[tor-commits] [community/master] Remove 0 space character
hiro at torproject.org
hiro at torproject.org
Sat Apr 27 19:55:10 UTC 2019
commit 58bc8b7d52ac57d2e942a58ea25788b7553f10be
Author: hiro <hiro at torproject.org>
Date: Sat Apr 27 21:55:03 2019 +0200
Remove 0 space character
---
.../relay-operations/technical-setup/contents.lr | 317 ++++++++++-----------
1 file changed, 158 insertions(+), 159 deletions(-)
diff --git a/content/relay-operations/technical-setup/contents.lr b/content/relay-operations/technical-setup/contents.lr
index d7af9b1..4276efd 100644
--- a/content/relay-operations/technical-setup/contents.lr
+++ b/content/relay-operations/technical-setup/contents.lr
@@ -8,7 +8,7 @@ _template: layout.html
---
title: Technical setup
---
-subtitle: Installing and configuring your Tor relay.
+subtitle: Installing and configuring your Tor relay.
---
key: 3
---
@@ -18,21 +18,21 @@ body:
# Considerations when choosing a hosting provider
-If you have access to a high speed internet connection (>=100 Mbit/s in both
-directions) and a physical piece of computer hardware, this is the best way to
-run a relay. Having full control over the hardware and connection gives you a
-more controllable and (if done correctly) secure environment. You can host your
-own physical hardware at home (do NOT run a Tor exit relay from your home) or in
-a data center. Sometimes this is referred to as installing the relay on "bare
+If you have access to a high speed internet connection (>=100 Mbit/s in both
+directions) and a physical piece of computer hardware, this is the best way to
+run a relay. Having full control over the hardware and connection gives you a
+more controllable and (if done correctly) secure environment. You can host your
+own physical hardware at home (do NOT run a Tor exit relay from your home) or in
+a data center. Sometimes this is referred to as installing the relay on "bare
metal".
-If you do not own physical hardware, you could run a relay on a rented dedicated
-server or virtual private server (VPS). This can cost anywhere between
-$3.00/month and thousands per month, depending on your provider, hardware
-configuration, and bandwidth usage. Many VPS providers will not allow you to run
-exit relays. You must follow the VPS provider's terms of service, or risk having
-your account disabled. For more information on hosting providers and their
-policies on allowing Tor relays, please see this list maintained by the Tor
+If you do not own physical hardware, you could run a relay on a rented dedicated
+server or virtual private server (VPS). This can cost anywhere between
+$3.00/month and thousands per month, depending on your provider, hardware
+configuration, and bandwidth usage. Many VPS providers will not allow you to run
+exit relays. You must follow the VPS provider's terms of service, or risk having
+your account disabled. For more information on hosting providers and their
+policies on allowing Tor relays, please see this list maintained by the Tor
community: [GoodBadISPs](FIXME).
## Questions to consider when choosing a hoster
@@ -41,29 +41,28 @@ community: [GoodBadISPs](FIXME).
* Does the hoster provide IPv6 connectivity? (it is recommended, but not required)
* What virtualization / hypervisor (if any) does the provider use? (anything but OpenVZ should be fine)
* Does the hoster start to throttle bandwidth after a certain amount of traffic?
-* How well connected is the autonomous system of the hoster? To answer this
-question you can use the AS rank of the autonomous systems if you want to
+* How well connected is the autonomous system of the hoster? To answer this
+question you can use the AS rank of the autonomous systems if you want to
compare: http://as-rank.caida.org/ (a lower value is better)
## If you plan to run Exit Relays
-* Does the hoster allow Tor exit relays? (explicitly ask them before starting an
+* Does the hoster allow Tor exit relays? (explicitly ask them before starting an
exit relay there)
-* Does the hoster allow custom WHOIS records for your IP addresses? This helps
+* Does the hoster allow custom WHOIS records for your IP addresses? This helps
reduce the amount of abuse sent to the hoster instead of you.
-* Does the hoster allow you to set a custom DNS reverse entry? (DNS PTR record)
+* Does the hoster allow you to set a custom DNS reverse entry? (DNS PTR record)
This are probably things you will need to ask the hoster in a Pre-Sales ticket
-
# AS/location diversity
-When selecting your hosting provider, consider network diversity on an
-autonomous system (AS) and country level. A more diverse network is more
-resilient to attacks and outages. Sometimes it is not clear which AS you are
-buying from in case of resellers. To be sure it is best to ask the hoster about
+When selecting your hosting provider, consider network diversity on an
+autonomous system (AS) and country level. A more diverse network is more
+resilient to attacks and outages. Sometimes it is not clear which AS you are
+buying from in case of resellers. To be sure it is best to ask the hoster about
the AS number before ordering a server.
-It is best to avoid hosters where many Tor relays are already hosted, but it is
-still better to add one there than to run no relay at all. **Try to avoid** the
+It is best to avoid hosters where many Tor relays are already hosted, but it is
+still better to add one there than to run no relay at all. **Try to avoid** the
following hoster:
* OVH SAS (AS16276)
@@ -71,40 +70,40 @@ following hoster:
* Hetzner Online GmbH (AS24940)
* DigitalOcean, LLC (AS14061)
-To find out which hoster and countries are already used by many other operators
+To find out which hoster and countries are already used by many other operators
(that should be avoided) you can use Relay Search:
-* [Autonomous System Level
+* [Autonomous System Level
Overview](https://metrics.torproject.org/rs.html#aggregate/as)
* [Country Level Overview](https://metrics.torproject.org/rs.html#aggregate/cc)
# Choosing an Operating System
-We recommend you use the operating system you are most familiar with. Please
-keep in mind that since most relays run on Debian and we want to avoid a
+We recommend you use the operating system you are most familiar with. Please
+keep in mind that since most relays run on Debian and we want to avoid a
monoculture, BSD and other non-Linux based relays are greatly needed.
-The following table shows the current OS distribution on the Tor network to give
+The following table shows the current OS distribution on the Tor network to give
you an idea of how much more non-Linux relays we should have:
* https://nusenu.github.io/OrNetStats/#os-distribution-relays
# OS Level Configuration
-OS configuration is outside the scope of this guide but the following points are
+OS configuration is outside the scope of this guide but the following points are
crucial for a Tor relay, so we want to mention them here nonetheless.
## Time Synchronization (NTP)
-Correct time settings are essential for Tor relays. It is recommended that you
-use the network time protocol (NTP) for time synchronization and ensure your
+Correct time settings are essential for Tor relays. It is recommended that you
+use the network time protocol (NTP) for time synchronization and ensure your
timezone is set correctly.
## Automatic Software Updates
-One of the most imported things to keeps your relay secure is to install
-security updates timely and ideally automatically so you can not forget about
-it. We collected the steps to enable automatic software updates for different
+One of the most imported things to keeps your relay secure is to install
+security updates timely and ideally automatically so you can not forget about
+it. We collected the steps to enable automatic software updates for different
operating systems:
* [RPM-based distributions](FIXME) (RHEL, CentOS, Fedora, openSUSE)
@@ -113,17 +112,17 @@ operating systems:
# Tor Relay Setup: Installation and Configuration
-This section covers the installation and configuration of the program required
-to run a Tor relay for various operating systems. These steps are intended for
+This section covers the installation and configuration of the program required
+to run a Tor relay for various operating systems. These steps are intended for
the latest stable version of the given OS, on Ubuntu for the latest LTS release.
-Note: For some operating systems, there are alpha version packages available
-(tor versions with new features not deemed to be stable yet). These are only
-recommended for people eager to test and report bugs in bleeding edge
-releases/features. If you are looking to run a relay with minimal effort we
+Note: For some operating systems, there are alpha version packages available
+(tor versions with new features not deemed to be stable yet). These are only
+recommended for people eager to test and report bugs in bleeding edge
+releases/features. If you are looking to run a relay with minimal effort we
recommend you stick to stable releases.
-In this guide we describe how to setup a new non-exit relay. By reading further
+In this guide we describe how to setup a new non-exit relay. By reading further
you can easily switch to become an exit relay.
**Questions you should clarify before configuring Tor:**
@@ -138,37 +137,37 @@ of the few open ports on public WIFI networks. Port 9001 is another commonly use
* What email address will you use in the ContactInfo field of your relay(s)?
Note: This information will be made public.
* How much bandwidth/monthly traffic do you want to allow for Tor traffic?
-* Does the server have an IPv6 address?
+* Does the server have an IPv6 address?
The installation commands are shown in code blocks and must be executed with root privileges.
## Make sure relay ports can be reached
-If you are using a firewall, open a hole in your firewall so incoming
-connections can reach the ports you will use for your relay (ORPort, plus
-DirPort if you enabled it). Also, make sure you allow all outgoing connections
-too, so your relay can reach the other Tor relays, clients and destinations. You
-can find the specific ORPort TCP port number in the torrc configuration samples
+If you are using a firewall, open a hole in your firewall so incoming
+connections can reach the ports you will use for your relay (ORPort, plus
+DirPort if you enabled it). Also, make sure you allow all outgoing connections
+too, so your relay can reach the other Tor relays, clients and destinations. You
+can find the specific ORPort TCP port number in the torrc configuration samples
bellow (in the OS specific sections).
## Configuration Management
-Tor does not scale well on multi-core machines. If you run a Tor relay on a
-server with a fast Internet uplink (>200 Mbit/s) you might want to consider
-running multiple Tor instances on a single server with multiple cores. Note: You
+Tor does not scale well on multi-core machines. If you run a Tor relay on a
+server with a fast Internet uplink (>200 Mbit/s) you might want to consider
+running multiple Tor instances on a single server with multiple cores. Note: You
can only run two tor instances per public IPv4 address.
-If you plan to run more than a single relay, or you want to run a high capacity
-relay (multiple Tor instances per server) or want to use strong security
-features like [Offline Master
+If you plan to run more than a single relay, or you want to run a high capacity
+relay (multiple Tor instances per server) or want to use strong security
+features like [Offline Master
Keys](https://trac.torproject.org/projects/tor/wiki/doc/TorRelaySecurity/OfflineKeys)
without performing additional steps manually, you may want to use a configuration
-management for better maintainability.
+management for better maintainability.
-There are multiple configuration management solutions for Unix based operating
+There are multiple configuration management solutions for Unix based operating
systems (Ansible, Puppet, Salt, ...).
-The following Ansible Role has specifically been build for Tor relay operators
+The following Ansible Role has specifically been build for Tor relay operators
and supports multiple operating systems:
http://github.com/nusenu/ansible-relayor
@@ -185,11 +184,11 @@ Please choose your platform:
## Verify that your relay works
-If your logfile (syslog) contains the following entry after starting your tor
+If your logfile (syslog) contains the following entry after starting your tor
daemon your relay should be up and running as expected:
```
-Self-testing indicates your ORPort is reachable from the outside. Excellent.
+Self-testing indicates your ORPort is reachable from the outside. Excellent.
Publishing server descriptor.
```
@@ -199,20 +198,20 @@ relay using your nickname or IP address.
# Getting Help
-If you run into problems while setting up your relay you can ask your questions
+If you run into problems while setting up your relay you can ask your questions
on the public tor-relays mailing list:
* https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-This is a great resource for asking (and answering) questions, and generally
+This is a great resource for asking (and answering) questions, and generally
getting to know other relay operators. Make sure to check out the archives!
# Limiting bandwidth usage (and traffic)
-Tor will not limit its bandwidth usage by default, but supports multiple ways to
-restrict the used bandwidth and the amount of traffic. This can be handy if you
-want to ensure that your Tor relay does not exceed a certain amount of bandwidth
-or total traffic per day/week/month. The following torrc configuration options
+Tor will not limit its bandwidth usage by default, but supports multiple ways to
+restrict the used bandwidth and the amount of traffic. This can be handy if you
+want to ensure that your Tor relay does not exceed a certain amount of bandwidth
+or total traffic per day/week/month. The following torrc configuration options
can be used to restrict bandwidth and traffic:
* AccountingMax
@@ -220,53 +219,53 @@ can be used to restrict bandwidth and traffic:
* AccountingStart
* BandwidthRate
* BandwidthBurst
-* RelayBandwidthRate
+* RelayBandwidthRate
-Having a fast relay for some time of the month is preferred over a slow relay
+Having a fast relay for some time of the month is preferred over a slow relay
for the entire month.
Also see the bandwidth entry in the FAQ: https://www.torproject.org/docs/faq.html.en#BandwidthShaping
# IPv6
-We encourage everyone to enable IPv6 on their relays. This is especially
+We encourage everyone to enable IPv6 on their relays. This is especially
valuable on exit and guard relays.
-Before enabling your tor daemon to use IPv6 in addition to IPv4 you should do
+Before enabling your tor daemon to use IPv6 in addition to IPv4 you should do
some basic IPv6 connectivity tests.
-he following command line will ping the IPv6 addresses of Tor directory
+he following command line will ping the IPv6 addresses of Tor directory
authorities from your server:
```
ping6 -c2 2001:858:2:2:aabb:0:563b:1526 && ping6 -c2 2620:13:4000:6000::1000:118 && ping6 -c2 2001:67c:289c::9 && ping6 -c2 2001:678:558:1000::244 && ping6 -c2 2607:8500:154::3 && ping6 -c2 2001:638:a000:4140::ffff:189 && echo OK.
```
-At the end of the output you should see "OK." if that is not the case do not
-enable IPv6 in your torrc configuration file before IPv6 is indeed working. If
-you enable IPv6 without working IPv6 connectivity your entire relay will not be
+At the end of the output you should see "OK." if that is not the case do not
+enable IPv6 in your torrc configuration file before IPv6 is indeed working. If
+you enable IPv6 without working IPv6 connectivity your entire relay will not be
used, regardless if IPv4 is working.
-If it worked fine, make your Tor relay reachable via IPv6 by adding an
+If it worked fine, make your Tor relay reachable via IPv6 by adding an
additional ORPort line to your configuration (example for ORPort 9001):
```
ORPort [IPv6-address]:9001
```
-The location of that line in the configuration file does not matter you can
+The location of that line in the configuration file does not matter you can
simply add it next to the first ORPort lins in your torrc file.
-Note: You have to explicitly specify your IPv6 address in square brackets, you
-can not tell tor to bind to any IPv6 (like you do for IPv4). If you have a
-global IPv6 address you should be able to find it in the output of the following
+Note: You have to explicitly specify your IPv6 address in square brackets, you
+can not tell tor to bind to any IPv6 (like you do for IPv4). If you have a
+global IPv6 address you should be able to find it in the output of the following
command:
```
ip addr|grep inet6|grep global
```
-If you are an exit relay with IPv6 connectivity, tell your tor daemon to allow
+If you are an exit relay with IPv6 connectivity, tell your tor daemon to allow
exiting via IPv6 so clients can reach IPv6 destinations:
```
@@ -277,50 +276,50 @@ Note: Tor requires IPv4 connectivity, you can not run a Tor relay on IPv6-only.
# Important if you run more than one Tor instance
-To avoid putting Tor clients at risk when operating multiple relays you must set
+To avoid putting Tor clients at risk when operating multiple relays you must set
a proper [MyFamily](https://2019.www.torproject.org/docs/tor-manual.html.en#MyFamily)
value and have a valid [ContactInfo](https://2019.www.torproject.org/docs/tor-manual.html.en#ContactInfo)
-in your torrc configuration. The MyFamily setting is simply telling Tor clients what Tor
-relays are controlled by a single entity/operator/organization, so they don't
+in your torrc configuration. The MyFamily setting is simply telling Tor clients what Tor
+relays are controlled by a single entity/operator/organization, so they don't
use them in multiple position in a single circuit.
-If you run two relays and they have fingerprints AAAAAAAAAA and BBBBBBBB, you
+If you run two relays and they have fingerprints AAAAAAAAAA and BBBBBBBB, you
would add the following configuration to set MyFamily:
```
MyFamily AAAAAAAAAA,BBBBBBBB
```
-to both relays. To find your relays fingerprint you can look into the log files
-when tor starts up or find the file named "fingerprint" in your tor
+to both relays. To find your relays fingerprint you can look into the log files
+when tor starts up or find the file named "fingerprint" in your tor
DataDirectory.
-Instead of doing so manually for big operators we recommend to automate the
-MyFamily setting via a configuration management solution. Manually managing
+Instead of doing so manually for big operators we recommend to automate the
+MyFamily setting via a configuration management solution. Manually managing
MyFamily for big relaygroups is error prone and can put Tor clients at risk.
# Exit Relay Configuration
-It is recommended that you setup exit relays on servers dedicated to this
-purpose. It is not recommended to install Tor exit relays on servers that you
-need for other services as well. Do not mix your own traffic with your exit
+It is recommended that you setup exit relays on servers dedicated to this
+purpose. It is not recommended to install Tor exit relays on servers that you
+need for other services as well. Do not mix your own traffic with your exit
relay traffic.
## Reverse DNS and WHOIS record
-Before switching your relay to become an exit relay, ensure that you have set a
-clear DNS reverse (PTR) record to make it clear for everyone that this is a tor
+Before switching your relay to become an exit relay, ensure that you have set a
+clear DNS reverse (PTR) record to make it clear for everyone that this is a tor
exit relay. Something like "tor-exit" it its name is a good start.
-If your provider offers it, make sure your WHOIS record contains clear
+If your provider offers it, make sure your WHOIS record contains clear
indications that this is a Tor exit relay.
## Exit Notice HTML page
-To make it even more obvious that this is a Tor exit relay you should serve a
-Tor exit notice HTML page. Tor can do that for you if your DirPort is on TCP
-port 80, you can make use of tor's DirPortFrontPage feature to display a
-HTML file on that port. This file will be shown to anyone directing his browser
+To make it even more obvious that this is a Tor exit relay you should serve a
+Tor exit notice HTML page. Tor can do that for you if your DirPort is on TCP
+port 80, you can make use of tor's DirPortFrontPage feature to display a
+HTML file on that port. This file will be shown to anyone directing his browser
to your Tor exit relay IP address.
```
@@ -328,8 +327,8 @@ DirPort 80
DirPortFrontPage /path/to/html/file
```
-We offer a sample Tor exit notice HTML file, but you might want to adjust it to
-your needs:
+We offer a sample Tor exit notice HTML file, but you might want to adjust it to
+your needs:
https://gitweb.torproject.org/tor.git/plain/contrib/operator-tools/tor-exit-notice.html
Here are some more tips for running a reliable exit relay:
@@ -337,23 +336,23 @@ https://blog.torproject.org/tips-running-exit-node
## Exit Policy
-Defining the [exit
+Defining the [exit
policy](https://www.torproject.org/docs/tor-manual.html.en#ExitPolicy)
-is one of the most important parts of an exit relay configuration. The exit
-policy defines which destination ports you are willing to forward. This has an
-impact on the amount of abuse emails you will get (less ports means less abuse
-emails, but an exit relay allowing only few ports is also less useful). If you
-want to be a useful exit relay you must **at least allow destination ports 80
+is one of the most important parts of an exit relay configuration. The exit
+policy defines which destination ports you are willing to forward. This has an
+impact on the amount of abuse emails you will get (less ports means less abuse
+emails, but an exit relay allowing only few ports is also less useful). If you
+want to be a useful exit relay you must **at least allow destination ports 80
and 443**.
-As a new exit relay - especially if you are new to your hoster - it is good to
-start with a reduced exit policy (to reduce the amount of abuse emails) and
-further open it up as you become more experienced. The reduced exit policy can
-be found on the
+As a new exit relay - especially if you are new to your hoster - it is good to
+start with a reduced exit policy (to reduce the amount of abuse emails) and
+further open it up as you become more experienced. The reduced exit policy can
+be found on the
[ReducedExitPolicy](https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy)
wiki page.
-To become an exit relay change ExitRelay from 0 to 1 in your torrc configuration
+To become an exit relay change ExitRelay from 0 to 1 in your torrc configuration
file and restart the tor daemon.
```
@@ -362,8 +361,8 @@ ExitRelay 1
## DNS on Exit Relays
-Unlike other types of relays, exit relays also do DNS resolution for Tor
-clients. DNS resolution on exit relays is crucial for Tor clients, it should be
+Unlike other types of relays, exit relays also do DNS resolution for Tor
+clients. DNS resolution on exit relays is crucial for Tor clients, it should be
reliable and fast by using caching.
* DNS resolution can have a significant impact on the performance and reliability your exit relay provides. Poor DNS performance will result in less traffic going through your exit relay.
@@ -371,29 +370,29 @@ reliable and fast by using caching.
* We recommend running a local caching and DNSSEC-validating resolver without using any forwarders (specific instructions follow bellow for each operating systems)
* if you want to add a second DNS resolver as a fallback to your /etc/resolv.conf configuration, try to choose a resolver within your autonomous system and make sure it is not your first entry in that file (the first entry should be your local resolver)
* if a local resolver like unbound is not an option for you try to use a resolver that your provider runs in the same autonomous system (to find out if an IP address is in the same AS as your relay, you can look it up, using for example https://bgp.he.net).
-* try to avoid adding too many resolvers to your /etc/resolv.conf file to limit exposure on an AS-level (try to not use more than two entries)
+* try to avoid adding too many resolvers to your /etc/resolv.conf file to limit exposure on an AS-level (try to not use more than two entries)
-There are multiple options for DNS server software, unbound has become a popular
-one but **feel free to use any other you are comfortable with**. When choosing your
-DNS resolver software try to ensure it supports DNSSEC validation and QNAME
-minimisation (RFC7816). In every case the software should be installed
-using the OS package manager to ensure it is updated with the rest of the
+There are multiple options for DNS server software, unbound has become a popular
+one but **feel free to use any other you are comfortable with**. When choosing your
+DNS resolver software try to ensure it supports DNSSEC validation and QNAME
+minimisation (RFC7816). In every case the software should be installed
+using the OS package manager to ensure it is updated with the rest of the
system.
-By using your own DNS resolver you are less vulnerable to DNS-based censorship
+By using your own DNS resolver you are less vulnerable to DNS-based censorship
that your upstream resolver might impose.
-Here follow specific instructions on how to install and configure unbound on
-your exit - a DNSSEC-validating and caching resolver. unbound has many
-configuration and tuning nobs but we try to keep these instructions as simple
+Here follow specific instructions on how to install and configure unbound on
+your exit - a DNSSEC-validating and caching resolver. unbound has many
+configuration and tuning nobs but we try to keep these instructions as simple
and short as possible and the basic setup will do just fine for most operators.
-After switching to unbound verify it works as expected by resolving a valid
-hostname, if it does not work, you can restore the old resolv.conf file.
+After switching to unbound verify it works as expected by resolving a valid
+hostname, if it does not work, you can restore the old resolv.conf file.
### Debian/Ubuntu
-The following 3 commands install unbound, backup your DNS configuration and tell
+The following 3 commands install unbound, backup your DNS configuration and tell
the system to use the local unbound:
```
@@ -408,8 +407,8 @@ To avoid that the configuration gets changed (for example by the DHCP client):
chattr +i /etc/resolv.conf
```
-The Debian configuration ships with QNAME minimisation (RFC7816) enabled
-by default so you don't need to enable it explicitly. The unbound resolver you
+The Debian configuration ships with QNAME minimisation (RFC7816) enabled
+by default so you don't need to enable it explicitly. The unbound resolver you
just installed does also DNSSEC validation.
### CentOS/RHEL
@@ -454,7 +453,7 @@ chattr +i /etc/resolv.conf
### FreeBSD
-FreeBSD ships unbound in the base system but the one in ports is usually
+FreeBSD ships unbound in the base system but the one in ports is usually
following upstream more closely so we install the unbound package:
```
@@ -491,21 +490,21 @@ chflags schg /etc/resolv.conf
# Tor relay lifecycle
-It takes some time for relay traffic to ramp up, this is especially true for
-guard relays but to a lesser extend also for exit relays. To understand this
-process, read about the lifecycle of a new relay:
-https://blog.torproject.org/lifecycle-new-relay
+It takes some time for relay traffic to ramp up, this is especially true for
+guard relays but to a lesser extend also for exit relays. To understand this
+process, read about the lifecycle of a new relay:
+https://blog.torproject.org/lifecycle-new-relay
# Maintaining a relay
## Backup Tor Identity Keys
-After your initial installation and start of the tor daemon it is a good idea to
-make a backup of your relay's long term identity keys. They are located in the
-"keys" subfolder of your DataDirectory (simply make a copy of the entire folder
-and store it in a secure location). Since relays have a ramp-up time it makes
-sense to backup the identity key to be able to restore your relay's reputation
-after a disk failure - otherwise you would have to go through the ramp-up phase
+After your initial installation and start of the tor daemon it is a good idea to
+make a backup of your relay's long term identity keys. They are located in the
+"keys" subfolder of your DataDirectory (simply make a copy of the entire folder
+and store it in a secure location). Since relays have a ramp-up time it makes
+sense to backup the identity key to be able to restore your relay's reputation
+after a disk failure - otherwise you would have to go through the ramp-up phase
again.
Default locations of the keys folder:
@@ -515,41 +514,41 @@ Default locations of the keys folder:
## Subscribe to the tor-announce mailing list
-This is a very low traffic mailing list and you will get information about new
+This is a very low traffic mailing list and you will get information about new
stable tor releases and important security update information.
-* https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce
+* https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce
## Setting up outage notifications
-Once you setup your relay it will likely run without much work from your side.
-If something goes wrong it is good to get notified automatically. We recommend
-you use one of the free services that allow you to check your relay's ORPorts
-for reachability and send you an email should they become unreachable for what
+Once you setup your relay it will likely run without much work from your side.
+If something goes wrong it is good to get notified automatically. We recommend
+you use one of the free services that allow you to check your relay's ORPorts
+for reachability and send you an email should they become unreachable for what
ever reason.
-UptimeRobot is one of these services that allow you to monitor TCP listeners on
-arbitrary ports. This service can check your configured ports once every 5
-minutes and send you an email should your tor process die or become unreachable.
+UptimeRobot is one of these services that allow you to monitor TCP listeners on
+arbitrary ports. This service can check your configured ports once every 5
+minutes and send you an email should your tor process die or become unreachable.
This checks only for the listener but does not speak the Tor protocol.
-* https://uptimerobot.com/
+* https://uptimerobot.com/
-A good way to monitor a relay for its health state is to have a look at its
+A good way to monitor a relay for its health state is to have a look at its
bandwidth graphs.
## System Health Monitoring
-To ensure your relay is healthy and not overwhelmed it makes sense to have some
+To ensure your relay is healthy and not overwhelmed it makes sense to have some
basic system monitoring in place to keep an eye on the following metrics:
* Bandwidth
* Established TCP Connections
* Memory
* Swap
-* CPU
+* CPU
-There are many tools for monitoring this kind of data, munin is one of them and
+There are many tools for monitoring this kind of data, munin is one of them and
is relatively easy to setup.
Note: **Do not make your private monitoring data graphs public since this could
@@ -562,20 +561,20 @@ Some practical advice:
* Smaller periods are worse.
* Numbers are worse than graphs.
* Real-time data is worse than historical data.
-* Data in categories (IP version, in/out, etc.) is worse than total data.
+* Data in categories (IP version, in/out, etc.) is worse than total data.
## Tools
This section listsm a few tools that you might find handy as a Tor relay operator.
-Nyx: [Nyx](https://nyx.torproject.org/) is a Tor Project tool (formerly arm)
+Nyx: [Nyx](https://nyx.torproject.org/) is a Tor Project tool (formerly arm)
that allows you to see real time data of your relay.
-vnstat: vnstat is a command-line tool that shows the amount of data going
-through your network connection. You can also use it to generate PNG pictures
+vnstat: vnstat is a command-line tool that shows the amount of data going
+through your network connection. You can also use it to generate PNG pictures
showing traffic graphs.
vnstat documentation and demo output:
* https://humdi.net/vnstat/
-* https://humdi.net/vnstat/cgidemo/
+* https://humdi.net/vnstat/cgidemo/
More information about the tor-commits
mailing list