[tor-relays] Guidelines for lifetime of a bridge?

Yawning Angel yawning at schwanenlied.me
Mon Aug 17 10:35:53 UTC 2015


On Mon, 17 Aug 2015 09:13:21 +0100
Tim Sammut <tim at teamsammut.com> wrote:
> With possible config changes in mind, is it best to use ports 80 and
> 443 for pluggable transports?

It'd be nice if more bridges used ports < 1024, yes.

> IIRC the bridgeDB prefers to hand out at least one bridge with port 80
> or 443 open. Right now the bridge runs obfs3 on 80/tcp and obfs4 on
> 443/tcp. Is that still a desirable setup (despite having to run bits
> as root)?

You don't need to run obfs4proxy as root assuming you are on a modern
linux system, since obfs4proxy works correctly with capabilities.

  # setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy

Note, this will let any user on the system executing the obfs4proxy
binary to bind to "privileged" ports, and must be done each time the
binary is modified in any way (moved, upgraded, etc).

IIRC on Debian an extra package needs to be installed to get the setcap
executable, but I don't remember what it is off the top of my head.

For more information see setcap(8) and capabilities(7).

Regards,

-- 
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150817/cf17c986/attachment.sig>


More information about the tor-relays mailing list