[tor-relays] tor-instance-create vs. /etc/tor/torrc

[Moritz Bartl]

On 21.03.2018 13:46, Gary wrote:
> Firstly, delete what you dont want from
> /usr/share/tor/tor-service-defaults-torrc file and its copies. 

Please don't. As general advice, really avoid messing with configuration
files that ship with the distribution. Editing files in /usr/share is
*never* a good option.

Nusenu's suggestion to "mask" the default systemd service is much better.

> Secondly, enable logs for all relays. You will have to change the
> default file from /var/log/tor/notices.log to notices_instance1.log or
> something for each instance. This will stop race conditions for the
> logs, you will have to follow the same logic for everything else (eg
> race to use port 9050)

On systemd-based machines, journalctl takes care of logging. You do not
need to have any additional logging enabled in Tor (unless you really
want to). By default, journalctl logs are not persistent across
sessions. Also here, in most cases you will want to do it "the systemd
way" and change your logging policies globally, instead of on a custom
per-service level.

> BTW if you delete /etc/tor/torrc apt-get will ask you displaying a
> screen that says "the package maintainer has shipped a new configuration
> file what you do want to do" with about 4/5 options. It will only
> (re-)install /etc/tor/torrc if you tell it to (the default option is no
> I think).

I recommend that people use an update manager like unattended-upgrades
and let it auto-upgrade everything, and even let it auto-reboot if
necessary. Add some external monitoring (a cheap option are free
services like uptimerobot.com), and you will learn if something goes
wrong. It is better to have a Tor relay that is up to date and have it
break sometimes (I have not seen this happening ever) than to have
outdated packages/kernels.

See https://torservers.net/wiki/setup/server for some references.

-- 
Moritz Bartl
https://www.torservers.net/