[tor-relays] relay behind reverse proxy
efkin at riseup.net
Mon Mar 9 17:50:00 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 03/09/2015 03:35 PM, s7r wrote:
> If you are using the free nginx, community project, that will only
> allow you to deploy a http(s) proxy. Only the commercial (paid)
> nginx allows you to deploy a TCP proxy (handles all TCP traffic),
> which is what you need for a Tor relay.
nice to know!
> If you want to use a proxy, you should look into a TCP proxy which
> will handle any type of TCP traffic, regardless of protocol. (Tor
> uses http for directory requests [DirPort] but not for ORPort).
> Make sure your relay can reach the other relays in the consensus
> and it doesn't have any kind of restrictions or limitations such as
> being able only to talk on certain ports or reach a limited number
> of IP addresses, etc. Your relay needs to be able to connect to all
> the other relays, so the clients can build circuits through it.
> A free open source solution might be haproxy (
> http://www.haproxy.org/ ) Maybe this will help you with your
Took a look at it and is quite cool.
> Make sure you properly bind DirPort and ORPort to the correct
> interface and use NoAdvertise and NoListen accordingly. Provide
> more information about your setup and the relevant configs, if you
> are not able to do it.
i just setup:
and some other stuff like nicks and contact info.
my haproxy config is somehting like this:
acl host_onion hdr(host) oni-on.cf
use_backend onion if host_onion
it seems that when it checks for reachability at the end of 20 mins it
does not manage to reach it.
> Thanks for running a relay!
still trying to set it up but a pleasure.
> On 3/9/2015 1:46 PM, efkin wrote:
>> hello tor ^.^
>> i'm trying to setup a tor relay behind a nginx reverse proxy...
>> i would like to know if it's correctly setup.
>> i have this warn in the logs:
>> [warn] Received http status code 404 ("Not found") from server
>> '126.96.36.199:443' while fetching
>> but then in the same log little bit after:
>> [notice] Tor has successfully opened a circuit. Looks like client
>> functionality is working.
>> last message is : Now checking whether ORPort X.X.X.X:9001 is
>> reachable... (this may take up to 20 minutes -- look for log
>> messages indicating success)
>> thx for support.
>> it's a great community!
>> efkin _______________________________________________ tor-relays
>> mailing list tor-relays at lists.torproject.org
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the tor-relays