[tor-relays] relay behind reverse proxy

efkin efkin at riseup.net
Tue Mar 10 07:55:27 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

So it is on atlas and consensus, it is an exit node.

But the probability of being an exit has decreased in the graphs, but
it is constant now. What does that mean?

Now we'll try to contact other exit nodes in the territory and see if
there is a kind of association already existing of exit nodes so we
could join them.

It feels nice to support this project.

Cheers!


On 03/09/2015 11:40 PM, s7r wrote:
> Yes, that means is working, theoretically. The log won't say
> anything for the next 6 hours, and after 6 hours it will just say
> how many circuits it has running, uptime and relayed bandwidth.
> These are the default log settings. You can increase the verbosity
> of the log but it's not required.

> https://atlas.torproject.org/ Search here for your relay's nickname
> or IP address to see its flags and what Advertised Speed is it
> showing to the network. Might start with a low value but will grow
> in time.
> 
> https://consensus-health.torproject.org/consensus-health.html go
> here, wait for the page to load (big page) and search with ctrl +
> f and enter your relay's nickname. You will see here what flags
> were voted for your relay by the directory authorities.
> 
> https://blog.torproject.org/blog/lifecycle-of-a-new-relay This will
> help you understand how Tor's load balancing works and what are the
> phases a new relay will go through.
> 
> Constantly keep an eye out for warnings/errors in Tor's log.
> Report any misbehavior to this mail list and especially by tickets
> on Trac at https://trac.torproject.org/
> 
> Remember to keep your Tor up to date whenever there is a new
> release, especially when the release fixes a security issue.
> 
> I am glad I could help! Now I can say thanks for running a relay.
> If it's an Exit relay, that is even better!
> 
> You might want to challenge us with a different customized setup
> next time for your #2-nd relay :-) Cheers!
> 
> 
> 
> On 3/10/2015 12:07 AM, efkin wrote:
>> hey!
> 
>> basically with your setup and a little trick on haproxy it is 
>> working now or at least the log is saying:
> 
>> [notice] Self-testing indicates your ORPort is reachable from the
>>  outside. Excellent. Publishing server descriptor.
> 
>> [notice] Performing bandwidth self-test...done.
> 
>> but nothing else on the logs since half an hour...
> 
>> does it mean it is working?
> 
>> thx for support!
> 
>> On 03/09/2015 10:03 PM, s7r wrote:
>>> Hi again
> 
>>> I don't know anything about haproxy config and how it should 
>>> look like unfortunately.
> 
>>> As for torrc:
> 
>>> ORPort <ip address, where the proxy forwards the requests>:3128
>>>  NoAdevertise ORPort <ip address of the actual proxy, where the
>>>  server should be reached>:3128 NoListen
> 
>>> remove Address line.
> 
>>> Leave the contact info and other settings. Let us know if it 
>>> works this way.
> 
>>> On 3/9/2015 7:50 PM, efkin wrote:
> 
> 
>>>> On 03/09/2015 03:35 PM, s7r wrote:
>>>>> If you are using the free nginx, community project, that
>>>>> will only allow you to deploy a http(s) proxy. Only the 
>>>>> commercial (paid) nginx allows you to deploy a TCP proxy 
>>>>> (handles all TCP traffic), which is what you need for a
>>>>> Tor relay.
> 
>>>> nice to know!
> 
>>>>> If you want to use a proxy, you should look into a TCP
>>>>> proxy which will handle any type of TCP traffic, regardless
>>>>> of protocol. (Tor uses http for directory requests
>>>>> [DirPort] but not for ORPort). Make sure your relay can
>>>>> reach the other relays in the consensus and it doesn't have
>>>>> any kind of restrictions or limitations such as being able
>>>>> only to talk on certain ports or reach a limited number of
>>>>> IP addresses, etc. Your relay needs to be able to connect
>>>>> to all the other relays, so the clients can build circuits
>>>>> through it.
> 
>>>>> A free open source solution might be haproxy ( 
>>>>> http://www.haproxy.org/ ) Maybe this will help you with
>>>>> your setup.
> 
>>>> Took a look at it and is quite cool.
> 
>>>>> Make sure you properly bind DirPort and ORPort to the
>>>>> correct interface and use NoAdvertise and NoListen
>>>>> accordingly. Provide more information about your setup and
>>>>> the relevant configs, if you are not able to do it.
> 
>>>> i just setup: ORPort 3128 Address oni-on.cf
> 
>>>> and some other stuff like nicks and contact info.
> 
>>>> my haproxy config is somehting like this:
> 
>>>> frontend oni-on bind *:3128
> 
>>>> acl host_onion hdr(host) oni-on.cf
> 
>>>> use_backend onion if host_onion
> 
> 
>>>> it seems that when it checks for reachability at the end of
>>>> 20 mins it does not manage to reach it.
> 
> 
>>>>> Thanks for running a relay!
> 
>>>> still trying to set it up but a pleasure.
> 
> 
>>>>> On 3/9/2015 1:46 PM, efkin wrote:
>>>>>> hello tor ^.^
> 
>>>>>> i'm trying to setup a tor relay behind a nginx reverse 
>>>>>> proxy... i would like to know if it's correctly setup.
> 
>>>>>> i have this warn in the logs:
> 
>>>>>> [warn] Received http status code 404 ("Not found") from 
>>>>>> server '85.14.240.188:443' while fetching 
>>>>>> "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
> 
> 
>>>>>> but then in the same log little bit after:
> 
>>>>>> [notice] Tor has successfully opened a circuit. Looks
>>>>>> like client functionality is working.
> 
>>>>>> last message is : Now checking whether ORPort
>>>>>> X.X.X.X:9001 is reachable... (this may take up to 20
>>>>>> minutes -- look for log messages indicating success)
> 
> 
>>>>>> thx for support.
> 
>>>>>> it's a great community!
> 
>>>>>> efkin _______________________________________________ 
>>>>>> tor-relays mailing list tor-relays at lists.torproject.org 
>>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> 
>>>>> _______________________________________________ tor-relays
>>>>>  mailing list tor-relays at lists.torproject.org 
>>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>>>> 
>>>>> 
>>>>> 
>>>> _______________________________________________ tor-relays 
>>>> mailing list tor-relays at lists.torproject.org 
>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>>> 
>>>> 
>>> _______________________________________________ tor-relays 
>>> mailing list tor-relays at lists.torproject.org 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>> 
>> _______________________________________________ tor-relays
>> mailing list tor-relays at lists.torproject.org 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJU/qNvAAoJEL+Ak/R8rmeLiLkP/jDN/K/sbnsK0Uq7sHv9urHl
yx1L7KL3xG9ynznaJSkY2JUcszwaDR0yCDFR+ZjaygfuXSnt/5MqP2Ho9eO7g3VS
yRGpGdkeTVKH2nOQ88p4wnBzfYI1qvtkzk7kLM2wN7Qczjap/w/lsBihC/id+u0E
F8CFb6iVgHHEw0yRoifm1aFIzzLdGQVfm+HCatvU0cRoyDZBZIcyLhARG4Va8LS/
kR01xe2KiKtM92a7jstK0oc2Ybt8RvAaV6tXpZLwz63BS49S5/pZT3yO9Q0lfPYu
JI1dKz7fUCQbfsXuIrcuDLwdQo/0MS7z8XvMTA47b1UcStURH1phioJSEf0tCz88
IkjViECa2qZyJP/b5u9yjul3cOOfnJ8I8cLx/jK2E0i256Twg4vj+WyZGm+TtxMR
TM+10gPHvWiU8KEnzqQ6QVaiIl73y/86IYOnXpe+P5Njte0oRrwWcvBf/Fee3uWM
Eyf98IWikI+JduuhuI+wj0YBJaXB/mN2/xX+DjngvtF8BsIe+2jrqXCf2FugA0zD
5xqAjybQxA4g1oOUuBOeMHaM9SnzGIg6bSH60f2otJWI5WudAIAO8lJpKU6SV3Un
Pr/2moPsqQeaqU5oEvVzBRzhmmWe6+XgiSw/1jQ17ag22oE6QgFzXHgE7gBX5r0k
9g4wfXlJTT/vodJlYrs5
=TmO4
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list