[tor-relays] relay behind reverse proxy

efkin efkin at riseup.net
Mon Mar 9 17:50:00 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



On 03/09/2015 03:35 PM, s7r wrote:
> If you are using the free nginx, community project, that will only 
> allow you to deploy a http(s) proxy. Only the commercial (paid)
> nginx allows you to deploy a TCP proxy (handles all TCP traffic),
> which is what you need for a Tor relay.

nice to know!

> If you want to use a proxy, you should look into a TCP proxy which 
> will handle any type of TCP traffic, regardless of protocol. (Tor
> uses http for directory requests [DirPort] but not for ORPort).
> Make sure your relay can reach the other relays in the consensus
> and it doesn't have any kind of restrictions or limitations such as
> being able only to talk on certain ports or reach a limited number
> of IP addresses, etc. Your relay needs to be able to connect to all
> the other relays, so the clients can build circuits through it.
> 
> A free open source solution might be haproxy (
> http://www.haproxy.org/ ) Maybe this will help you with your
> setup.

Took a look at it and is quite cool.

> Make sure you properly bind DirPort and ORPort to the correct 
> interface and use NoAdvertise and NoListen accordingly. Provide
> more information about your setup and the relevant configs, if you
> are not able to do it.

i just setup:
ORPort 3128
Address oni-on.cf

and some other stuff like nicks and contact info.

my haproxy config is somehting like this:

frontend oni-on
        bind *:3128

        acl host_onion hdr(host) oni-on.cf

        use_backend onion if host_onion


it seems that when it checks for reachability at the end of 20 mins it
does not manage to reach it.


> Thanks for running a relay!

still trying to set it up but a pleasure.


> On 3/9/2015 1:46 PM, efkin wrote:
>> hello tor ^.^
> 
>> i'm trying to setup a tor relay behind a nginx reverse proxy...
>> i would like to know if it's correctly setup.
> 
>> i have this warn in the logs:
> 
>> [warn] Received http status code 404 ("Not found") from server 
>> '85.14.240.188:443' while fetching 
>> "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
> 
> 
>> but then in the same log little bit after:
> 
>> [notice] Tor has successfully opened a circuit. Looks like client
>>  functionality is working.
> 
>> last message is : Now checking whether ORPort X.X.X.X:9001 is 
>> reachable... (this may take up to 20 minutes -- look for log 
>> messages indicating success)
> 
> 
>> thx for support.
> 
>> it's a great community!
> 
>> efkin _______________________________________________ tor-relays 
>> mailing list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJU/d1IAAoJEL+Ak/R8rmeL91AQAJfVAx4mff70PVBPBAHnd5iH
+R3x3GS2/onFA3m57eWzK+Vf0Z1kNZgOQKAK2B+QHLVP9+rZiWHkJTOckfNpADWH
PWVuYu/44NpAmifa2kQBY59kkDV1Dt9YzP+h5LwKrkLwJSKIxU9psyPl6O1GvquG
T4nT9F0cFlSCtWgE6l2kDUF+gefL7EKKuzGgWnXcX7dHW2PDOPMM2Zn9itZTgTbF
lUEtpg/opmZtctxNjHeXs7TfHKfUkoFHU99AitcljJeMUDHBR2Rj1WZL8ba/3BAR
DWtGg3vGR6zW9Ctvs0Na+vUoLQbwc3f2EQgJHfQWvf+XeJO0ONcp620SxE68HIZb
sft3IAn4wxBzRC2l18bm1dAhS/Tk9qEac8AZqA0pyHvQmXsSNbNdqB6Sza3cI9M0
GfRVMxvR+G3sAm/FDiQ7iWlDHqjl++UbKcCRBDepi7aoSqYzlLj6FqyCV/IQ1b1L
JMxDgwdrnFlfe9P8JhebQUUl6XcBCFLVxTMcoFZbQ9gyxQjuPCuLeDUhfcIUFEyG
oCqocfZRVVBI4UJAnujW1SAqOD5iAnWTODe8C1vSzJJoSo7Qn3AMiWlr/vMcRlea
81E1tgi5OP0b/CYiuj56YN6Jj8lI49hygTmCy91diOGaYWW5w3XmRyD1jHSijXfQ
ABTUIobKoePDC3xCQW5g
=Ik3o
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list