[tor-relays] Bridge node configurations and where to find them (semi quote)

Sun Aug 25 12:40:02 UTC 2024

Dear all,

In the past, I set up a middle relay node, and today I am looking to experiment with configuring a Bridge node to support the Tor project and its community. Since this is a very sensitive task, I decided to reach out to you to ensure that the setup is correct and that the configuration does not pose any risks to users who connect.

First, I will summarize the `torrc` configuration file (I have removed the ports as they differ from the standard ones):

```
BridgeRelay 1
ORPort <port>
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:<port>
ExtORPort auto
ExitPolicy reject *:*
```

I have set two limits on the connections:
```
BandwidthRate 300 MBytes  # I want to determine how much bandwidth I can allocate without impacting my network usage.
IPv4Only
```

As for the information settings, I have used the usual `ContactInfo` and `Nickname`.

While reading the `torrc` documentation, I discovered the Sandbox feature, which is still in development. In this regard, I would like to ask whether using experimental features like this on Bridge nodes is advisable or not. Personally, I would find a feature like this very useful.

Should an anti DDoS system be configured?

I wanted to ask how I can further contribute to the Tor Project's research, as I have read that there are "Statistics" features that allow the collection of useful information for the developer community. I have two main questions about this:

1. Is it advisable to use experimental features or those that collect information on a Bridge node (assuming there is a difference between a Bridge, a Guard/Middle relay, and an Exit Node)?
2. If the answer to the first question is yes, what are all the features that I can include in the `torrc` file to passively support research within the Tor Project?

Finally, I would like to ask what information should be kept confidential when managing a Bridge. For example, I know for sure that it is important to keep the IP address confidential to avoid the risk of being blacklisted, but are there any other pieces of information that need to be protected?

To ensure that a Bridge node can be restarted on a different machine, which files need to be preserved? Are they the same as those for a standard relay (i.e., the private key), or are there additional files that need to be securely stored?

Thank you for your support and guidance.

Best regards,
Aleff

---

Browse my WebSite: aleff-gitlab.gitlab.io
Use my PGP Public Key: pgp.mit.edu/pks/lookup?op=get&search=0x7CFCE404A2168C85
Join to support:
- Free Software Foundation! (my.fsf.org/join?referrer=6202114)
- Electronic Frontier Foundation! (eff.org)
- Tor-Project (torproject.org)
- Signal (signal.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - alessandro.greco.1 at protonmail.com - 0x1D14CC10.asc
Type: application/pgp-keys
Size: 3178 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240825/6a9bcd10/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 855 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240825/6a9bcd10/attachment.sig>