[tor-relays] relay behind reverse proxy
efkin at riseup.net
Mon Mar 9 22:07:03 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
basically with your setup and a little trick on haproxy it is working
now or at least the log is saying:
[notice] Self-testing indicates your ORPort is reachable from the
outside. Excellent. Publishing server descriptor.
[notice] Performing bandwidth self-test...done.
but nothing else on the logs since half an hour...
does it mean it is working?
thx for support!
On 03/09/2015 10:03 PM, s7r wrote:
> Hi again
> I don't know anything about haproxy config and how it should look
> like unfortunately.
> As for torrc:
> ORPort <ip address, where the proxy forwards the requests>:3128
> NoAdevertise ORPort <ip address of the actual proxy, where the
> server should be reached>:3128 NoListen
> remove Address line.
> Leave the contact info and other settings. Let us know if it works
> this way.
> On 3/9/2015 7:50 PM, efkin wrote:
>> On 03/09/2015 03:35 PM, s7r wrote:
>>> If you are using the free nginx, community project, that will
>>> only allow you to deploy a http(s) proxy. Only the commercial
>>> (paid) nginx allows you to deploy a TCP proxy (handles all TCP
>>> traffic), which is what you need for a Tor relay.
>> nice to know!
>>> If you want to use a proxy, you should look into a TCP proxy
>>> which will handle any type of TCP traffic, regardless of
>>> protocol. (Tor uses http for directory requests [DirPort] but
>>> not for ORPort). Make sure your relay can reach the other
>>> relays in the consensus and it doesn't have any kind of
>>> restrictions or limitations such as being able only to talk on
>>> certain ports or reach a limited number of IP addresses, etc.
>>> Your relay needs to be able to connect to all the other relays,
>>> so the clients can build circuits through it.
>>> A free open source solution might be haproxy (
>>> http://www.haproxy.org/ ) Maybe this will help you with your
>> Took a look at it and is quite cool.
>>> Make sure you properly bind DirPort and ORPort to the correct
>>> interface and use NoAdvertise and NoListen accordingly. Provide
>>> more information about your setup and the relevant configs,
>>> if you are not able to do it.
>> i just setup: ORPort 3128 Address oni-on.cf
>> and some other stuff like nicks and contact info.
>> my haproxy config is somehting like this:
>> frontend oni-on bind *:3128
>> acl host_onion hdr(host) oni-on.cf
>> use_backend onion if host_onion
>> it seems that when it checks for reachability at the end of 20
>> mins it does not manage to reach it.
>>> Thanks for running a relay!
>> still trying to set it up but a pleasure.
>>> On 3/9/2015 1:46 PM, efkin wrote:
>>>> hello tor ^.^
>>>> i'm trying to setup a tor relay behind a nginx reverse
>>>> proxy... i would like to know if it's correctly setup.
>>>> i have this warn in the logs:
>>>> [warn] Received http status code 404 ("Not found") from
>>>> server '184.108.40.206:443' while fetching
>>>> but then in the same log little bit after:
>>>> [notice] Tor has successfully opened a circuit. Looks like
>>>> client functionality is working.
>>>> last message is : Now checking whether ORPort X.X.X.X:9001 is
>>>> reachable... (this may take up to 20 minutes -- look for log
>>>> messages indicating success)
>>>> thx for support.
>>>> it's a great community!
>>>> efkin _______________________________________________
>>>> tor-relays mailing list tor-relays at lists.torproject.org
>>> _______________________________________________ tor-relays
>>> mailing list tor-relays at lists.torproject.org
>> _______________________________________________ tor-relays
>> mailing list tor-relays at lists.torproject.org
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the tor-relays