[tor-commits] [community/staging] Import obfs4 bridge deployment guide to lektor

hiro at torproject.org hiro at torproject.org
Fri Jul 5 13:13:32 UTC 2019


commit 084ee9038ce3272e1d5355e1396b780b2eb46d6a
Author: gus <gus at torproject.org>
Date:   Thu Jul 4 18:34:58 2019 -0400

    Import obfs4 bridge deployment guide to lektor
---
 .../centos-rhel-opensuse/contents.lr               |  2 +-
 .../bridge-deployment-guide/contents.lr            |  8 ++-
 .../debian-ubuntu/contents.lr                      |  2 +-
 .../bridge-deployment-guide/freebsd/contents.lr    |  2 +-
 .../bridge-deployment-guide/openbsd/contents.lr    | 67 ++++++++++++++++++++++
 5 files changed, 76 insertions(+), 5 deletions(-)

diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr
index 22d0f46..5849e5a 100644
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr
@@ -96,6 +96,6 @@ key:
 ---
 color: primary
 ---
-subtitle: How to deploy obfs4proxy on CentOS / RHEL
+subtitle: How to deploy obfs4proxy Bridge on CentOS / RHEL / OpenSUSE
 ---
 _template: layout.html
diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr
index b542590..c83b3e6 100644
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr
@@ -2,18 +2,22 @@ _model: page
 ---
 title:
 
- Bridge deployment
+ Bridge
 ---
 body:
 
 This guide will help you run an obfs4 bridge to help censored users connect to the Tor network. The requirements are 1) 24/7 Internet connectivity and 2) the ability to expose TCP ports to the Internet (make sure that NAT doesn't get in the way). 
+
+Note: If you're running platforms that are not listed on this page, you should probably [compile obfs4 from source](https://gitlab.com/yawning/obfs4#installation).
 ---
 html: two-columns-page.html
 ---
-key: 1
+key: 2
 ---
 section: Bridge operations
 ---
 section_id: bridge-operations
 ---
 subtitle: Run an obfs4 bridge to help censored users connect to the Tor network
+---
+_slug: {{bridge}}
diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr
index 6bb7b79..8900995 100644
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr
@@ -77,4 +77,4 @@ key: 1
 ---
 html: two-columns-page.html
 ---
-subtitle: Follow the steps below to deploy obfs4proxy on Debian / Ubuntu
+subtitle: How to deploy an obfs4proxy Bridge on Debian / Ubuntu
diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr
index e14737e..01adcd2 100644
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr
@@ -95,4 +95,4 @@ FreeBSDlatest: {
 ```
 
 ---
-subtitle: Follow the steps below to deploy obfs4proxy on FreeBSD
+subtitle: How to deploy obfs4proxy Bridge on FreeBSD
diff --git a/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr b/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr
index 24f1601..ae682d9 100644
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr
@@ -5,3 +5,70 @@ title: OpenBSD
 html: two-columns-page.html
 ---
 key: 4
+---
+body:
+
+# 1. Install packages 
+```
+pkg_add tor obfs4proxy
+```
+
+# 2. Edit your Tor config file
+
+Usually located at `/etc/tor/torrc`, add the following lines:
+
+```
+#Bridge config
+RunAsDaemon 1
+ORPort auto
+BridgeRelay 1
+ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
+# For a fixed obfs4 port (e.g. 34176), uncomment the following line.
+#ServerTransportListenAddr obfs4 0.0.0.0:34176
+# Local communication port between Tor and obfs4. Always set this to "auto". "Ext" means
+# "extended", not "external". Don't try to set a specific port number, nor listen on 0.0.0.0.
+ExtORPort auto
+
+# Contact information that allows us to get in touch with you in case of
+# critical updates or problems with your bridge.  This is optional, so you
+# don't have to provide an email address if you don't want to.
+ContactInfo <address at email.com>
+# Pick a nickname that you like for your bridge.
+Nickname PickANickname
+
+Log notice file /var/log/tor/notices.log
+
+User _tor
+```
+
+Don't forget to change the ContactInfo and Nickname options.
+
+Note that both Tor's OR port and its obfs4 port must be reachable. If your bridge is behind a firewall or NAT, make sure to open both ports. 
+
+# 3. Start the tor daemon and make sure it starts at boot: 
+
+```
+rcctl enable tor
+rcctl start tor
+```
+# 4. Monitor your logs
+
+To confirm your bridge is running with no issues, you should see something like this  (`/var/log/tor/notices.log`): 
+
+```
+[notice] Your Tor server's identity key fingerprint is '<NICKNAME> <FINGERPRINT>'
+[notice] Your Tor bridge's hashed identity key fingerprint is '<NICKNAME> <HASHED FINGERPRINT>'
+[notice] Registered server transport 'obfs4' at '[::]:46396'
+[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
+[notice] Bootstrapped 100%: Done
+[notice] Now checking whether ORPort <redacted>:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
+[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
+```
+
+Remember to open the random port associated with your bridge. You can find it in your tor log; in the above example it is 46396. To use a fixed port, uncomment the [ServerTransportListenAddr](https://www.torproject.org/docs/tor-manual.html.en#ServerTransportListenAddr) option in your torrc. You can use [our reachability test](https://bridges.torproject.org/scan/)  to see if your obfs4 port is reachable from the Internet.
+---
+subtitle: How to deploy obfs4proxy Bridge on OpenBSD
+---
+section: Bridge
+---
+section_id: bridge





More information about the tor-commits mailing list