02f544c71c5329ee5c9d53c0e1922dfea557e6b6
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

1) ## translation metadata
Roger Dingledine looks like we never set the...

Roger Dingledine authored 14 years ago

2) # Revision: $Revision$
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

3) # Translation-Priority: 2-medium
4) 
5) #include "head.wmi" TITLE="Tor Project: Relay Configuration Instructions" CHARSET="UTF-8"
6) <div id="content" class="clearfix">
7)   <div id="breadcrumbs">
Andrew Lewman change all of the breadcrum...

Andrew Lewman authored 14 years ago

8)     <a href="<page index>">Home &raquo; </a>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

9)     <a href="<page docs/documentation>">Documentation &raquo; </a>
10)     <a href="<page docs/tor-doc-relay>">Configure Tor Relay</a>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

11)   </div>
12)   <div id="maincol">
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

13) 
14)     <h1>Configuring a Tor relay</h1>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

15) 
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

16)     <hr>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

17) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

18)     <p>
19)     The Tor network relies on volunteers to donate bandwidth. The more
20)     people who run relays, the faster the Tor network will be. If you have
21)     at least 20 kilobytes/s each way, please help out Tor by configuring your
22)     Tor to be a relay too. We have many features that make Tor relays easy
Roger Dingledine fix a bunch of broken links...

Roger Dingledine authored 14 years ago

23)     and convenient, including <a href="<wikifaq>#RelayFlexible">rate limiting
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

24)     for bandwidth, exit policies so you can limit your exposure to abuse
25)     complaints, and support for dynamic IP addresses</a>.
26)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

27) 
Roger Dingledine fix a bunch of broken links...

Roger Dingledine authored 14 years ago

28)     <p>You can run a Tor relay on <a href="<wikifaq>#RelayOS">pretty
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

29)     much any</a> operating system. Tor relays work best on Linux, OS X Tiger
30)     or later, FreeBSD 5.x+, NetBSD 5.x+, and Windows Server 2003 or later.
31)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

32) 
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

33)     <hr>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

34)     <a id="zero"></a>
35)     <a id="install"></a>
36)     <h2><a class="anchor" href="#install">Step One: Download and Install Tor</a></h2>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

37)     <br>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

38) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

39)     <p>Before you start, you need to make sure that Tor is up and running.
40)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

41) 
Andrew Lewman rename easy-download to dow...

Andrew Lewman authored 14 years ago

42)     <p>Visit our <a href="<page download/download>">download page</a> and
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

43)     install the "Installation Bundle" for your OS.
44)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

45) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

46)     <p>If it's convenient, you might also want to use it as a client for a
47)     while to make sure it's actually working.</p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

48) 
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

49)     <hr>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

50)     <a id="setup"></a>
51)     <h2><a class="anchor" href="#setup">Step Two: Set it up as a relay</a></h2>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

52)     <br>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

53)     <ol>
54)     <li>Verify that your clock and timezone are set
55)     correctly. If possible, synchronize your clock with public <a
56)     href="http://en.wikipedia.org/wiki/Network_Time_Protocol">time
57)     servers</a>.
58)     </li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

59) 
Andrew Lewman replace the missing li

Andrew Lewman authored 13 years ago

60)     <li><strong>Manual Configuration</strong>:
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

61)     <ul>
62)     <li>Edit the bottom part of <a href="<wikifaq>#torrc">your torrc file</a>. If you want to be a public relay (recommended),
63)     make sure to define ORPort and <a href="<wikifaq>#ExitPolicies">look at ExitPolicy</a>; otherwise
64)     if you want to be a <a href="<wikifaq>#RelayOrBridge">bridge</a>
65)     for users in countries that censor their Internet,
66)     just use <a href="<page docs/bridges>#RunningABridge">these lines</a>.
67)     </li>
Andrew Lewman replace the missing li

Andrew Lewman authored 13 years ago

68)     </ul></li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

69) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

70)     <li><strong>Configuring Tor with the Vidalia Graphical Interface</strong>:
71)     <ol>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

72) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

73)     <li>
74)     	<dt>Right click on the Vidalia icon in your task bar.  Choose <tt>Control Panel</tt>.</dt>
Runa A. Sandvik closed a few tags

Runa A. Sandvik authored 13 years ago

75)     	<dd><img alt="vidalia right click menu" src="$(IMGROOT)/screenshot-win32-vidalia.png" /></dd>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

76)     </li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

77) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

78)     <li>Click <tt>Setup Relaying</tt>.</li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

79) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

80)     <li>
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

81)     	<dt>Choose <tt>Relay Traffic for the Tor network</tt> if you
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

82) want to be a public relay (recommended), or choose <tt>Help
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

83) censored users reach the Tor network</tt> if you want to be a <a
Roger Dingledine fix a bunch of broken links...

Roger Dingledine authored 14 years ago

84) href="<wikifaq>#RelayOrBridge">bridge</a> for users in countries that censor their Internet.</dt>
Runa A. Sandvik closed a few tags

Runa A. Sandvik authored 13 years ago

85)     <dd><img alt="vidalia basic settings" src="$(IMGROOT)/screenshot-win32-configure-relay-1.png" /></dd>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

86)     </li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

87) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

88)     <li>Enter a nickname for your relay, and enter contact information in
89)     case we need to contact you about problems.</li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

90) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

91)     <li>Leave <tt>Attempt to automatically configure port forwarding</tt> clicked.
92)     Push the <tt>Test</tt> button to see if it works.  If it does work, great.
93)     If not, see number 3 below.</li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

94) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

95)     <li><dt>Choose the <tt>Bandwidth Limits</tt> tab.  Select how much bandwidth you want to provide for Tor users like yourself.</dt>
Runa A. Sandvik closed a few tags

Runa A. Sandvik authored 13 years ago

96)     <dd><img alt="vidalia bandwidth limits" src="$(IMGROOT)/screenshot-win32-configure-relay-2.png" /></dd>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

97)     </li>
98) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

99)     <li><dt>Choose the <tt>Exit Policies</tt> tab.  If you want to allow others
100)     to use your relay for these services, don't change anything.  Un-check
Roger Dingledine fix a bunch of broken links...

Roger Dingledine authored 14 years ago

101)     the services you don't want to allow people to <a href="<wikifaq>#ExitPolicies">reach from your relay</a>.  If you want to be a non-exit relay, un-check all services.</dt>
Runa A. Sandvik closed a few tags

Runa A. Sandvik authored 13 years ago

102)     <dd><img alt="vidalia exit policies" src="$(IMGROOT)/screenshot-win32-configure-relay-3.png" /></dd>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

103)     </li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

104) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

105)     <li>Click the <tt>Ok</tt> button.  See Step Three below for confirmation
106)     that the relay is working correctly.</li>
107)     </ol>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

108) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

109)     <li>If you are using a firewall, open a hole in your firewall
110)     so incoming connections can reach the ports you configured
111)     (ORPort, plus DirPort if you enabled it). If you have a
112)     hardware firewall (Linksys box, cablemodem, etc) you might like <a
113)     href="http://portforward.com/">portforward.com</a>. Also, make sure you
114)     allow all <em>outgoing</em> connections too, so your relay can reach the
115)     other Tor relays.
116)     </li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

117) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

118)     <li>Restart your relay. If it <a
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

119)     href="<wikifaq>#Logs">logs
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

120)     any warnings</a>, address them.
121)     </li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

122) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

123)     <li>Subscribe to the <a
124)     href="http://archives.seul.org/or/announce/">or-announce</a>
125)     mailing list. It is very low volume, and it will keep you informed
126)     of new stable releases. You might also consider subscribing to <a
127)     href="<page docs/documentation>#MailingLists">the higher-volume Tor lists</a>
128)     too.
129)     </li>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

130) 
Runa A. Sandvik closed a few tags

Runa A. Sandvik authored 13 years ago

131)     </li></ol>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

132) 
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

133)     <hr>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

134)     <a id="check"></a>
135)     <h2><a class="anchor" href="#check">Step Three: Make sure it is working</a></h2>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

136)     <br>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

137) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

138)     <p>As soon as your relay manages to connect to the network, it will
139)     try to determine whether the ports you configured are reachable from
140)     the outside. This step is usually fast, but may take up to 20
141)     minutes. Look for a
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

142)     <a href="<wikifaq>#Logs">log
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

143)     entry</a> like
144)     <tt>Self-testing indicates your ORPort is reachable from the outside. Excellent.</tt>
145)     If you don't see this message, it means that your relay is not reachable
146)     from the outside &mdash; you should re-check your firewalls, check that it's
147)     testing the IP and port you think it should be testing, etc.
148)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

149) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

150)     <p>When it decides that it's reachable, it will upload a "server
151)     descriptor" to the directories, to let clients know
152)     what address, ports, keys, etc your relay is using. You can <a
153)     href="http://194.109.206.212/tor/status-vote/current/consensus">load one of
154)     the network statuses manually</a> and
155)     look through it to find the nickname you configured, to make sure it's
156)     there. You may need to wait up to one hour to give enough time for it to
157)     make a fresh directory.</p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

158) 
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

159)     <hr>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

160)     <a id="after"></a>
161)     <h2><a class="anchor" href="#after">Step Four: Once it is working</a></h2>
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

162)     <br>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

163) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

164)     <p>
165)     We recommend the following steps as well:
166)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

167) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

168)     <p>
169)     6. Read
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

170)     <a href="<wiki>TheOnionRouter/OperationalSecurity">about operational security</a>
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

171)     to get ideas how you can increase the security of your relay.
172)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

173) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

174)     <p>
175)     7. If you want to run more than one relay that's great, but please set <a
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

176)     href="<wikifaq>#MultipleRelays">the
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

177)     MyFamily option</a> in all your relays' configuration files.
178)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

179) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

180)     <p>
181)     8. Decide about rate limiting. Cable modem, DSL, and other users
182)     who have asymmetric bandwidth (e.g. more down than up) should
183)     rate limit to their slower bandwidth, to avoid congestion. See the <a
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

184)     href="<wikifaq>#LimitBandwidth">rate
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

185)     limiting FAQ entry</a> for details.
186)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

187) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

188)     <p>
189)     9. Back up your Tor relay's private key (stored in "keys/secret_id_key"
190)     in your DataDirectory). This is your relay's "identity," and
191)     you need to keep it safe so nobody can read the traffic that goes
192)     through your relay. This is the critical file to keep if you need to <a
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

193)     href="<wikifaq>#UpgradeRelay">move
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

194)     or restore your Tor relay</a> if something goes wrong.
195)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

196) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

197)     <p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

198) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

199)     10. If you control the name servers for your domain, consider setting your
200)     reverse DNS hostname to 'anonymous-relay', 'proxy' or 'tor-proxy', so when
201)     other people see the address in their web logs, they will more quickly
202)     understand what's going on. Adding the <a
203)     href="<gitblob>contrib/tor-exit-notice.html">Tor
204)     exit notice</a> on a vhost for this name can go a long way to deterring abuse
205)     complaints to you and your ISP if you are running an exit node.
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

206) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

207)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

208) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

209)     <p>
210)     11. If your computer isn't running a webserver, please consider
211)     changing your ORPort to 443 and your DirPort to 80. Many Tor
212)     users are stuck behind firewalls that only let them browse the
213)     web, and this change will let them reach your Tor relay. Win32
214)     relays can simply change their ORPort and DirPort directly
215)     in their torrc and restart Tor. OS X or Unix relays can't bind
216)     directly to these ports (since they don't run as root), so they will
217)     need to set up some sort of <a
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

218)     href="<wikifaq>#ServerForFirewalledClients">
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

219)     port forwarding</a> so connections can reach their Tor relay. If you are
220)     using ports 80 and 443 already but still want to help out, other useful
221)     ports are 22, 110, and 143.
222)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

223) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

224)     <p>
225)     12. If your Tor relay provides other services on the same IP address
226)     &mdash; such as a public webserver &mdash; make sure that connections to the
227)     webserver are allowed from the local host too. You need to allow these
228)     connections because Tor clients will detect that your Tor relay is the <a
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

229)     href="<wikifaq>#ExitEavesdroppers">safest
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

230)     way to reach that webserver</a>, and always build a circuit that ends
231)     at your relay. If you don't want to allow the connections, you must
232)     explicitly reject them in your exit policy.
233)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

234) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

235)     <p>
236)     13. (Unix only). Make a separate user to run the relay. If you
237)     installed the OS X package or the deb or the rpm, this is already
238)     done. Otherwise, you can do it by hand. (The Tor relay doesn't need to
239)     be run as root, so it's good practice to not run it as root. Running
240)     as a 'tor' user avoids issues with identd and other services that
241)     detect user name. If you're the paranoid sort, feel free to <a
Andrew Lewman clean up wiki and faq refer...

Andrew Lewman authored 14 years ago

242)     href="<wiki>TheOnionRouter/TorInChroot">put Tor
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

243)     into a chroot jail</a>.)
244)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

245) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

246)     <p>
247)     14. (Unix only.) Your operating system probably limits the number
248)     of open file descriptors per process to 1024 (or even less). If you
249)     plan to be running a fast exit node, this is probably not enough. On
250)     Linux, you should add a line like "toruser hard nofile 8192" to your
251)     /etc/security/limits.conf file (where toruser is the user that runs the
252)     Tor process), and then restart Tor if it's installed as a package (or log
253)     out and log back in if you run it yourself).
254)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

255) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

256)     <p>
257)     15. If you installed Tor via some package or installer, it probably starts
258)     Tor for you automatically on boot. But if you installed from source,
259)     you may find the initscripts in contrib/tor.sh or contrib/torctl useful.
260)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

261) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

262)     <p>
263)     When you change your Tor configuration, remember to verify that your
264)     relay still works correctly after the change. Be sure to set your
265)     "ContactInfo" line in the torrc so we can contact you if you need to
266)     upgrade or something goes wrong. If you have problems or questions, see
267)     the <a href="<page docs/documentation>#Support">Support</a> section or
268)     <a href="<page about/contact>">contact us</a> on the tor-ops list. Thanks
269)     for helping to make the Tor network grow!
270)     </p>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

271) 
Sebastian Hahn We decided to go with HTML...

Sebastian Hahn authored 14 years ago

272)     <hr>
Andrew Lewman move the manual config abov...

Andrew Lewman authored 13 years ago

273) 
Andrew Lewman first cut of the new, shiny...

Andrew Lewman authored 14 years ago

274)     <p>If you have suggestions for improving this document, please <a
275)     href="<page about/contact>">send them to us</a>. Thanks!</p>
276)   </div>
277)   <!-- END MAINCOL -->
278)   <div id = "sidecol">
279) #include "side.wmi"
280) #include "info.wmi"
281)   </div>
282)   <!-- END SIDECOL -->
283) </div>
284) <!-- END CONTENT -->