[tor-relays] Windows Tor Server Guide
julien.robin28 at free.fr
Sun May 17 10:41:08 UTC 2015
>From my memories, I think the "Expert" Tor installer for Windows is installing, registering and launching Tor as service in a completely automatic way. It must be run as administrator, if not the Tor files cannot be written to "Program Files" and the service cannot be registered into Windows. This installer could be found into "View all downloads" on the "Download Tor" page.
You will have to find where is the Tor's DataDir ! But it should not be too complicated.
Feel free to try :) I remember it as easy.
At the begining, it will not be a Tor Relay, just a Tor proxy client listening on 127.0.0.1:9050 (it will change once you will edit your torrc and restart the Tor service)
But the idea of isolating the Tor service with a dedicated user, that cannot touch anything on the system, is a pretty good idea also. I'm not sure the Expert installer does that, but it should not be too much complicated (following the "how to" should be enough for that part).
>From the task manager, you can launch the "resource manager" : into the "network" tab, you have a view of all listening socket into your system. (You can see if Tor is inside or not, for example by looking if something listens on 9050, or another port you defined on torrc file). You can also see the Tor's log file ! It's usefull as it warns you in case of problems, and it tells you if it's working.
Good luck !
PS : Expert Installer should probably not be used for browing the Internet through Tor with a "standard browser". TBB is a better solution for Browsing Internet trough Tor (thanks to a secured browser). That's why Expert Installer is a little bit "hidden", for avoiding people browing Internet with it. But for a server use, Expert Installer does the job !
----- Mail original -----
De: "Ben Serebin" <ben at reefsolutions.com>
À: "tor-relays at lists.torproject.org" <tor-relays at lists.torproject.org>
Envoyé: Dimanche 17 Mai 2015 07:59:14
Objet: Re: [tor-relays] Windows Tor Server Guide
1 st post (I figured after years of donating to EFF, I should run a tor relay). I’ve searched and read many posts on tor-relays and the best Windows Tor Server Guide I found was this below one by Rafael Rodriguez. A few questions, and apologies if they seem silly, but there is scant info out there for us Windows admins.
- is a web server needed?
- the below email post had the slashes stripped from the path entries which makes it tricky to follow (talk about an annoying mail-list process). Overall, throw all the files in a single dir?
- before I load it as a service, once all files and config the “torrc” can I just launch the tor.exe and then test it’s working?
- is this the only way to run a relay on Windows? Hoping there’s a special approach to simplify the process (now I know why there aren’t more of them).
Rafael Rodriguez rafaelr at icctek.com
Wed Nov 5 00:47:46 UTC 2014
Previous message: [tor-relays] Windows Tor Server Guide
Next message: [tor-relays] Windows Tor Server Guide
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi, here is it. Please, feel free to contribute to it.
RUNNING A TOR SERVER IN WINDOWS
- Download latest Tor Browser Bundle.
- Install to c:tor
- Create a temporary folder on your Desktop and name it "server".
- Copy all files from C:TorBrowserTorBrowserDataTor to the "server"
folder on the Desktop.
- Browse to C:TorBrowserTorBrowserTor; delete the folder
"PluggableTransports" and it content.
- Copy all files from C:TorBrowserTorBrowserTor to the "server" folder
on the Desktop.
- Browse to C:Tor and delete everything inside that folder. C:Tor should
be completely empty at this point.
- Move all files from the "server" folder on your Desktop to C:Tor
- Browse to C:Tor and create a new folder named "datadir".
- Create a new text file in C:Tor named "notices" (I myself use
notices.log but we want to keep it simple for users who may not know how
to change the file extension from .txt to .log)
- EDIT C:TORTORRC FILE: (this could be the torrc-defaults file and all
its comments). Note that the sample below is just for references. Each
user needs to define her/his own parameters based on their own needs and
that's impossible for me to cover in a single file for everyone. Hence,
each parameter should be included in the torrc-defaults with due
comments to be used as reference. Also, noted that I'm using IPv4 geoip
by default. Users using IPv6 should define geoip6 in their torrc file.
Then again, I cannot use a single sample file for all deployments. The
defaults file should be used as reference once again.
LOG NOTICE FILE .NOTICES.TXT
ExitPolicy reject *:*
Up until this point, all I've written is nothing more than using the
default Tor Bundle to create a "Server" package. All steps above could
be made easier for users if a "Tor Windows Server" package was available
for download on the Tor Project or somewhere else. I refuse the idea of
creating such package myself to distribute it since many packages could
start floating on the net and bad intentioned people could bundle them
with arbitrary code, viruses and so on. A Windows Installer package can
be built for distribution though.
Next, I will address the two main things we need to run tor as a Windows
1- Install Tor as Windows Service.
2- Security (Isolating the Tor service).
INSTALL TOR AS WINDOWS SERVICE
I personally use nssm  (Non-Sucking Service Manager) myself to
register the service but feel free to use default Windows tools for
registering Tor service if you believe so. Anyways, irrespective the
tool used to register the Tor service, we just need the following:
Parameters: -f C:Tortorrc
Start the TorServer service and everything should just work at this
point. The datadir directory will be populated with tor files once
started and the notices.txt file will also reflect so.
SECURITY (Quick explanation - We can go into details later)
- Create a Standard user account and name it Tor with a strong password.
1- Deny access to this computer from the network
2- Deny log on locally
3- Deny log on through Remote Desktop Services
- NTFS Permissions for Tor windows user account:
1- Read/Write permissions to datadir folder
2- Read/Write permissions to notices.txt or (notices.log) file
- Open Services, Start -> Run -> type "services.msc" without quotes,
press enter and your Services window will pop up. Scroll down and find
the TorServer service and double click it. Move to the LOG ON tab and
set the "Log on as: This account: .TOR. Enter the strong password for
the Tor user account in the password field and apply changes. Restart
the service and now Tor will be running in its own isolated/limited
account in Windows.
tor-relays mailing list
tor-relays at lists.torproject.org
More information about the tor-relays