[tor-relays] Windows Tor Server Guide

Julien ROBIN julien.robin28 at free.fr
Sun May 17 10:41:08 UTC 2015 

Hi !

>From my memories, I think the "Expert" Tor installer for Windows is installing, registering and launching Tor as service in a completely automatic way. It must be run as administrator, if not the Tor files cannot be written to "Program Files" and the service cannot be registered into Windows. This installer could be found into "View all downloads" on the "Download Tor" page.


You will have to find where is the Tor's DataDir ! But it should not be too complicated.
Feel free to try :) I remember it as easy.

At the begining, it will not be a Tor Relay, just a Tor proxy client listening on 127.0.0.1:9050 (it will change once you will edit your torrc and restart the Tor service)



But the idea of isolating the Tor service with a dedicated user, that cannot touch anything on the system, is a pretty good idea also. I'm not sure the Expert installer does that, but it should not be too much complicated (following the "how to" should be enough for that part).



>From the task manager, you can launch the "resource manager" : into the "network" tab, you have a view of all listening socket into your system. (You can see if Tor is inside or not, for example by looking if something listens on 9050, or another port you defined on torrc file). You can also see the Tor's log file ! It's usefull as it warns you in case of problems, and it tells you if it's working.

Good luck !


PS : Expert Installer should probably not be used for browing the Internet through Tor with a "standard browser". TBB is a better solution for Browsing Internet trough Tor (thanks to a secured browser). That's why Expert Installer is a little bit "hidden", for avoiding people browing Internet with it. But for a server use, Expert Installer does the job !



----- Mail original -----
De: "Ben Serebin" <ben at reefsolutions.com>
À: "tor-relays at lists.torproject.org" <tor-relays at lists.torproject.org>
Envoyé: Dimanche 17 Mai 2015 07:59:14
Objet: Re: [tor-relays] Windows Tor Server Guide





Hi there… 



1 st post (I figured after years of donating to EFF, I should run a tor relay). I’ve searched and read many posts on tor-relays and the best Windows Tor Server Guide I found was this below one by Rafael Rodriguez. A few questions, and apologies if they seem silly, but there is scant info out there for us Windows admins. 



- is a web server needed? 

- the below email post had the slashes stripped from the path entries which makes it tricky to follow (talk about an annoying mail-list process). Overall, throw all the files in a single dir? 

- before I load it as a service, once all files and config the “torrc” can I just launch the tor.exe and then test it’s working? 

- is this the only way to run a relay on Windows? Hoping there’s a special approach to simplify the process (now I know why there aren’t more of them). 



Thanks, 

-Ben 



Rafael Rodriguez rafaelr at icctek.com 

Wed Nov 5 00:47:46 UTC 2014 



Previous message: [tor-relays] Windows Tor Server Guide 

Next message: [tor-relays] Windows Tor Server Guide 

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] 



Hi, here is it. Please, feel free to contribute to it. 



RUNNING A TOR SERVER IN WINDOWS 



- Download latest Tor Browser Bundle. 

- Install to c:tor 

- Create a temporary folder on your Desktop and name it "server". 

- Copy all files from C:TorBrowserTorBrowserDataTor to the "server" 

folder on the Desktop. 

- Browse to C:TorBrowserTorBrowserTor; delete the folder 

"PluggableTransports" and it content. 

- Copy all files from C:TorBrowserTorBrowserTor to the "server" folder 

on the Desktop. 

- Browse to C:Tor and delete everything inside that folder. C:Tor should 

be completely empty at this point. 

- Move all files from the "server" folder on your Desktop to C:Tor 

- Browse to C:Tor and create a new folder named "datadir". 

- Create a new text file in C:Tor named "notices" (I myself use 

notices.log but we want to keep it simple for users who may not know how 

to change the file extension from .txt to .log) 

- EDIT C:TORTORRC FILE: (this could be the torrc-defaults file and all 

its comments). Note that the sample below is just for references. Each 

user needs to define her/his own parameters based on their own needs and 

that's impossible for me to cover in a single file for everyone. Hence, 

each parameter should be included in the torrc-defaults with due 

comments to be used as reference. Also, noted that I'm using IPv4 geoip 

by default. Users using IPv6 should define geoip6 in their torrc file. 

Then again, I cannot use a single sample file for all deployments. The 

defaults file should be used as reference once again. 



DATADIRECTORY .DATADIR 

LOG NOTICE FILE .NOTICES.TXT 

GEOIPFILE .GEOIP 

AvoidDiskWrites 1 

SocksPort 0 

ORPort 9001 

DirPort 9030 

ExitPolicy reject *:* 

Nickname 

RelayBandwidthRate 

RelayBandwidthBurst 



Up until this point, all I've written is nothing more than using the 

default Tor Bundle to create a "Server" package. All steps above could 

be made easier for users if a "Tor Windows Server" package was available 

for download on the Tor Project or somewhere else. I refuse the idea of 

creating such package myself to distribute it since many packages could 

start floating on the net and bad intentioned people could bundle them 

with arbitrary code, viruses and so on. A Windows Installer package can 

be built for distribution though. 



Next, I will address the two main things we need to run tor as a Windows 

service (server): 



1- Install Tor as Windows Service. 

2- Security (Isolating the Tor service). 



INSTALL TOR AS WINDOWS SERVICE 



I personally use nssm [2] (Non-Sucking Service Manager) myself to 

register the service but feel free to use default Windows tools for 

registering Tor service if you believe so. Anyways, irrespective the 

tool used to register the Tor service, we just need the following: 



Service: C:Tortor.exe 

Name: TorServer 

Parameters: -f C:Tortorrc 



Start the TorServer service and everything should just work at this 

point. The datadir directory will be populated with tor files once 

started and the notices.txt file will also reflect so. 



SECURITY (Quick explanation - We can go into details later) 



- Create a Standard user account and name it Tor with a strong password. 

- Policies: 



1- Deny access to this computer from the network 

2- Deny log on locally 

3- Deny log on through Remote Desktop Services 



- NTFS Permissions for Tor windows user account: 



1- Read/Write permissions to datadir folder 

2- Read/Write permissions to notices.txt or (notices.log) file 



- Open Services, Start -> Run -> type "services.msc" without quotes, 

press enter and your Services window will pop up. Scroll down and find 

the TorServer service and double click it. Move to the LOG ON tab and 

set the "Log on as: This account: .TOR. Enter the strong password for 

the Tor user account in the password field and apply changes. Restart 

the service and now Tor will be running in its own isolated/limited 

account in Windows. 
_______________________________________________
tor-relays mailing list
tor-relays at lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

More information about the tor-relays mailing list