[tor-relays] relay behind reverse proxy

s7r s7r at sky-ip.org
Mon Mar 9 14:35:10 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

If you are using the free nginx, community project, that will only
allow you to deploy a http(s) proxy. Only the commercial (paid) nginx
allows you to deploy a TCP proxy (handles all TCP traffic), which is
what you need for a Tor relay.

If you want to use a proxy, you should look into a TCP proxy which
will handle any type of TCP traffic, regardless of protocol. (Tor uses
http for directory requests [DirPort] but not for ORPort). Make sure
your relay can reach the other relays in the consensus and it doesn't
have any kind of restrictions or limitations such as being able only
to talk on certain ports or reach a limited number of IP addresses,
etc. Your relay needs to be able to connect to all the other relays,
so the clients can build circuits through it.

A free open source solution might be haproxy ( http://www.haproxy.org/ )
Maybe this will help you with your setup.

Make sure you properly bind DirPort and ORPort to the correct
interface and use NoAdvertise and NoListen accordingly. Provide more
information about your setup and the relevant configs, if you are not
able to do it.

Read the manual: https://www.torproject.org/docs/tor-manual.html.en

Thanks for running a relay!

On 3/9/2015 1:46 PM, efkin wrote:
> hello tor ^.^
> 
> i'm trying to setup a tor relay behind a nginx reverse proxy... i
> would like to know if it's correctly setup.
> 
> i have this warn in the logs:
> 
> [warn] Received http status code 404 ("Not found") from server 
> '85.14.240.188:443' while fetching 
> "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
> 
> 
> but then in the same log little bit after:
> 
> [notice] Tor has successfully opened a circuit. Looks like client 
> functionality is working.
> 
> last message is : Now checking whether ORPort X.X.X.X:9001 is
> reachable... (this may take up to 20 minutes -- look for log
> messages indicating success)
> 
> 
> thx for support.
> 
> it's a great community!
> 
> efkin _______________________________________________ tor-relays
> mailing list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJU/a+eAAoJEIN/pSyBJlsREQ0IANp7mWz4jCQnHLETk7tE4s27
Y/PJvmAIvROrf6kMTw5slremUxOzCbIuz25JMem96GvPiMVm2VFNYRsdwKCfPUBt
PP4jMAtu0R4DQxonyDxwLX/ZWGVZW1cJHDkCoH5KbZpEJqaGFBVEuOrahY+j8O2z
YHta5dSLl3Uium8EbCf9PuHOo4IfXyi6paR7tvQTKJCsaBeS/+WrTspiJzo1VeMV
goGV9xTSpAiBrEPcU9ggizNFIs7S4jdBdfbs06VTCIuV1PCgP0kltpBxBJ+1jr99
g9mIbvCf9A7z7gSmbVHAPxeE2LleWXxzM2JSxmZIxys5s0XfD09F3pM+67Uj2HI=
=qgn/
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list