[tor-relays] relay behind reverse proxy

s7r s7r at sky-ip.org
Mon Mar 9 22:40:25 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Yes, that means is working, theoretically. The log won't say anything
for the next 6 hours, and after 6 hours it will just say how many
circuits it has running, uptime and relayed bandwidth. These are the
default log settings. You can increase the verbosity of the log but
it's not required.

https://atlas.torproject.org/
Search here for your relay's nickname or IP address to see its flags
and what Advertised Speed is it showing to the network. Might start
with a low value but will grow in time.

https://consensus-health.torproject.org/consensus-health.html
go here, wait for the page to load (big page) and search with ctrl + f
and enter your relay's nickname. You will see here what flags were
voted for your relay by the directory authorities.

https://blog.torproject.org/blog/lifecycle-of-a-new-relay
This will help you understand how Tor's load balancing works and what
are the phases a new relay will go through.

Constantly keep an eye out for warnings/errors in Tor's log. Report
any misbehavior to this mail list and especially by tickets on Trac at
https://trac.torproject.org/

Remember to keep your Tor up to date whenever there is a new release,
especially when the release fixes a security issue.

I am glad I could help! Now I can say thanks for running a relay. If
it's an Exit relay, that is even better!

You might want to challenge us with a different customized setup next
time for your #2-nd relay :-) Cheers!



On 3/10/2015 12:07 AM, efkin wrote:
> hey!
> 
> basically with your setup and a little trick on haproxy it is
> working now or at least the log is saying:
> 
> [notice] Self-testing indicates your ORPort is reachable from the 
> outside. Excellent. Publishing server descriptor.
> 
> [notice] Performing bandwidth self-test...done.
> 
> but nothing else on the logs since half an hour...
> 
> does it mean it is working?
> 
> thx for support!
> 
> On 03/09/2015 10:03 PM, s7r wrote:
>> Hi again
> 
>> I don't know anything about haproxy config and how it should
>> look like unfortunately.
> 
>> As for torrc:
> 
>> ORPort <ip address, where the proxy forwards the requests>:3128 
>> NoAdevertise ORPort <ip address of the actual proxy, where the 
>> server should be reached>:3128 NoListen
> 
>> remove Address line.
> 
>> Leave the contact info and other settings. Let us know if it
>> works this way.
> 
>> On 3/9/2015 7:50 PM, efkin wrote:
> 
> 
>>> On 03/09/2015 03:35 PM, s7r wrote:
>>>> If you are using the free nginx, community project, that will
>>>>  only allow you to deploy a http(s) proxy. Only the
>>>> commercial (paid) nginx allows you to deploy a TCP proxy
>>>> (handles all TCP traffic), which is what you need for a Tor
>>>> relay.
> 
>>> nice to know!
> 
>>>> If you want to use a proxy, you should look into a TCP proxy
>>>>  which will handle any type of TCP traffic, regardless of 
>>>> protocol. (Tor uses http for directory requests [DirPort]
>>>> but not for ORPort). Make sure your relay can reach the
>>>> other relays in the consensus and it doesn't have any kind
>>>> of restrictions or limitations such as being able only to
>>>> talk on certain ports or reach a limited number of IP
>>>> addresses, etc. Your relay needs to be able to connect to all
>>>> the other relays, so the clients can build circuits through
>>>> it.
> 
>>>> A free open source solution might be haproxy ( 
>>>> http://www.haproxy.org/ ) Maybe this will help you with your
>>>>  setup.
> 
>>> Took a look at it and is quite cool.
> 
>>>> Make sure you properly bind DirPort and ORPort to the correct
>>>>  interface and use NoAdvertise and NoListen accordingly.
>>>> Provide more information about your setup and the relevant
>>>> configs, if you are not able to do it.
> 
>>> i just setup: ORPort 3128 Address oni-on.cf
> 
>>> and some other stuff like nicks and contact info.
> 
>>> my haproxy config is somehting like this:
> 
>>> frontend oni-on bind *:3128
> 
>>> acl host_onion hdr(host) oni-on.cf
> 
>>> use_backend onion if host_onion
> 
> 
>>> it seems that when it checks for reachability at the end of 20 
>>> mins it does not manage to reach it.
> 
> 
>>>> Thanks for running a relay!
> 
>>> still trying to set it up but a pleasure.
> 
> 
>>>> On 3/9/2015 1:46 PM, efkin wrote:
>>>>> hello tor ^.^
> 
>>>>> i'm trying to setup a tor relay behind a nginx reverse 
>>>>> proxy... i would like to know if it's correctly setup.
> 
>>>>> i have this warn in the logs:
> 
>>>>> [warn] Received http status code 404 ("Not found") from 
>>>>> server '85.14.240.188:443' while fetching 
>>>>> "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
> 
> 
>>>>> but then in the same log little bit after:
> 
>>>>> [notice] Tor has successfully opened a circuit. Looks like
>>>>>  client functionality is working.
> 
>>>>> last message is : Now checking whether ORPort X.X.X.X:9001
>>>>> is reachable... (this may take up to 20 minutes -- look for
>>>>> log messages indicating success)
> 
> 
>>>>> thx for support.
> 
>>>>> it's a great community!
> 
>>>>> efkin _______________________________________________ 
>>>>> tor-relays mailing list tor-relays at lists.torproject.org 
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>>>> 
>>>>> 
>>>>> 
>>>> _______________________________________________ tor-relays 
>>>> mailing list tor-relays at lists.torproject.org 
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>>> 
>>>> 
>>> _______________________________________________ tor-relays 
>>> mailing list tor-relays at lists.torproject.org 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>> 
>> _______________________________________________ tor-relays
>> mailing list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJU/iFZAAoJEIN/pSyBJlsRE5oIAKyzj+lPC8vK8Pq6VzTWROsZ
L7M6a/LpkxsTMbgfcmIWkmjwbcqwW00oOwO/py5kfVvXwyXPnKKnzkn+QM+/MwIF
Q2jbhyGWI+QyMn83dPVo55s8X1Z24iBUYlMu8HWTFQw+uzP4133HeNOR3csPshaA
takI5HhNBhVCVk1mAh/FYi69osqS7t72x6HSDJpULglPdzi7FK9+JYJlSmBrfFry
NWZ6RQV+k3u/BLVnvURka+JgSmu+SbCpRaAfUuCTp9fBF54KX5I9CKJXcOMNoTp6
eklzHleuXee7eEjAt5uw3sd5F38k0ApgtN9fP4QoQvBleCm0o5wv75ggT9fIS7o=
=r1RC
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list