-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hello tor ^.^
i'm trying to setup a tor relay behind a nginx reverse proxy... i would like to know if it's correctly setup.
i have this warn in the logs:
[warn] Received http status code 404 ("Not found") from server '85.14.240.188:443' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
but then in the same log little bit after:
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
last message is : Now checking whether ORPort X.X.X.X:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
thx for support.
it's a great community!
efkin
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
If you are using the free nginx, community project, that will only allow you to deploy a http(s) proxy. Only the commercial (paid) nginx allows you to deploy a TCP proxy (handles all TCP traffic), which is what you need for a Tor relay.
If you want to use a proxy, you should look into a TCP proxy which will handle any type of TCP traffic, regardless of protocol. (Tor uses http for directory requests [DirPort] but not for ORPort). Make sure your relay can reach the other relays in the consensus and it doesn't have any kind of restrictions or limitations such as being able only to talk on certain ports or reach a limited number of IP addresses, etc. Your relay needs to be able to connect to all the other relays, so the clients can build circuits through it.
A free open source solution might be haproxy ( http://www.haproxy.org/ ) Maybe this will help you with your setup.
Make sure you properly bind DirPort and ORPort to the correct interface and use NoAdvertise and NoListen accordingly. Provide more information about your setup and the relevant configs, if you are not able to do it.
Read the manual: https://www.torproject.org/docs/tor-manual.html.en
Thanks for running a relay!
On 3/9/2015 1:46 PM, efkin wrote:
hello tor ^.^
i'm trying to setup a tor relay behind a nginx reverse proxy... i would like to know if it's correctly setup.
i have this warn in the logs:
[warn] Received http status code 404 ("Not found") from server '85.14.240.188:443' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
but then in the same log little bit after:
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
last message is : Now checking whether ORPort X.X.X.X:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
thx for support.
it's a great community!
efkin _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/09/2015 03:35 PM, s7r wrote:
If you are using the free nginx, community project, that will only allow you to deploy a http(s) proxy. Only the commercial (paid) nginx allows you to deploy a TCP proxy (handles all TCP traffic), which is what you need for a Tor relay.
nice to know!
If you want to use a proxy, you should look into a TCP proxy which will handle any type of TCP traffic, regardless of protocol. (Tor uses http for directory requests [DirPort] but not for ORPort). Make sure your relay can reach the other relays in the consensus and it doesn't have any kind of restrictions or limitations such as being able only to talk on certain ports or reach a limited number of IP addresses, etc. Your relay needs to be able to connect to all the other relays, so the clients can build circuits through it.
A free open source solution might be haproxy ( http://www.haproxy.org/ ) Maybe this will help you with your setup.
Took a look at it and is quite cool.
Make sure you properly bind DirPort and ORPort to the correct interface and use NoAdvertise and NoListen accordingly. Provide more information about your setup and the relevant configs, if you are not able to do it.
i just setup: ORPort 3128 Address oni-on.cf
and some other stuff like nicks and contact info.
my haproxy config is somehting like this:
frontend oni-on bind *:3128
acl host_onion hdr(host) oni-on.cf
use_backend onion if host_onion
it seems that when it checks for reachability at the end of 20 mins it does not manage to reach it.
Thanks for running a relay!
still trying to set it up but a pleasure.
On 3/9/2015 1:46 PM, efkin wrote:
hello tor ^.^
i'm trying to setup a tor relay behind a nginx reverse proxy... i would like to know if it's correctly setup.
i have this warn in the logs:
[warn] Received http status code 404 ("Not found") from server '85.14.240.188:443' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
but then in the same log little bit after:
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
last message is : Now checking whether ORPort X.X.X.X:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
thx for support.
it's a great community!
efkin _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Hi again
I don't know anything about haproxy config and how it should look like unfortunately.
As for torrc:
ORPort <ip address, where the proxy forwards the requests>:3128 NoAdevertise ORPort <ip address of the actual proxy, where the server should be reached>:3128 NoListen
remove Address line.
Leave the contact info and other settings. Let us know if it works this way.
On 3/9/2015 7:50 PM, efkin wrote:
On 03/09/2015 03:35 PM, s7r wrote:
If you are using the free nginx, community project, that will only allow you to deploy a http(s) proxy. Only the commercial (paid) nginx allows you to deploy a TCP proxy (handles all TCP traffic), which is what you need for a Tor relay.
nice to know!
If you want to use a proxy, you should look into a TCP proxy which will handle any type of TCP traffic, regardless of protocol. (Tor uses http for directory requests [DirPort] but not for ORPort). Make sure your relay can reach the other relays in the consensus and it doesn't have any kind of restrictions or limitations such as being able only to talk on certain ports or reach a limited number of IP addresses, etc. Your relay needs to be able to connect to all the other relays, so the clients can build circuits through it.
A free open source solution might be haproxy ( http://www.haproxy.org/ ) Maybe this will help you with your setup.
Took a look at it and is quite cool.
Make sure you properly bind DirPort and ORPort to the correct interface and use NoAdvertise and NoListen accordingly. Provide more information about your setup and the relevant configs, if you are not able to do it.
i just setup: ORPort 3128 Address oni-on.cf
and some other stuff like nicks and contact info.
my haproxy config is somehting like this:
frontend oni-on bind *:3128
acl host_onion hdr(host) oni-on.cf
use_backend onion if host_onion
it seems that when it checks for reachability at the end of 20 mins it does not manage to reach it.
Thanks for running a relay!
still trying to set it up but a pleasure.
On 3/9/2015 1:46 PM, efkin wrote:
hello tor ^.^
i'm trying to setup a tor relay behind a nginx reverse proxy... i would like to know if it's correctly setup.
i have this warn in the logs:
[warn] Received http status code 404 ("Not found") from server '85.14.240.188:443' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
but then in the same log little bit after:
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
last message is : Now checking whether ORPort X.X.X.X:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
thx for support.
it's a great community!
efkin _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
hey!
basically with your setup and a little trick on haproxy it is working now or at least the log is saying:
[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
[notice] Performing bandwidth self-test...done.
but nothing else on the logs since half an hour...
does it mean it is working?
thx for support!
On 03/09/2015 10:03 PM, s7r wrote:
Hi again
I don't know anything about haproxy config and how it should look like unfortunately.
As for torrc:
ORPort <ip address, where the proxy forwards the requests>:3128 NoAdevertise ORPort <ip address of the actual proxy, where the server should be reached>:3128 NoListen
remove Address line.
Leave the contact info and other settings. Let us know if it works this way.
On 3/9/2015 7:50 PM, efkin wrote:
On 03/09/2015 03:35 PM, s7r wrote:
If you are using the free nginx, community project, that will only allow you to deploy a http(s) proxy. Only the commercial (paid) nginx allows you to deploy a TCP proxy (handles all TCP traffic), which is what you need for a Tor relay.
nice to know!
If you want to use a proxy, you should look into a TCP proxy which will handle any type of TCP traffic, regardless of protocol. (Tor uses http for directory requests [DirPort] but not for ORPort). Make sure your relay can reach the other relays in the consensus and it doesn't have any kind of restrictions or limitations such as being able only to talk on certain ports or reach a limited number of IP addresses, etc. Your relay needs to be able to connect to all the other relays, so the clients can build circuits through it.
A free open source solution might be haproxy ( http://www.haproxy.org/ ) Maybe this will help you with your setup.
Took a look at it and is quite cool.
Make sure you properly bind DirPort and ORPort to the correct interface and use NoAdvertise and NoListen accordingly. Provide more information about your setup and the relevant configs, if you are not able to do it.
i just setup: ORPort 3128 Address oni-on.cf
and some other stuff like nicks and contact info.
my haproxy config is somehting like this:
frontend oni-on bind *:3128
acl host_onion hdr(host) oni-on.cf
use_backend onion if host_onion
it seems that when it checks for reachability at the end of 20 mins it does not manage to reach it.
Thanks for running a relay!
still trying to set it up but a pleasure.
On 3/9/2015 1:46 PM, efkin wrote:
hello tor ^.^
i'm trying to setup a tor relay behind a nginx reverse proxy... i would like to know if it's correctly setup.
i have this warn in the logs:
[warn] Received http status code 404 ("Not found") from server '85.14.240.188:443' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
but then in the same log little bit after:
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
last message is : Now checking whether ORPort X.X.X.X:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
thx for support.
it's a great community!
efkin _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Yes, that means is working, theoretically. The log won't say anything for the next 6 hours, and after 6 hours it will just say how many circuits it has running, uptime and relayed bandwidth. These are the default log settings. You can increase the verbosity of the log but it's not required.
https://atlas.torproject.org/ Search here for your relay's nickname or IP address to see its flags and what Advertised Speed is it showing to the network. Might start with a low value but will grow in time.
https://consensus-health.torproject.org/consensus-health.html go here, wait for the page to load (big page) and search with ctrl + f and enter your relay's nickname. You will see here what flags were voted for your relay by the directory authorities.
https://blog.torproject.org/blog/lifecycle-of-a-new-relay This will help you understand how Tor's load balancing works and what are the phases a new relay will go through.
Constantly keep an eye out for warnings/errors in Tor's log. Report any misbehavior to this mail list and especially by tickets on Trac at https://trac.torproject.org/
Remember to keep your Tor up to date whenever there is a new release, especially when the release fixes a security issue.
I am glad I could help! Now I can say thanks for running a relay. If it's an Exit relay, that is even better!
You might want to challenge us with a different customized setup next time for your #2-nd relay :-) Cheers!
On 3/10/2015 12:07 AM, efkin wrote:
hey!
basically with your setup and a little trick on haproxy it is working now or at least the log is saying:
[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
[notice] Performing bandwidth self-test...done.
but nothing else on the logs since half an hour...
does it mean it is working?
thx for support!
On 03/09/2015 10:03 PM, s7r wrote:
Hi again
I don't know anything about haproxy config and how it should look like unfortunately.
As for torrc:
ORPort <ip address, where the proxy forwards the requests>:3128 NoAdevertise ORPort <ip address of the actual proxy, where the server should be reached>:3128 NoListen
remove Address line.
Leave the contact info and other settings. Let us know if it works this way.
On 3/9/2015 7:50 PM, efkin wrote:
On 03/09/2015 03:35 PM, s7r wrote:
If you are using the free nginx, community project, that will only allow you to deploy a http(s) proxy. Only the commercial (paid) nginx allows you to deploy a TCP proxy (handles all TCP traffic), which is what you need for a Tor relay.
nice to know!
If you want to use a proxy, you should look into a TCP proxy which will handle any type of TCP traffic, regardless of protocol. (Tor uses http for directory requests [DirPort] but not for ORPort). Make sure your relay can reach the other relays in the consensus and it doesn't have any kind of restrictions or limitations such as being able only to talk on certain ports or reach a limited number of IP addresses, etc. Your relay needs to be able to connect to all the other relays, so the clients can build circuits through it.
A free open source solution might be haproxy ( http://www.haproxy.org/ ) Maybe this will help you with your setup.
Took a look at it and is quite cool.
Make sure you properly bind DirPort and ORPort to the correct interface and use NoAdvertise and NoListen accordingly. Provide more information about your setup and the relevant configs, if you are not able to do it.
i just setup: ORPort 3128 Address oni-on.cf
and some other stuff like nicks and contact info.
my haproxy config is somehting like this:
frontend oni-on bind *:3128
acl host_onion hdr(host) oni-on.cf
use_backend onion if host_onion
it seems that when it checks for reachability at the end of 20 mins it does not manage to reach it.
Thanks for running a relay!
still trying to set it up but a pleasure.
On 3/9/2015 1:46 PM, efkin wrote:
hello tor ^.^
i'm trying to setup a tor relay behind a nginx reverse proxy... i would like to know if it's correctly setup.
i have this warn in the logs:
[warn] Received http status code 404 ("Not found") from server '85.14.240.188:443' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
but then in the same log little bit after:
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
last message is : Now checking whether ORPort X.X.X.X:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
thx for support.
it's a great community!
efkin _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
So it is on atlas and consensus, it is an exit node.
But the probability of being an exit has decreased in the graphs, but it is constant now. What does that mean?
Now we'll try to contact other exit nodes in the territory and see if there is a kind of association already existing of exit nodes so we could join them.
It feels nice to support this project.
Cheers!
On 03/09/2015 11:40 PM, s7r wrote:
Yes, that means is working, theoretically. The log won't say anything for the next 6 hours, and after 6 hours it will just say how many circuits it has running, uptime and relayed bandwidth. These are the default log settings. You can increase the verbosity of the log but it's not required.
https://atlas.torproject.org/ Search here for your relay's nickname or IP address to see its flags and what Advertised Speed is it showing to the network. Might start with a low value but will grow in time.
https://consensus-health.torproject.org/consensus-health.html go here, wait for the page to load (big page) and search with ctrl + f and enter your relay's nickname. You will see here what flags were voted for your relay by the directory authorities.
https://blog.torproject.org/blog/lifecycle-of-a-new-relay This will help you understand how Tor's load balancing works and what are the phases a new relay will go through.
Constantly keep an eye out for warnings/errors in Tor's log. Report any misbehavior to this mail list and especially by tickets on Trac at https://trac.torproject.org/
Remember to keep your Tor up to date whenever there is a new release, especially when the release fixes a security issue.
I am glad I could help! Now I can say thanks for running a relay. If it's an Exit relay, that is even better!
You might want to challenge us with a different customized setup next time for your #2-nd relay :-) Cheers!
On 3/10/2015 12:07 AM, efkin wrote:
hey!
basically with your setup and a little trick on haproxy it is working now or at least the log is saying:
[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
[notice] Performing bandwidth self-test...done.
but nothing else on the logs since half an hour...
does it mean it is working?
thx for support!
On 03/09/2015 10:03 PM, s7r wrote:
Hi again
I don't know anything about haproxy config and how it should look like unfortunately.
As for torrc:
ORPort <ip address, where the proxy forwards the requests>:3128 NoAdevertise ORPort <ip address of the actual proxy, where the server should be reached>:3128 NoListen
remove Address line.
Leave the contact info and other settings. Let us know if it works this way.
On 3/9/2015 7:50 PM, efkin wrote:
On 03/09/2015 03:35 PM, s7r wrote:
If you are using the free nginx, community project, that will only allow you to deploy a http(s) proxy. Only the commercial (paid) nginx allows you to deploy a TCP proxy (handles all TCP traffic), which is what you need for a Tor relay.
nice to know!
If you want to use a proxy, you should look into a TCP proxy which will handle any type of TCP traffic, regardless of protocol. (Tor uses http for directory requests [DirPort] but not for ORPort). Make sure your relay can reach the other relays in the consensus and it doesn't have any kind of restrictions or limitations such as being able only to talk on certain ports or reach a limited number of IP addresses, etc. Your relay needs to be able to connect to all the other relays, so the clients can build circuits through it.
A free open source solution might be haproxy ( http://www.haproxy.org/ ) Maybe this will help you with your setup.
Took a look at it and is quite cool.
Make sure you properly bind DirPort and ORPort to the correct interface and use NoAdvertise and NoListen accordingly. Provide more information about your setup and the relevant configs, if you are not able to do it.
i just setup: ORPort 3128 Address oni-on.cf
and some other stuff like nicks and contact info.
my haproxy config is somehting like this:
frontend oni-on bind *:3128
acl host_onion hdr(host) oni-on.cf
use_backend onion if host_onion
it seems that when it checks for reachability at the end of 20 mins it does not manage to reach it.
Thanks for running a relay!
still trying to set it up but a pleasure.
On 3/9/2015 1:46 PM, efkin wrote:
hello tor ^.^
i'm trying to setup a tor relay behind a nginx reverse proxy... i would like to know if it's correctly setup.
i have this warn in the logs:
[warn] Received http status code 404 ("Not found") from server '85.14.240.188:443' while fetching "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
but then in the same log little bit after:
[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
last message is : Now checking whether ORPort X.X.X.X:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
thx for support.
it's a great community!
efkin _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org