[tor-commits] [community/master] Move technical considerations to a new section

hiro at torproject.org hiro at torproject.org
Fri Jul 5 13:23:33 UTC 2019 

commit 9b2aebc2b7e2ca0e48eedc1eb4570f70df693f62
Author: gus <gus at torproject.org>
Date:   Thu Jul 4 11:18:19 2019 -0400

    Move technical considerations to a new section
---
 .../technical-considerations/contents.lr           | 93 ++++++++++++++++++++++
 1 file changed, 93 insertions(+)

diff --git a/content/relay-operations/technical-considerations/contents.lr b/content/relay-operations/technical-considerations/contents.lr
new file mode 100644
index 0000000..b9038b9
--- /dev/null
+++ b/content/relay-operations/technical-considerations/contents.lr
@@ -0,0 +1,93 @@
+_model: page
+---
+title: Technical considerations
+---
+_template: layout.html
+---
+body:
+
+# Considerations when choosing a hosting provider
+
+If you have access to a high speed internet connection (>=100 Mbit/s in both directions) and a physical piece of computer hardware, this is the best way to run a relay.
+Having full control over the hardware and connection gives you a more controllable and (if done correctly) secure environment.
+You can host your own physical hardware at home (do NOT run a Tor exit relay from your home) or in a data center.
+Sometimes this is referred to as installing the relay on "bare metal".
+
+If you do not own physical hardware, you could run a relay on a rented dedicated server or virtual private server (VPS).
+This can cost anywhere between $3.00/month and thousands per month, depending on your provider, hardware configuration, and bandwidth usage.
+Many VPS providers will not allow you to run exit relays.
+You must follow the VPS provider's terms of service, or risk having your account disabled.
+For more information on hosting providers and their policies on allowing Tor relays, please see this list maintained by the Tor community: [GoodBadISPs](FIXME).
+
+## Questions to consider when choosing a hoster
+
+* How much monthly traffic is included? (Is bandwidth "unmetered"?)
+* Does the hoster provide IPv6 connectivity? (it is recommended, but not required)
+* What virtualization / hypervisor (if any) does the provider use? (anything but OpenVZ should be fine)
+* Does the hoster start to throttle bandwidth after a certain amount of traffic?
+* How well connected is the autonomous system of the hoster? To answer this question you can use the AS rank of the autonomous systems if you want to compare: http://as-rank.caida.org/ (a lower value is better)
+
+## If you plan to run Exit Relays
+
+* Does the hoster allow Tor exit relays? (explicitly ask them before starting an exit relay there)
+* Does the hoster allow custom WHOIS records for your IP addresses? This helps reduce the amount of abuse sent to the hoster instead of you.
+* Does the hoster allow you to set a custom DNS reverse entry? (DNS PTR record)
+
+  This are probably things you will need to ask the hoster in a Pre-Sales ticket
+
+# AS/location diversity
+
+When selecting your hosting provider, consider network diversity on an autonomous system (AS) and country level.
+A more diverse network is more resilient to attacks and outages.
+Sometimes it is not clear which AS you are buying from in case of resellers.
+To be sure it is best to ask the hoster about the AS number before ordering a server.
+
+It is best to avoid hosters where many Tor relays are already hosted, but it is still better to add one there than to run no relay at all.
+
+ **Try to avoid** the following hosters:
+
+* OVH SAS (AS16276)
+* Online S.a.s. (AS12876)
+* Hetzner Online GmbH (AS24940)
+* DigitalOcean, LLC (AS14061)
+
+To find out which hoster and countries are already used by many other operators (that should be avoided) you can use Relay Search:
+
+* [Autonomous System Level Overview](https://metrics.torproject.org/rs.html#aggregate/as)
+* [Country Level Overview](https://metrics.torproject.org/rs.html#aggregate/cc)
+
+# Choosing an Operating System
+
+We recommend you use the operating system you are most familiar with.
+
+Please keep in mind that since most relays run on Debian and we want to avoid a monoculture, BSD and other non-Linux based relays are greatly needed.
+
+The following table shows the current OS distribution on the Tor network to give you an idea of how much more non-Linux relays we should have:
+
+* https://nusenu.github.io/OrNetStats/#os-distribution-relays
+
+# OS Level Configuration
+
+OS configuration is outside the scope of this guide but the following points are crucial for a Tor relay, so we want to mention them here nonetheless.
+
+## Time Synchronization (NTP)
+
+Correct time settings are essential for Tor relays. It is recommended that you use the network time protocol (NTP) for time synchronization and ensure your timezone is set correctly.
+
+## Automatic Software Updates
+
+One of the most imported things to keeps your relay secure is to install security updates timely and ideally automatically so you can not forget about it.
+We collected the steps to enable automatic software updates for different operating systems:
+
+* [RPM-based distributions](FIXME) (RHEL, CentOS, Fedora, openSUSE)
+* [Debian/Ubuntu](FIXME)
+* [FreeBSD/HardenedBSD](FIXME)
+
+---
+html: two-columns-page.html
+---
+section: relay operations
+---
+section_id: relay-operations
+---
+key: 2

More information about the tor-commits mailing list