[tor-relays] relay behind reverse proxy

efkin efkin at riseup.net
Mon Mar 9 17:50:00 UTC 2015

Hash: SHA1

On 03/09/2015 03:35 PM, s7r wrote:
> If you are using the free nginx, community project, that will only 
> allow you to deploy a http(s) proxy. Only the commercial (paid)
> nginx allows you to deploy a TCP proxy (handles all TCP traffic),
> which is what you need for a Tor relay.

nice to know!

> If you want to use a proxy, you should look into a TCP proxy which 
> will handle any type of TCP traffic, regardless of protocol. (Tor
> uses http for directory requests [DirPort] but not for ORPort).
> Make sure your relay can reach the other relays in the consensus
> and it doesn't have any kind of restrictions or limitations such as
> being able only to talk on certain ports or reach a limited number
> of IP addresses, etc. Your relay needs to be able to connect to all
> the other relays, so the clients can build circuits through it.
> A free open source solution might be haproxy (
> http://www.haproxy.org/ ) Maybe this will help you with your
> setup.

Took a look at it and is quite cool.

> Make sure you properly bind DirPort and ORPort to the correct 
> interface and use NoAdvertise and NoListen accordingly. Provide
> more information about your setup and the relevant configs, if you
> are not able to do it.

i just setup:
ORPort 3128
Address oni-on.cf

and some other stuff like nicks and contact info.

my haproxy config is somehting like this:

frontend oni-on
        bind *:3128

        acl host_onion hdr(host) oni-on.cf

        use_backend onion if host_onion

it seems that when it checks for reachability at the end of 20 mins it
does not manage to reach it.

> Thanks for running a relay!

still trying to set it up but a pleasure.

> On 3/9/2015 1:46 PM, efkin wrote:
>> hello tor ^.^
>> i'm trying to setup a tor relay behind a nginx reverse proxy...
>> i would like to know if it's correctly setup.
>> i have this warn in the logs:
>> [warn] Received http status code 404 ("Not found") from server 
>> '' while fetching 
>> "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
>> but then in the same log little bit after:
>> [notice] Tor has successfully opened a circuit. Looks like client
>>  functionality is working.
>> last message is : Now checking whether ORPort X.X.X.X:9001 is 
>> reachable... (this may take up to 20 minutes -- look for log 
>> messages indicating success)
>> thx for support.
>> it's a great community!
>> efkin _______________________________________________ tor-relays 
>> mailing list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Version: GnuPG v1.4.12 (GNU/Linux)


More information about the tor-relays mailing list