[tor-relays] tor-instance-create vs. /etc/tor/torrc

Gary jaffacakemonster53 at gmail.com
Wed Mar 21 12:46:08 UTC 2018 

Hello.

The ultra-paranoid would comment that it is better to have dedicated
machines / VM's for each instance, and that machine should do nothing more
than be a relay. However sometimes that isn't an option so instead there is
tor-instance-create.

It sounds like your problems are in a file at
/usr/share/tor/tor-service-defaults-torrc. Even if in your /etc/tor/torrc
file you dont enable the SOCKSport, control port etc, they will be enabled
because of this service defaults file. I believe there will also be copies
of this service-defaults in /use/share/tor for instances to use.

In the default configuration, tor-instance-create will end up with two
relays trying to use SOCKSport 9050, enable control port at 9051 with
cookie and a few other things (yet more race conditions) AND no logs so you
have no idea what is happening.

Firstly, delete what you dont want from
/usr/share/tor/tor-service-defaults-torrc file and its copies. Try to use
/etc/tor/torr and /etc/tor/instances/instance_name/torrc for all options
and it will be easier to manage.

Secondly, enable logs for all relays. You will have to change the default
file from /var/log/tor/notices.log to notices_instance1.log or something
for each instance. This will stop race conditions for the logs, you will
have to follow the same logic for everything else (eg race to use port 9050)

Lastly, if you want to stop the "first/main" instance from running I use
sudo service tor stop, but this will change depending on your machine / OS.

BTW if you delete /etc/tor/torrc apt-get will ask you displaying a screen
that says "the package maintainer has shipped a new configuration file what
you do want to do" with about 4/5 options. It will only (re-)install
/etc/tor/torrc if you tell it to (the default option is no I think).

I hope that helps.

Thanks.


On 21 March 2018 at 05:43, Igor Mitrofanov <igor.n.mitrofanov at gmail.com>
wrote:

> Hi,
>
> I use tor-instance-create to spawn a number of relay instances.
> However, there seems to be one extra instance running - the default
> one that reads /etc/tor/torrc (and not
> /etc/tor/instances/INSTANCE/torrc).
>
> How do I disable that default tor relay? It opens port 9050 and does
> who else knows what by default. I can delete /etc/tor/torrc and it
> seems to do the trick, however, I am not sure how permanent this
> change will be with automatic package updates.
>
> Thanks!
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180321/3fd2c3f7/attachment.html>

More information about the tor-relays mailing list