[tor-relays] relay behind reverse proxy

efkin efkin at riseup.net
Mon Mar 9 22:07:03 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hey!

basically with your setup and a little trick on haproxy it is working
now or at least the log is saying:

[notice] Self-testing indicates your ORPort is reachable from the
outside. Excellent. Publishing server descriptor.

[notice] Performing bandwidth self-test...done.

but nothing else on the logs since half an hour...

does it mean it is working?

thx for support!

On 03/09/2015 10:03 PM, s7r wrote:
> Hi again
> 
> I don't know anything about haproxy config and how it should look
> like unfortunately.
> 
> As for torrc:
> 
> ORPort <ip address, where the proxy forwards the requests>:3128 
> NoAdevertise ORPort <ip address of the actual proxy, where the
> server should be reached>:3128 NoListen
> 
> remove Address line.
> 
> Leave the contact info and other settings. Let us know if it works 
> this way.
> 
> On 3/9/2015 7:50 PM, efkin wrote:
> 
> 
>> On 03/09/2015 03:35 PM, s7r wrote:
>>> If you are using the free nginx, community project, that will 
>>> only allow you to deploy a http(s) proxy. Only the commercial 
>>> (paid) nginx allows you to deploy a TCP proxy (handles all TCP 
>>> traffic), which is what you need for a Tor relay.
> 
>> nice to know!
> 
>>> If you want to use a proxy, you should look into a TCP proxy 
>>> which will handle any type of TCP traffic, regardless of 
>>> protocol. (Tor uses http for directory requests [DirPort] but
>>> not for ORPort). Make sure your relay can reach the other
>>> relays in the consensus and it doesn't have any kind of
>>> restrictions or limitations such as being able only to talk on
>>> certain ports or reach a limited number of IP addresses, etc.
>>> Your relay needs to be able to connect to all the other relays,
>>> so the clients can build circuits through it.
> 
>>> A free open source solution might be haproxy ( 
>>> http://www.haproxy.org/ ) Maybe this will help you with your 
>>> setup.
> 
>> Took a look at it and is quite cool.
> 
>>> Make sure you properly bind DirPort and ORPort to the correct 
>>> interface and use NoAdvertise and NoListen accordingly. Provide
>>>  more information about your setup and the relevant configs,
>>> if you are not able to do it.
> 
>> i just setup: ORPort 3128 Address oni-on.cf
> 
>> and some other stuff like nicks and contact info.
> 
>> my haproxy config is somehting like this:
> 
>> frontend oni-on bind *:3128
> 
>> acl host_onion hdr(host) oni-on.cf
> 
>> use_backend onion if host_onion
> 
> 
>> it seems that when it checks for reachability at the end of 20
>> mins it does not manage to reach it.
> 
> 
>>> Thanks for running a relay!
> 
>> still trying to set it up but a pleasure.
> 
> 
>>> On 3/9/2015 1:46 PM, efkin wrote:
>>>> hello tor ^.^
> 
>>>> i'm trying to setup a tor relay behind a nginx reverse 
>>>> proxy... i would like to know if it's correctly setup.
> 
>>>> i have this warn in the logs:
> 
>>>> [warn] Received http status code 404 ("Not found") from
>>>> server '85.14.240.188:443' while fetching 
>>>> "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
> 
> 
>>>> but then in the same log little bit after:
> 
>>>> [notice] Tor has successfully opened a circuit. Looks like 
>>>> client functionality is working.
> 
>>>> last message is : Now checking whether ORPort X.X.X.X:9001 is
>>>>  reachable... (this may take up to 20 minutes -- look for log
>>>>  messages indicating success)
> 
> 
>>>> thx for support.
> 
>>>> it's a great community!
> 
>>>> efkin _______________________________________________ 
>>>> tor-relays mailing list tor-relays at lists.torproject.org 
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>>> 
>>>> 
>>> _______________________________________________ tor-relays 
>>> mailing list tor-relays at lists.torproject.org 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>> 
>> _______________________________________________ tor-relays
>> mailing list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJU/hmGAAoJEL+Ak/R8rmeLjRwP/170nQEPcjKTaCfKiRxT5Mza
Djbi/RowZaYZ60mrO59OiIv6W05VMxSD/lM3xwmiidW/pCIDiRRgVRxXX4CkR4/c
mKVaTny53tz6BcfWK1rpz4l1YmUlKj4yUAr/4PM172Dok9gerzGTkEAS/5xBpzoY
dN7Xmpi7eIUZeUiyYpVSAug2titI8EKvGP/Wi7sBrp7zTXZR8TWaSXyIzoHZvzLD
G3zk6HU3B74I5jm1fqDLr1HosaaKN/Nc12DIrpRStTc4fDT48IZlwyQAjrNg13dI
yUOiwE3rm7hnBlwx+ldQrEAscDbx3PZqHMO9LeufzrklIfoN4PUMk2g/H8cTeIm3
8dTJLBg1fUX//9bf9jBZ1K7GV7EyiamhTlsgc/HETrN0UJ9cEHMPJCisqop1M/jX
D2vqZGAp2bRfXybksH33OLOx0/v++Od8+c9t7IZl3N7DS/+KrOYReUN729ko7uNm
y3rzQgIB583Y069Vdv0idE8xbGOFZorjreZpH13kq6SLZCW8dr24g2bZdIttaEHh
y7vOa8iCVDsRIv5KlzoFuXjZPd7nl+E+5qggrBS+qaaIPPlH1k4tqqOWYVIwyBuo
snAqtboYkuQp3SZZnFefbxxW5cDK6K/DiCeKf5XhMEFHG/Uewogb4+nnz8IjVtzd
qpFyME4IPxjmgibGMAjX
=n+Jc
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list