Sorry for the late reply, but at least on ArchLinux, Tor already comes with a service file for systemd and an example configuration file at
/etc/tor/torrc
To make Tor auto-start on system boot, use:
systemctl enable tor
systemd also offers variable sandboxing mechanisms, which should be enabled for long-running services.
My current service file shipped by ArchLinux looks like this and has the sandboxing variables enabled:
/usr/lib/systemd/system/tor.service:
# tor.service -- this systemd configuration file for Tor sets up
# relatively conservative, hardened Tor service. You may need to
# edit it if you are making changes to your Tor configuration that it
# does not allow. Package maintainers: this should be a starting point
# for your tor.service; it is not the last point.[Unit]
Description=Anonymizing overlay network for TCP
After=network.target nss-lookup.target[Service]
Type=notify
NotifyAccess=all
ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
ExecStart=/usr/bin/tor -f /etc/tor/torrc
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutSec=60
Restart=on-failure
WatchdogSec=1m
LimitNOFILE=32768# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_READ_SEARCH CAP_KILL[Install]
WantedBy=multi-user.target
By using:
You can see in the above default service file that the timeout for the service not responding is 60, yet I have ShutdownWaitLength set to 120 seconds instead of 60.
So I used:
systemctl edit tor
to override the default unit file:
/etc/systemd/system/tor.service.d/override.conf
### Editing /etc/systemd/system/tor.service.d/override.conf
### Anything between here and the comment below will become the contents of the drop-in file[Service]
TimeoutSec=135
WatchdogSec=2m 15s### Edits below this comment will be discarded
Here you can see how I made systemd not deem my process unresponsive by increasing the timeout and watchdog thresholds.
The next time you have such trivial questions (regarding systemd, if it still has something to do with Tor, feel free to ask here), please refer to the systemd documentation and their mailing lists.
Google is also pretty good nowadays, and many problems have already been documented and solved by others.
I am happy to help new users, but I also have some time constraints.
All the best,
-GH
On Monday, November 25th, 2024 at 9:47 AM, Keifer Bly keifer.bly@gmail.com wrote:
Thanks. One more question, is there a way to configure tor to start automatically when Linux bolts? Thanks.
--Keifer
On Thu, Nov 21, 2024, 1:26 AM George Hartley hartley_george@proton.me wrote:
Does your server CPU support hardware AES extensions?
Run this command in your shell (bash most likely):
lscpu | grep aes
If it returns the string AES, then you can make use of the crypto hardware acceleration.
This severely reduces CPU usage by Tor.
Also, if you want to reduce CPU usage further, throttle bandwidth, I wouldn't use external tools not provided by Tor, unless you absolutely have to.
Take a look at RelayBandwidthRate / RelayBandwidthBurst, right here:
https://2019.www.torproject.org/docs/tor-manual.html.en#BandwidthRate
-GH
On Tuesday, November 19th, 2024 at 10:29 PM, Keifer Bly keifer.bly@gmail.com wrote:Hi, yes I got it running. Wondering is there a single debain command to set up automatic upgrades for tor, and is there a torrc configuration to limit CPU usage? Thanks
On Mon, Nov 18, 2024, 11:19 PM torproject.qj5i9--- via tor-relays tor-relays@lists.torproject.org wrote:
Hi,
have you installed the obfs4proxy? If you follow this guide: https://community.torproject.org/relay/setup/bridge/debian-ubuntu/ you should be good to go.
I've added "BridgeDistribution https" for my bridge, if you follow the post install page there is written something about distribution channels.
Sent with Proton Mail secure email.On Monday, November 18th, 2024 at 12:37 PM, Keifer Bly - keifer.bly at gmail.com mtrbognukmagrdvjmpymwfkuhpjfivqypleuund@simplelogin.co wrote:
This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content. More info on anti-phishing measure
Hi,
So for Debain 12, what is the command to install OBFS4? For my bridge at https://metrics.torproject.org/rs.html#details/0E547D99DEB753B20A19EEAA053CEF19EB5D54CD
Even though I configured obfs4 in torrc its saying no transport protocols. Thanks.
The torrc
Nickname udeservefreedom
ORPort <hidden>
Log notice file /var/tornitces.log/notices.log
SocksPort 0
BridgeRelay 1
PublishServerDescriptor bridge
BridgeDistribution email
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:<hidden>
ExtOrPort auto
ExitPolicy reject :
ContactInfo keiferdodderblyyatgmaildoddercom--Keifer
_______________________________________________
tor-relays mailing list -- tor-relays@lists.torproject.org
To unsubscribe send an email to tor-relays-leave@lists.torproject.org--Keifer