[tor-relays] New Relay Online/Working on AWS Cloud Torproject

Conrad Rockenhaus conrad at rockenhaus.com
Wed Dec 20 14:35:38 UTC 2017 


> On Dec 20, 2017, at 5:01 AM, teor <teor2345 at gmail.com> wrote:
> 
> 
> On 20 Dec 2017, at 20:59, Conrad Rockenhaus <conrad at rockenhaus.com <mailto:conrad at rockenhaus.com>> wrote:
> 
>> ConradsAWSRelay was started back up on a new AWS instance running Amazon Linux and it’s hash is now 9F7F05699131E1E2A22F70B83E8CBB4671F5FEE2. I have upgraded to Tor 0.3.1.9…. I had issues with getting the libevent development header dependencies resolved on Amazon Linux so I just compiled it on Red Hat and brought it over. More than likely I overlooked something and caused a cascade of failures from there, anyway, it’s up.
>> 
>> Additionally, I brought up ConradsAWSExit, 1B47E33F9D422CC97BD2DDA1F082BFF2FC58E79A, to help out with that area. I may bandwidth limit this one depending on load,  I will have to wait and see how much traffic it gets since I don’t have unlimited $$$ to allocate to my new hobby :).
> 
> Yes, running nodes at AWS can be expensive.
> I'm also interested to see what abuse complaints you get.

I’m mainly running this stuff on AWS because AWS is my playground for the new Cloud based solution I’m working on, just because I can start instances up with Amazon Linux, FreeBSD, Debian, etc. I am interested to see what the abuse process is as well. I will ensure that the costs are controlled so I’m not out of pocket too much.

Eventually the permanent home will be moved to the new cabinet I’m going to be renting at a datacenter near my home.

> 
>> If someone could take another look and provide me any feedback/constructive criticism about these two nodes, I would greatly appreciate it.
> 
> Since you control multiple relays, please set MyFamily on all of them:
> 
> MyFamily fingerprint1,fingerprint2
> 
> This is important because they are in different IPv4 /16s.
> (It will be even more important if one has the Guard flag, and the other
> has the Exit flag.)

Done, should see it in atlas within the hour.

> 
> Does AWS have native IPv6 yet?
> 
> If so, please set on both relays:
> 
> ORPort [IPv6]:Port
> 
> And on the Exit:
> 
> IPv6Exit 1
> 
> You could connect to IPv6 using a nearby free tunnel service
> (Hurricane Electric is good, and has good peering with AWS),
> but this is not as fast or reliable as native IPv6.
> 
> But as a learning experience, it's a good way to get IPv6.
> 

I see that AWS does have native IPv6, but I have to get it enabled on my VPC before I can get these two instances up on IPv6. I will let y’all know when that’s done.


>> Thank you for everyone’s advise! I also appreciate the input regarding the revitalization of the Cloud project again. Another person has also volunteered to assist in the project so hopefully things should start moving here pretty soon!
> 
> That's exciting.
> It would be great for people to be able to choose between multiple
> providers. Free VPSs are a great way to learn how to set up a relay.
> 
> The biggest issue with the cloud image was that it wasn't kept up
> to date. I wonder if there's a way of doing that automatically.
> 
> I also wonder if there's a way of giving people a BSD image option
> as well.

My intent with the new cloud image architecture is to provide a multi-arch, portable, fast, and secure solution that will deploy tor relays. Another person has volunteered to assist me with this so with three people working on this I do hope that we will be able to keep things up to date, but my main goal is to have that somewhat automated.

Speaking of which, I do wonder what the thoughts are on this idea. I would like to have two derivatives of the cloud package, one for novices and one for those who do not consider themselves novices. The novice package will be centrally managed by Puppet, so all the user has to do is spin up an instance, updates will be handled by the master.

The non-novice package will be managed by chef. My main question is what are the thoughts on using Puppet? Would that be an acceptable solution for a non-novice solution or is that too much of a risk?

Thanks,

Conrad

> 
> T
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20171220/fc08454f/attachment.html>

More information about the tor-relays mailing list