[tor-relays] Quick bugfix sharing regarding obfs4 malfunctioning

[telekobold]

Hi,

I just want to share some quick bugfix with you (sorry if this is 
obvious to you or has been written somewhere else).

Suddenly, I got the following error messages on my two bridges running 
on Debian 11 appearing in the logs (in /var/log/tor/notices.log and in 
the nyx output) every second until a restart:

<timestamp> [warn] Managed proxy "/usr/bin/obfs4proxy" process 
terminated with status code 65280
<timestamp> [warn] Server managed proxy encountered a method error. 
(obfs4 listen tcp 0.0.0.0:443: bind: permission denied)
<timestamp> [warn] Managed proxy '/usr/bin/obfs4proxy' was spawned 
successfully, but it didn't launch any pluggable transport listeners!

When restarting the corresponding bridge, in the startup process the 
second and the third of the above warning messages again appeared in the 
logs. So obfs4 was suddenly not usable any more. Port 443 is not blocked 
in the bridge's firewalls.

A bit research reveled that apparently, an automatic update set the 
systemd setting "NoNewPrivileges=no" in 
/lib/systemd/system/tor at default.service and tor at .service [1] back to 
yes, which caused the above issue. After setting it back and restarting, 
everything works fine now and instead of the warning messages mentioned 
above, the following message appears in the log again:

<timestamp> [notice] Registered server transport 'obfs4' at '[::]:443'

(Several places recommend to set the obfs4 port to 443 to get around 
restrictive firewalls, so I didn't want to set it to something else).

Kind regards
telekobold

[1] 
http://xmrhfasfg5suueegrnc4gsgyi2tyclcy5oz7f5drnrodmdtob6t2ioyd.onion/relay/setup/bridge/debian-ubuntu/