New Relay Online/Working on AWS Cloud Torproject
Howdy, Early this morning (3 AM CST) I brought a non-exit relay named “ConradsAWSRelay” online. I would appreciate it if someone would take an objective look at it to see if the relay is fast enough and bringing useful services to the tor network. Additionally, I know that people have been working on ansible solutions regarding the installation of tor and what not, but that being said, I’m working on an AWS specific solution to replace the previous Cloud torproject that we had years ago. I will keep everyone in the loop, but I think its time that we have a cloud specific solution for rolling out tor. Thanks, Conrad Rockenhaus
On 20 Dec 2017, at 13:28, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
Howdy,
Early this morning (3 AM CST) I brought a non-exit relay named “ConradsAWSRelay” online. I would appreciate it if someone would take an objective look at it to see if the relay is fast enough and bringing useful services to the tor network.
Please upgrade your relay to the latest Tor version: https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.htm... Your relay might take a few weeks to be used: https://blog.torproject.org/lifecycle-new-relay
Additionally, I know that people have been working on ansible solutions regarding the installation of tor and what not, but that being said, I’m working on an AWS specific solution to replace the previous Cloud torproject that we had years ago. I will keep everyone in the loop, but I think its time that we have a cloud specific solution for rolling out tor.
Thanks! It would be great to have this again. T
On Dec 19, 2017, at 8:55 PM, teor <teor2345@gmail.com> wrote:
On 20 Dec 2017, at 13:28, Conrad Rockenhaus <conrad@rockenhaus.com <mailto:conrad@rockenhaus.com>> wrote:
Howdy,
Early this morning (3 AM CST) I brought a non-exit relay named “ConradsAWSRelay” online. I would appreciate it if someone would take an objective look at it to see if the relay is fast enough and bringing useful services to the tor network.
Please upgrade your relay to the latest Tor version: https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.htm... <https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html>
I noticed this when I started it up. It appears that the version of Tor on EPEL is out of date. I’ll build it out of source to fix it. I’ll probably have to do that for the Cloud solution as well since the lifecycle of EPEL is normally behind. I’ll fix this now.
Your relay might take a few weeks to be used: https://blog.torproject.org/lifecycle-new-relay <https://blog.torproject.org/lifecycle-new-relay> I completely forgot about that. Thank you for reminding me :D.
Additionally, I know that people have been working on ansible solutions regarding the installation of tor and what not, but that being said, I’m working on an AWS specific solution to replace the previous Cloud torproject that we had years ago. I will keep everyone in the loop, but I think its time that we have a cloud specific solution for rolling out tor.
Thanks! It would be great to have this again.
I’m making progress and will advise all when I hit certain points so I can get feedback. I would like this new solution to have significant community input so I have all of my i’s dotted and my t’s crossed. Thanks, Conrad
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hello, ConradsAWSRelay was started back up on a new AWS instance running Amazon Linux and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have upgraded to Tor 0.3.1.9…. I had issues with getting the libevent development header dependencies resolved on Amazon Linux so I just compiled it on Red Hat and brought it over. More than likely I overlooked something and caused a cascade of failures from there, anyway, it’s up. Additionally, I brought up ConradsAWSExit, 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may bandwidth limit this one depending on load, I will have to wait and see how much traffic it gets since I don’t have unlimited $$$ to allocate to my new hobby :). If someone could take another look and provide me any feedback/constructive criticism about these two nodes, I would greatly appreciate it. Thank you for everyone’s advise! I also appreciate the input regarding the revitalization of the Cloud project again. Another person has also volunteered to assist in the project so hopefully things should start moving here pretty soon! Thanks, Conrad
On Dec 19, 2017, at 9:02 PM, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
On Dec 19, 2017, at 8:55 PM, teor <teor2345@gmail.com <mailto:teor2345@gmail.com>> wrote:
On 20 Dec 2017, at 13:28, Conrad Rockenhaus <conrad@rockenhaus.com <mailto:conrad@rockenhaus.com>> wrote:
Howdy,
Early this morning (3 AM CST) I brought a non-exit relay named “ConradsAWSRelay” online. I would appreciate it if someone would take an objective look at it to see if the relay is fast enough and bringing useful services to the tor network.
Please upgrade your relay to the latest Tor version: https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.htm... <https://lists.torproject.org/pipermail/tor-announce/2017-December/000147.html>
I noticed this when I started it up. It appears that the version of Tor on EPEL is out of date. I’ll build it out of source to fix it. I’ll probably have to do that for the Cloud solution as well since the lifecycle of EPEL is normally behind. I’ll fix this now.
Your relay might take a few weeks to be used: https://blog.torproject.org/lifecycle-new-relay <https://blog.torproject.org/lifecycle-new-relay> I completely forgot about that. Thank you for reminding me :D.
Additionally, I know that people have been working on ansible solutions regarding the installation of tor and what not, but that being said, I’m working on an AWS specific solution to replace the previous Cloud torproject that we had years ago. I will keep everyone in the loop, but I think its time that we have a cloud specific solution for rolling out tor.
Thanks! It would be great to have this again.
I’m making progress and will advise all when I hit certain points so I can get feedback. I would like this new solution to have significant community input so I have all of my i’s dotted and my t’s crossed.
Thanks,
Conrad
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org <mailto:tor-relays@lists.torproject.org> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 20 Dec 2017, at 20:59, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
ConradsAWSRelay was started back up on a new AWS instance running Amazon Linux and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have upgraded to Tor 0.3.1.9…. I had issues with getting the libevent development header dependencies resolved on Amazon Linux so I just compiled it on Red Hat and brought it over. More than likely I overlooked something and caused a cascade of failures from there, anyway, it’s up.
Additionally, I brought up ConradsAWSExit, 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may bandwidth limit this one depending on load, I will have to wait and see how much traffic it gets since I don’t have unlimited $$$ to allocate to my new hobby :).
Yes, running nodes at AWS can be expensive. I'm also interested to see what abuse complaints you get.
If someone could take another look and provide me any feedback/constructive criticism about these two nodes, I would greatly appreciate it.
Since you control multiple relays, please set MyFamily on all of them: MyFamily fingerprint1,fingerprint2 This is important because they are in different IPv4 /16s. (It will be even more important if one has the Guard flag, and the other has the Exit flag.) Does AWS have native IPv6 yet? If so, please set on both relays: ORPort [IPv6]:Port And on the Exit: IPv6Exit 1 You could connect to IPv6 using a nearby free tunnel service (Hurricane Electric is good, and has good peering with AWS), but this is not as fast or reliable as native IPv6. But as a learning experience, it's a good way to get IPv6.
Thank you for everyone’s advise! I also appreciate the input regarding the revitalization of the Cloud project again. Another person has also volunteered to assist in the project so hopefully things should start moving here pretty soon!
That's exciting. It would be great for people to be able to choose between multiple providers. Free VPSs are a great way to learn how to set up a relay. The biggest issue with the cloud image was that it wasn't kept up to date. I wonder if there's a way of doing that automatically. I also wonder if there's a way of giving people a BSD image option as well. T
On 20 Dec 2017, at 22:01, teor <teor2345@gmail.com> wrote:
Does AWS have native IPv6 yet?
It does, and if you created the right instance type (and created it recently) it's automatic: https://aws.amazon.com/blogs/aws/aws-ipv6-update-global-support-spanning-15-...
If so, please set on both relays:
ORPort [IPv6]:Port
And on the Exit:
IPv6Exit 1
ipconfig -6 or Ifconfig eth0 should tell you what the IPv6 address is: you'll want the publicly routable one, which probably starts with "200". We're working on automating IPv6 address detection for relays. T
On Dec 20, 2017, at 5:01 AM, teor <teor2345@gmail.com> wrote:
On 20 Dec 2017, at 20:59, Conrad Rockenhaus <conrad@rockenhaus.com <mailto:conrad@rockenhaus.com>> wrote:
ConradsAWSRelay was started back up on a new AWS instance running Amazon Linux and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have upgraded to Tor 0.3.1.9…. I had issues with getting the libevent development header dependencies resolved on Amazon Linux so I just compiled it on Red Hat and brought it over. More than likely I overlooked something and caused a cascade of failures from there, anyway, it’s up.
Additionally, I brought up ConradsAWSExit, 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may bandwidth limit this one depending on load, I will have to wait and see how much traffic it gets since I don’t have unlimited $$$ to allocate to my new hobby :).
Yes, running nodes at AWS can be expensive. I'm also interested to see what abuse complaints you get.
I’m mainly running this stuff on AWS because AWS is my playground for the new Cloud based solution I’m working on, just because I can start instances up with Amazon Linux, FreeBSD, Debian, etc. I am interested to see what the abuse process is as well. I will ensure that the costs are controlled so I’m not out of pocket too much. Eventually the permanent home will be moved to the new cabinet I’m going to be renting at a datacenter near my home.
If someone could take another look and provide me any feedback/constructive criticism about these two nodes, I would greatly appreciate it.
Since you control multiple relays, please set MyFamily on all of them:
MyFamily fingerprint1,fingerprint2
This is important because they are in different IPv4 /16s. (It will be even more important if one has the Guard flag, and the other has the Exit flag.)
Done, should see it in atlas within the hour.
Does AWS have native IPv6 yet?
If so, please set on both relays:
ORPort [IPv6]:Port
And on the Exit:
IPv6Exit 1
You could connect to IPv6 using a nearby free tunnel service (Hurricane Electric is good, and has good peering with AWS), but this is not as fast or reliable as native IPv6.
But as a learning experience, it's a good way to get IPv6.
I see that AWS does have native IPv6, but I have to get it enabled on my VPC before I can get these two instances up on IPv6. I will let y’all know when that’s done.
Thank you for everyone’s advise! I also appreciate the input regarding the revitalization of the Cloud project again. Another person has also volunteered to assist in the project so hopefully things should start moving here pretty soon!
That's exciting. It would be great for people to be able to choose between multiple providers. Free VPSs are a great way to learn how to set up a relay.
The biggest issue with the cloud image was that it wasn't kept up to date. I wonder if there's a way of doing that automatically.
I also wonder if there's a way of giving people a BSD image option as well.
My intent with the new cloud image architecture is to provide a multi-arch, portable, fast, and secure solution that will deploy tor relays. Another person has volunteered to assist me with this so with three people working on this I do hope that we will be able to keep things up to date, but my main goal is to have that somewhat automated. Speaking of which, I do wonder what the thoughts are on this idea. I would like to have two derivatives of the cloud package, one for novices and one for those who do not consider themselves novices. The novice package will be centrally managed by Puppet, so all the user has to do is spin up an instance, updates will be handled by the master. The non-novice package will be managed by chef. My main question is what are the thoughts on using Puppet? Would that be an acceptable solution for a non-novice solution or is that too much of a risk? Thanks, Conrad
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hello. I use AWS to test the alpha release, on the free tier. If you dont mind me asking, I am interested to know what you are doing to avoid a bill Amazon bill at the end of the month. I think I had about 30GB data transfer or so & a few other things and they sent me a bill for USD 0.70 ish (not at lot I know lol), but potentially it could be in the thousands of dollars or more if you are not careful. Is there a region that is "best" to use? AWS' internet is pretty fast, I transfered a file from 12GB file from Google Drive using Chrome in the VM in about 15 or so seconds. Also I noted that there are many entries in /var/log/auth.log that many people try to connect via SSH (username byebye is a popular one for some reason), more connection attempts than my home internet connection gets perhaps Many Thanks. On Wed, Dec 20, 2017 at 2:35 PM, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
On Dec 20, 2017, at 5:01 AM, teor <teor2345@gmail.com> wrote:
On 20 Dec 2017, at 20:59, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
ConradsAWSRelay was started back up on a new AWS instance running Amazon Linux and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have upgraded to Tor 0.3.1.9…. I had issues with getting the libevent development header dependencies resolved on Amazon Linux so I just compiled it on Red Hat and brought it over. More than likely I overlooked something and caused a cascade of failures from there, anyway, it’s up.
Additionally, I brought up ConradsAWSExit, 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may bandwidth limit this one depending on load, I will have to wait and see how much traffic it gets since I don’t have unlimited $$$ to allocate to my new hobby :).
Yes, running nodes at AWS can be expensive. I'm also interested to see what abuse complaints you get.
I’m mainly running this stuff on AWS because AWS is my playground for the new Cloud based solution I’m working on, just because I can start instances up with Amazon Linux, FreeBSD, Debian, etc. I am interested to see what the abuse process is as well. I will ensure that the costs are controlled so I’m not out of pocket too much.
Eventually the permanent home will be moved to the new cabinet I’m going to be renting at a datacenter near my home.
If someone could take another look and provide me any feedback/constructive criticism about these two nodes, I would greatly appreciate it.
Since you control multiple relays, please set MyFamily on all of them:
MyFamily fingerprint1,fingerprint2
This is important because they are in different IPv4 /16s. (It will be even more important if one has the Guard flag, and the other has the Exit flag.)
Done, should see it in atlas within the hour.
Does AWS have native IPv6 yet?
If so, please set on both relays:
ORPort [IPv6]:Port
And on the Exit:
IPv6Exit 1
You could connect to IPv6 using a nearby free tunnel service (Hurricane Electric is good, and has good peering with AWS), but this is not as fast or reliable as native IPv6.
But as a learning experience, it's a good way to get IPv6.
I see that AWS does have native IPv6, but I have to get it enabled on my VPC before I can get these two instances up on IPv6. I will let y’all know when that’s done.
Thank you for everyone’s advise! I also appreciate the input regarding the revitalization of the Cloud project again. Another person has also volunteered to assist in the project so hopefully things should start moving here pretty soon!
That's exciting. It would be great for people to be able to choose between multiple providers. Free VPSs are a great way to learn how to set up a relay.
The biggest issue with the cloud image was that it wasn't kept up to date. I wonder if there's a way of doing that automatically.
I also wonder if there's a way of giving people a BSD image option as well.
My intent with the new cloud image architecture is to provide a multi-arch, portable, fast, and secure solution that will deploy tor relays. Another person has volunteered to assist me with this so with three people working on this I do hope that we will be able to keep things up to date, but my main goal is to have that somewhat automated.
Speaking of which, I do wonder what the thoughts are on this idea. I would like to have two derivatives of the cloud package, one for novices and one for those who do not consider themselves novices. The novice package will be centrally managed by Puppet, so all the user has to do is spin up an instance, updates will be handled by the master.
The non-novice package will be managed by chef. My main question is what are the thoughts on using Puppet? Would that be an acceptable solution for a non-novice solution or is that too much of a risk?
Thanks,
Conrad
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 22 Dec 2017, at 21:08, Gary Smith <jaffacakemonster53@gmail.com> wrote:
Hello.
I use AWS to test the alpha release, on the free tier. If you dont mind me asking, I am interested to know what you are doing to avoid a bill Amazon bill at the end of the month.
I think I had about 30GB data transfer or so & a few other things and they sent me a bill for USD 0.70 ish (not at lot I know lol), but potentially it could be in the thousands of dollars or more if you are not careful. Is there a region that is "best" to use? AWS' internet is pretty fast, I transfered a file from 12GB file from Google Drive using Chrome in the VM in about 15 or so seconds.
I use AccountingMax, and set it about 1GB below the limit. Make sure you choose the right AccountingRule for AWS. (Some providers use max upload or download, and some use sum.) T
Also I noted that there are many entries in /var/log/auth.log that many people try to connect via SSH (username byebye is a popular one for some reason), more connection attempts than my home internet connection gets perhaps
Many Thanks.
On Wed, Dec 20, 2017 at 2:35 PM, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
On Dec 20, 2017, at 5:01 AM, teor <teor2345@gmail.com> wrote:
On 20 Dec 2017, at 20:59, Conrad Rockenhaus <conrad@rockenhaus.com> wrote:
ConradsAWSRelay was started back up on a new AWS instance running Amazon Linux and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have upgraded to Tor 0.3.1.9…. I had issues with getting the libevent development header dependencies resolved on Amazon Linux so I just compiled it on Red Hat and brought it over. More than likely I overlooked something and caused a cascade of failures from there, anyway, it’s up.
Additionally, I brought up ConradsAWSExit, 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may bandwidth limit this one depending on load, I will have to wait and see how much traffic it gets since I don’t have unlimited $$$ to allocate to my new hobby :).
Yes, running nodes at AWS can be expensive. I'm also interested to see what abuse complaints you get.
I’m mainly running this stuff on AWS because AWS is my playground for the new Cloud based solution I’m working on, just because I can start instances up with Amazon Linux, FreeBSD, Debian, etc. I am interested to see what the abuse process is as well. I will ensure that the costs are controlled so I’m not out of pocket too much.
Eventually the permanent home will be moved to the new cabinet I’m going to be renting at a datacenter near my home.
If someone could take another look and provide me any feedback/constructive criticism about these two nodes, I would greatly appreciate it.
Since you control multiple relays, please set MyFamily on all of them:
MyFamily fingerprint1,fingerprint2
This is important because they are in different IPv4 /16s. (It will be even more important if one has the Guard flag, and the other has the Exit flag.)
Done, should see it in atlas within the hour.
Does AWS have native IPv6 yet?
If so, please set on both relays:
ORPort [IPv6]:Port
And on the Exit:
IPv6Exit 1
You could connect to IPv6 using a nearby free tunnel service (Hurricane Electric is good, and has good peering with AWS), but this is not as fast or reliable as native IPv6.
But as a learning experience, it's a good way to get IPv6.
I see that AWS does have native IPv6, but I have to get it enabled on my VPC before I can get these two instances up on IPv6. I will let y’all know when that’s done.
Thank you for everyone’s advise! I also appreciate the input regarding the revitalization of the Cloud project again. Another person has also volunteered to assist in the project so hopefully things should start moving here pretty soon!
That's exciting. It would be great for people to be able to choose between multiple providers. Free VPSs are a great way to learn how to set up a relay.
The biggest issue with the cloud image was that it wasn't kept up to date. I wonder if there's a way of doing that automatically.
I also wonder if there's a way of giving people a BSD image option as well.
My intent with the new cloud image architecture is to provide a multi-arch, portable, fast, and secure solution that will deploy tor relays. Another person has volunteered to assist me with this so with three people working on this I do hope that we will be able to keep things up to date, but my main goal is to have that somewhat automated.
Speaking of which, I do wonder what the thoughts are on this idea. I would like to have two derivatives of the cloud package, one for novices and one for those who do not consider themselves novices. The novice package will be centrally managed by Puppet, so all the user has to do is spin up an instance, updates will be handled by the master.
The non-novice package will be managed by chef. My main question is what are the thoughts on using Puppet? Would that be an acceptable solution for a non-novice solution or is that too much of a risk?
Thanks,
Conrad
T _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Speaking of which, I do wonder what the thoughts are on this idea. I would like to have two derivatives of the cloud package, one for novices and one for those who do not consider themselves novices. The novice package will be centrally managed by Puppet, so all the user has to do is spin up an instance, updates will be handled by the master.
So your image will include a puppet master? Or do you intent to run a single master (under your control) to control other people's relays? (I hope you are not proposing that.)
The non-novice package will be managed by chef. My main question is what are the thoughts on using Puppet? Would that be an acceptable solution for a non-novice solution or is that too much of a risk?
-- https://mastodon.social/@nusenu twitter: @nusenu_
Conrad Rockenhaus:
I noticed this when I started it up. It appears that the version of Tor on EPEL is out of date. I’ll build it out of source to fix it. I’ll probably have to do that for the Cloud solution as well since the lifecycle of EPEL is normally behind.
0.2.9.14 reached stable ~16 hours ago (generally a EPEL package stays in testing for 2 weeks before reaching stable) https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97efaab7e7 If you do not want to build yourself you can enable the EPEL testing repo to get updates faster. If timely tor updates is a top priority, you might want to choose another OS. Also please enable auto updates on your images so we avoid having lots of outdated relays on the network. https://trac.torproject.org/projects/tor/wiki/OperatorsTips/RPMUpdates#CentO... - please automate the process of setting a proper MyFamily configuration - please ensure that relays have a meaningful ContactInfo set please do not forget to set MyFamily on all your relays https://atlas.torproject.org/#details/A5C6D2EBCCA77D0B09364DD6B75FEC817AF977... teor wrote:
I also wonder if there's a way of giving people a BSD image option as well.
Yes, BSD images would be great! IMHO the biggest drawback with AWS is bw cost - which is a lot more expensive than most other hosters. With the same kind of money operators would be able to push a lot more traffic if they choose an unmetered hoster. From a cost point of view I would advise against AWS. thanks for your efforts -- https://mastodon.social/@nusenu twitter: @nusenu_
participants (4)
-
Conrad Rockenhaus -
Gary Smith -
nusenu -
teor