.conf +# echo "tor_enable=YES" >> /etc/rc.conf +# service tor start ``` -# 5. Final Notes +# 6. Final Notes If you are having trouble setting up your relay, have a look at our [help section](/relay/getting-help/). If your relay is now running, check out the [post-install](/relay/setup/post-install/) notes. diff --git a/content/relay/setup/guard/freebsd/contents.lr b/content/relay/setup/guard/freebsd/contents.lr index 97b70a4..7431c8c 100644 --- a/content/relay/setup/guard/freebsd/contents.lr +++ b/content/relay/setup/guard/freebsd/contents.lr @@ -6,20 +6,20 @@ title: FreeBSD --- body: -# 1. Enable Automatic Updates for Packages +# 1. Enable Automatic Software Updates One of the most important things to keeps your relay secure is to install security updates timely and ideally automatically so you can not forget about it. Follow the instructions to enable [automatic software updates](updates) for your operating system. # 2. Bootstrap `pkg` -This article assumes we have already a base installation of FreeBSD running, and only the base system (here, we are running 12.0-RELEASE). +This article assumes we have already a base installation of FreeBSD running, and only the base system (here, we are running 12.2-RELEASE). That means we do not have any packages installed, or even the `pkg` packages manager itself (there's no `sudo` available - we are running commands as root). To bootstrap and install `pkg` we should run the following command: ``` -pkg bootstrap -pkg update -f +# pkg bootstrap +# pkg update -f ``` ### 2.1. Recommended Steps to Setup `pkg` @@ -31,7 +31,7 @@ One additional step is to prefer using HTTPS to fetch our packages, and updates Installing the `ca_root_nss` package: ``` -pkg install ca_root_nss +# pkg install ca_root_nss ``` We are keeping the original setting used by `pkg` but setting a new one that will override it. @@ -41,7 +41,7 @@ This configuration file will be `/usr/local/etc/pkg/repos/FreeBSD.conf`. Creating the new directory: ``` -mkdir -p /usr/local/etc/pkg/repos +# mkdir -p /usr/local/etc/pkg/repos ``` This is how the new configuration file `/usr/local/etc/pkg/repos/FreeBSD.conf` must look like: @@ -55,8 +55,8 @@ FreeBSD: { After applying all these changes, we update the packages list again and try to check if there's already a new update to apply: ``` -pkg update -f -pkg upgrade -y -f +# pkg update -f +# pkg upgrade -y -f ``` # 3. Install `tor` FreeBSD's Package @@ -64,14 +64,14 @@ pkg upgrade -y -f Here we can choose to install the latest stable version, like: ``` -pkg install tor +# pkg install tor ``` ... or install an alpha release: ``` -pkg install tor-devel +# pkg install tor-devel ``` # 4. Configure `/usr/local/etc/tor/torrc` @@ -79,29 +79,29 @@ pkg install tor-devel This is a very simple version of the `torrc` configuration file in order to run a Middle/Guard relay on the Tor network: ``` -Nickname myBSDRelay # Change your relay's nickname to something you like -ContactInfo your@email # Please write your email address and be aware that it will be published -ORPort 443 # You might want to use/try a different port, should you want to +Nickname myNiceRelay # Change "myNiceRelay" to something you like +ContactInfo your@e-mail # Write your e-mail and be aware it will be published +ORPort 443 # You might use a different port, should you want to ExitRelay 0 SocksPort 0 Log notice syslog ``` -# 5. Ensure `net.inet.ip.random_id` is enabled: +# 5. Enable `net.inet.ip.random_id` ``` -echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf -sysctl net.inet.ip.random_id=1 +# echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf +# sysctl net.inet.ip.random_id=1 ``` -# 6. Start `tor`: +# 6. Start `tor` Here we set `tor` to start at boot time and use the setuid feature, in order to bind to lower ports like 443 (the daemon itself will still run as a regular non-privileged user). ``` -sysrc tor_setuid=YES -sysrc tor_enable=YES -service tor start +# sysrc tor_setuid=YES +# sysrc tor_enable=YES +# service tor start ``` # 7. Final Notes diff --git a/content/relay/setup/guard/netbsd/contents.lr b/content/relay/setup/guard/netbsd/contents.lr index 48a1ec7..9b8972d 100644 --- a/content/relay/setup/guard/netbsd/contents.lr +++ b/content/relay/setup/guard/netbsd/contents.lr @@ -6,39 +6,51 @@ title: NetBSD --- body: -# 1. Setup `pkg_add` +# 1. Enable Automatic Software Updates + +One of the most important things to keeps your relay secure is to install security updates timely and ideally automatically so you can not forget about it. Follow the instructions to enable automatic software updates for your operating system. + +# 2. Setup `pkg_add` + +Modern versions of the NetBSD operating system can be set to use `pkgin`, which is a piece of software aimed to be like `apt` or `yum` for managing pkgsrc binary packages. We are not convering its setup here, and opt to use plain `pkg_add` instead. ``` -echo "PKG_PATH=http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/$(uname -m)/$(uname -r)/All" > /etc/pkg_install.conf +# echo "PKG_PATH=http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/$(uname -m)/$(uname -r)/All" > /etc/pkg_install.conf ``` -# 2. Install `tor` NetBSD's package +# 3. Install `tor` NetBSD's Package ``` -pkg_add tor +# pkg_add tor ``` -# 3. Configure `/usr/pkg/etc/tor/torrc` +# 4. Configure `/usr/pkg/etc/tor/torrc` + +This is a very simple version of the `torrc` configuration file in order to run a Middle/Guard relay on the Tor network: ``` -Nickname myBSDRelay # Change your relay's nickname to something you like -ContactInfo your@email # Please write your email address and be aware that it will be published -ORPort 443 # You might want to use/try a different port, should you want to +Nickname myNiceRelay # Change "myNiceRelay" to something you like +ContactInfo your@e-mail # Write your e-mail and be aware it will be published +ORPort 443 # You might use a different port, should you want to ExitRelay 0 SocksPort 0 Log notice syslog ``` -# 6. Start `tor`: +# 5. Start `tor` Here we set `tor` to start during boot and call it for the first time: ``` -ln -sf /usr/pkg/share/examples/rc.d/tor /etc/rc.d/tor -echo "tor=YES" >> /etc/rc.conf -/etc/rc.d/tor start +# ln -sf /usr/pkg/share/examples/rc.d/tor /etc/rc.d/tor +# echo "tor=YES" >> /etc/rc.conf +# /etc/rc.d/tor start ``` +# 6. Final Notes + +If you are having trouble setting up your relay, have a look at our [help section](/relay/getting-help/). +If your relay is now running, check out the [post-install](/relay/setup/post-install/) notes. --- html: two-columns-page.html --- diff --git a/content/relay/setup/guard/openbsd/contents.lr b/content/relay/setup/guard/openbsd/contents.lr index d7cc1ce..37dacf3 100644 --- a/content/relay/setup/guard/openbsd/contents.lr +++ b/content/relay/setup/guard/openbsd/contents.lr @@ -6,20 +6,24 @@ title: OpenBSD --- body: -# 1. Install `tor` OpenBSD's Package +# 1. Enable Automatic Software Updates -Recent OpenBSD systems, like 6.5/amd64, already have the repository configured on `/etc/installurl` so we do not need to bother changing it. +One of the most important things to keeps your relay secure is to install security updates timely and ideally automatically so you can not forget about it. Follow the instructions to enable automatic software updates for your operating system. + +# 2. Install `tor` OpenBSD's Package + +Recent OpenBSD systems, since 6.5, already have the repository configured on `/etc/installurl` so we do not need to bother changing it. If that's not your case, please adjust the `installurl` configuration file like this: ``` -echo "https://cdn.openbsd.org/pub/OpenBSD" > /etc/installurl +# echo "https://cdn.openbsd.org/pub/OpenBSD" > /etc/installurl ``` Proceed with `pkg_add` to install the package: ``` -pkg_add tor +# pkg_add tor ``` ### 2.1. Recommended Steps to Install `tor` on OpenBSD @@ -27,7 +31,7 @@ pkg_add tor If you want to install a newer version of the `tor` OpenBSD's package, you can use M:Tier's binary packages: ``` -ftp https://stable.mtier.org/openup +# ftp https://stable.mtier.org/openup ``` Right after fetching `openup` you can run it to sync M:Tier's repository and update your packages; it's an alternative to `pkg_add -u`. @@ -35,7 +39,7 @@ Right after fetching `openup` you can run it to sync M:Tier's repository and upd Here is how you proceed with these steps: ``` -openup +# ./openup ``` # 3. Configure `/etc/tor/torrc` @@ -43,16 +47,18 @@ openup This is a very simple version of the `torrc` configuration file in order to run a Middle/Guard relay on the Tor network: ``` -Nickname myBSDRelay # Change your relay's nickname to something you like -ContactInfo your@email # Please write your email address and be aware that it will be published -ORPort 443 # You might want to use/try a different port, should you want to -ExitRelay 0 -SocksPort 0 -Log notice syslog -User _tor +Nickname myNiceRelay # Change "myNiceRelay" to something you like +ContactInfo your@e-mail # Write your e-mail and be aware it will be published +ORPort 443 # You might use a different port, should you want to +ExitRelay 0 +SocksPort 0 +Log notice syslog +DataDirectory /var/tor +User _tor +RunAsDaemon 1 ``` -# 4. Change `openfiles-max` and `maxfiles` Tweaks +# 4. Change `openfiles-max` and `maxfiles` By default, OpenBSD maintains a rather low limit on the maximum number of open files for a process. For a daemon such as Tor's, that opens a connection to each and every other relay (currently around 7000 relays), these limits should be raised. @@ -69,19 +75,23 @@ OpenBSD also stores a kernel-level file descriptor limit in the sysctl variable Increase it from the default of 7030 to 16000: ``` -echo "kern.maxfiles=16000" >> /etc/sysctl.conf -sysctl kern.maxfiles=16000 +# echo "kern.maxfiles=16000" >> /etc/sysctl.conf +# sysctl kern.maxfiles=16000 ``` -# 6. Start `tor`: +# 5. Start `tor` Here we set `tor` to start during boot and call it for the first time: ``` -rcctl enable tor -rcctl start tor +# rcctl enable tor +# rcctl start tor ``` +# 6. Final Notes + +If you are having trouble setting up your relay, have a look at our [help section](/relay/getting-help/). +If your relay is now running, check out the [post-install](/relay/setup/post-install/) notes. --- html: two-columns-page.html ---