docs/en/tor-doc-relay.wml
2a9aaa80
 ## translation metadata
 # Revision: $Revision: 22144 $
 # Translation-Priority: 2-medium
 
 #include "head.wmi" TITLE="Tor Project: Relay Configuration Instructions" CHARSET="UTF-8"
 <div id="content" class="clearfix">
   <div id="breadcrumbs">
b289ef06
     <a href="<page index>">Home &raquo; </a>
2a9aaa80
     <a href="<page docs/documentation>">Documentation &raquo; </a>
     <a href="<page docs/tor-doc-relay>">Configure Tor Relay</a>
   </div> 
   <div id="maincol"> 
 
     <h1>Configuring a Tor relay</h1>
     
ed5ac546
     <hr>
2a9aaa80
     
     <p>
     The Tor network relies on volunteers to donate bandwidth. The more
     people who run relays, the faster the Tor network will be. If you have
     at least 20 kilobytes/s each way, please help out Tor by configuring your
     Tor to be a relay too. We have many features that make Tor relays easy
da280ad7
     and convenient, including <a href="<wikifaq>#RelayFlexible">rate limiting
2a9aaa80
     for bandwidth, exit policies so you can limit your exposure to abuse
     complaints, and support for dynamic IP addresses</a>.
     </p>
     
da280ad7
     <p>You can run a Tor relay on <a href="<wikifaq>#RelayOS">pretty
2a9aaa80
     much any</a> operating system. Tor relays work best on Linux, OS X Tiger
     or later, FreeBSD 5.x+, NetBSD 5.x+, and Windows Server 2003 or later.
     </p>
     
ed5ac546
     <hr>
2a9aaa80
     <a id="zero"></a>
     <a id="install"></a>
     <h2><a class="anchor" href="#install">Step One: Download and Install Tor</a></h2>
ed5ac546
     <br>
2a9aaa80
     
     <p>Before you start, you need to make sure that Tor is up and running.
     </p>
     
     <p>Visit our <a href="<page download/easy-download>">download page</a> and
     install the "Installation Bundle" for your OS.
     </p>
     
     <p>If it's convenient, you might also want to use it as a client for a
     while to make sure it's actually working.</p>
     
ed5ac546
     <hr>
2a9aaa80
     <a id="setup"></a>
     <h2><a class="anchor" href="#setup">Step Two: Set it up as a relay</a></h2>
ed5ac546
     <br>
2a9aaa80
     <ol>
     <li>Verify that your clock and timezone are set
     correctly. If possible, synchronize your clock with public <a
     href="http://en.wikipedia.org/wiki/Network_Time_Protocol">time
     servers</a>.
     </li>
     
     <li><strong>Configuring Tor with the Vidalia Graphical Interface</strong>:
     <ol>
     
     <li>
     	<dt>Right click on the Vidalia icon in your task bar.  Choose <tt>Control Panel</tt>.</dt>
43d9d879
     	<dd><img alt="vidalia right click menu" src="$(IMGROOT)/screenshot-win32-vidalia.png"></dd>
2a9aaa80
     </li>
     
     <li>Click <tt>Setup Relaying</tt>.</li>
     
     <li>
f4d76878
     	<dt>Choose <tt>Relay Traffic for the Tor network</tt> if you
 want to be a public relay (recommended), or choose 		<tt>Help
 censored users reach the Tor network</tt> if you want to be a <a
da280ad7
 href="<wikifaq>#RelayOrBridge">bridge</a> for users in countries that censor their Internet.</dt>
43d9d879
     <dd><img alt="vidalia basic settings" src="$(IMGROOT)/screenshot-win32-configure-relay-1.png"></dd>
2a9aaa80
     </li>
     
     <li>Enter a nickname for your relay, and enter contact information in
     case we need to contact you about problems.</li>
     
     <li>Leave <tt>Attempt to automatically configure port forwarding</tt> clicked.
     Push the <tt>Test</tt> button to see if it works.  If it does work, great.
     If not, see number 3 below.</li>
     
     <li><dt>Choose the <tt>Bandwidth Limits</tt> tab.  Select how much bandwidth you want to provide for Tor users like yourself.</dt>
43d9d879
     <dd><img alt="vidalia bandwidth limits" src="$(IMGROOT)/screenshot-win32-configure-relay-2.png"></dd>
2a9aaa80
     </li> 
     
     <li><dt>Choose the <tt>Exit Policies</tt> tab.  If you want to allow others
     to use your relay for these services, don't change anything.  Un-check
da280ad7
     the services you don't want to allow people to <a href="<wikifaq>#ExitPolicies">reach from your relay</a>.  If you want to be a non-exit relay, un-check all services.</dt>
43d9d879
     <dd><img alt="vidalia exit policies" src="$(IMGROOT)/screenshot-win32-configure-relay-3.png"></dd>
2a9aaa80
     </li>
     
     <li>Click the <tt>Ok</tt> button.  See Step Three below for confirmation
     that the relay is working correctly.</li>
     </ol>
     
ed5ac546
     <br>
2a9aaa80
     <strong>Manual Configuration</strong>:
     <ul>
da280ad7
     <li>Edit the bottom part of <a href="<wikifaq>#torrc">your torrc file</a>. If you want to be a public relay (recommended),
     make sure to define ORPort and <a href="<wikifaq>#ExitPolicies">look at ExitPolicy</a>; otherwise
     if you want to be a <a href="<wikifaq>#RelayOrBridge">bridge</a>
2a9aaa80
     for users in countries that censor their Internet,
     just use <a href="<page docs/bridges>#RunningABridge">these lines</a>.
     </li>
     
     </ul></li>
     
     <li>If you are using a firewall, open a hole in your firewall
     so incoming connections can reach the ports you configured
     (ORPort, plus DirPort if you enabled it). If you have a
     hardware firewall (Linksys box, cablemodem, etc) you might like <a
     href="http://portforward.com/">portforward.com</a>. Also, make sure you
     allow all <em>outgoing</em> connections too, so your relay can reach the
     other Tor relays.
     </li>
     
     <li>Restart your relay. If it <a
f4d76878
     href="<wikifaq>#Logs">logs
2a9aaa80
     any warnings</a>, address them.
     </li>
     
     <li>Subscribe to the <a
     href="http://archives.seul.org/or/announce/">or-announce</a>
     mailing list. It is very low volume, and it will keep you informed
     of new stable releases. You might also consider subscribing to <a
     href="<page docs/documentation>#MailingLists">the higher-volume Tor lists</a>
     too.
     </li>
     
     </ol>
     
ed5ac546
     <hr>
2a9aaa80
     <a id="check"></a>
     <h2><a class="anchor" href="#check">Step Three: Make sure it is working</a></h2>
ed5ac546
     <br>
2a9aaa80
     
     <p>As soon as your relay manages to connect to the network, it will
     try to determine whether the ports you configured are reachable from
     the outside. This step is usually fast, but may take up to 20
     minutes. Look for a
f4d76878
     <a href="<wikifaq>#Logs">log
2a9aaa80
     entry</a> like
     <tt>Self-testing indicates your ORPort is reachable from the outside. Excellent.</tt>
     If you don't see this message, it means that your relay is not reachable
     from the outside &mdash; you should re-check your firewalls, check that it's
     testing the IP and port you think it should be testing, etc.
     </p>
     
     <p>When it decides that it's reachable, it will upload a "server
     descriptor" to the directories, to let clients know
     what address, ports, keys, etc your relay is using. You can <a
     href="http://194.109.206.212/tor/status-vote/current/consensus">load one of
     the network statuses manually</a> and
     look through it to find the nickname you configured, to make sure it's
     there. You may need to wait up to one hour to give enough time for it to
     make a fresh directory.</p>
     
ed5ac546
     <hr>
2a9aaa80
     <a id="after"></a>
     <h2><a class="anchor" href="#after">Step Four: Once it is working</a></h2>
ed5ac546
     <br>
2a9aaa80
     
     <p>
     We recommend the following steps as well:
     </p>
     
     <p>
     6. Read
f4d76878
     <a href="<wiki>TheOnionRouter/OperationalSecurity">about operational security</a>
2a9aaa80
     to get ideas how you can increase the security of your relay.
     </p>
     
     <p>
     7. If you want to run more than one relay that's great, but please set <a
f4d76878
     href="<wikifaq>#MultipleRelays">the
2a9aaa80
     MyFamily option</a> in all your relays' configuration files.
     </p>
     
     <p>
     8. Decide about rate limiting. Cable modem, DSL, and other users
     who have asymmetric bandwidth (e.g. more down than up) should
     rate limit to their slower bandwidth, to avoid congestion. See the <a
f4d76878
     href="<wikifaq>#LimitBandwidth">rate
2a9aaa80
     limiting FAQ entry</a> for details.
     </p>
     
     <p>
     9. Back up your Tor relay's private key (stored in "keys/secret_id_key"
     in your DataDirectory). This is your relay's "identity," and
     you need to keep it safe so nobody can read the traffic that goes
     through your relay. This is the critical file to keep if you need to <a
f4d76878
     href="<wikifaq>#UpgradeRelay">move
2a9aaa80
     or restore your Tor relay</a> if something goes wrong.
     </p>
     
     <p>
     
     10. If you control the name servers for your domain, consider setting your
     reverse DNS hostname to 'anonymous-relay', 'proxy' or 'tor-proxy', so when
     other people see the address in their web logs, they will more quickly
     understand what's going on. Adding the <a
     href="<gitblob>contrib/tor-exit-notice.html">Tor
     exit notice</a> on a vhost for this name can go a long way to deterring abuse
     complaints to you and your ISP if you are running an exit node.
     
     </p>
     
     <p>
     11. If your computer isn't running a webserver, please consider
     changing your ORPort to 443 and your DirPort to 80. Many Tor
     users are stuck behind firewalls that only let them browse the
     web, and this change will let them reach your Tor relay. Win32
     relays can simply change their ORPort and DirPort directly
     in their torrc and restart Tor. OS X or Unix relays can't bind
     directly to these ports (since they don't run as root), so they will
     need to set up some sort of <a
f4d76878
     href="<wikifaq>#ServerForFirewalledClients">
2a9aaa80
     port forwarding</a> so connections can reach their Tor relay. If you are
     using ports 80 and 443 already but still want to help out, other useful
     ports are 22, 110, and 143.
     </p>
     
     <p>
     12. If your Tor relay provides other services on the same IP address
     &mdash; such as a public webserver &mdash; make sure that connections to the
     webserver are allowed from the local host too. You need to allow these
     connections because Tor clients will detect that your Tor relay is the <a
f4d76878
     href="<wikifaq>#ExitEavesdroppers">safest
2a9aaa80
     way to reach that webserver</a>, and always build a circuit that ends
     at your relay. If you don't want to allow the connections, you must
     explicitly reject them in your exit policy.
     </p>
     
     <p>
     13. (Unix only). Make a separate user to run the relay. If you
     installed the OS X package or the deb or the rpm, this is already
     done. Otherwise, you can do it by hand. (The Tor relay doesn't need to
     be run as root, so it's good practice to not run it as root. Running
     as a 'tor' user avoids issues with identd and other services that
     detect user name. If you're the paranoid sort, feel free to <a
f4d76878
     href="<wiki>TheOnionRouter/TorInChroot">put Tor
2a9aaa80
     into a chroot jail</a>.)
     </p>
     
     <p>
     14. (Unix only.) Your operating system probably limits the number
     of open file descriptors per process to 1024 (or even less). If you
     plan to be running a fast exit node, this is probably not enough. On
     Linux, you should add a line like "toruser hard nofile 8192" to your
     /etc/security/limits.conf file (where toruser is the user that runs the
     Tor process), and then restart Tor if it's installed as a package (or log
     out and log back in if you run it yourself).
     </p>
     
     <p>
     15. If you installed Tor via some package or installer, it probably starts
     Tor for you automatically on boot. But if you installed from source,
     you may find the initscripts in contrib/tor.sh or contrib/torctl useful.
     </p>
     
     <p>
     When you change your Tor configuration, remember to verify that your
     relay still works correctly after the change. Be sure to set your
     "ContactInfo" line in the torrc so we can contact you if you need to
     upgrade or something goes wrong. If you have problems or questions, see
     the <a href="<page docs/documentation>#Support">Support</a> section or
     <a href="<page about/contact>">contact us</a> on the tor-ops list. Thanks
     for helping to make the Tor network grow!
     </p>
     
ed5ac546
     <hr>
2a9aaa80
     
     <p>If you have suggestions for improving this document, please <a
     href="<page about/contact>">send them to us</a>. Thanks!</p>
   </div>
   <!-- END MAINCOL -->
   <div id = "sidecol">
 #include "side.wmi"
 #include "info.wmi"
   </div>
   <!-- END SIDECOL -->
 </div>
 <!-- END CONTENT -->
 #include <foot.wmi>