Nixius
/
tor-relay
2
0
Fork 0
Code Pull Requests Packages Activity
tor-relay/README.md

5.1 KiB
Raw Permalink Blame History

Tor-Relay

Disclaimer

This is a super basic template for running your own Tor relay node inside a SCRATCH container, adding an extra layer of security. Feel free to modify your own fork with a custom torrc file to enable SOCKS if needed. The default configuration is designed to be secure and to minimize unnecessary risks. The aim is to make it easier for anyone to contribute relay bandwidth without the complexities of running a guard or exit node, thereby avoiding potential issues related to timing attacks and other security concerns.

Repository: https://git.nixc.us/Nixius/tor-relay

You can pull the pre-built Docker container or build it yourself.

Example torrc Configuration

# Define this as a relay-only node
SocksPort 0           # Disable SOCKS port; this is a relay, not a client proxy.
ORPort 9001           # Port for accepting connections from other Tor nodes.
DirPort 9030          # Port for serving directory information to other Tor nodes.
ExitRelay 0           # Disable exit relay functionality to prevent traffic from exiting to the internet through this relay.

# Bandwidth limits
RelayBandwidthRate 100 KB    # Maximum average bandwidth rate allowed for traffic (100 KB/s).
RelayBandwidthBurst 200 KB   # Maximum burst bandwidth rate allowed (200 KB/s).

# Nickname and contact info
Nickname YourRelayNickname   # Unique nickname for your relay.
ContactInfo your-email@example.com  # Contact information for the relay operator, used by Tor network administrators.

# Optionally, configure logs
Log notice stdout   # Log messages at 'notice' level to standard output.

# Uncomment and provide the correct paths if you have GeoIP files
# GeoIPFile /path/to/geoip      # Path to the GeoIP data file for country-to-IP mapping.
# GeoIPv6File /path/to/geoip6   # Path to the GeoIPv6 data file for country-to-IP mapping.

# Accounting settings to limit bandwidth usage within specified periods
AccountingStart month 1 00:00  # Start accounting on the 1st of each month at midnight.
AccountingMax 10 GB            # Limit the total data transfer to 10 GB per accounting period (1 month).

# Advanced options
ClientUseIPv6 1   # Enable IPv6 for client connections.
ServerTransportListenAddr obfs4 0.0.0.0:9002  # Configure obfs4 pluggable transport on port 9002 for additional obfuscation.

# Uncomment and provide the fingerprints of your other relays to declare node family
# MyFamily $FingerPrint1,$FingerPrint2  # List of fingerprints for other relays you operate to prevent them from being used in the same circuit.

Explanation of Settings

  • SocksPort 0: Disables the SOCKS port since this is a relay, not a client proxy. This reduces the attack surface.
  • ORPort 9001: The port on which Tor will accept connections from other Tor nodes. Ensure this port is open in your firewall and router.
  • DirPort 9030: The port on which Tor will serve directory information to other Tor nodes. This uses additional bandwidth for directory services.
  • ExitRelay 0: Disables exit relay functionality to prevent traffic from exiting to the internet through this relay, avoiding legal and abuse complaints.
  • RelayBandwidthRate 100 KB: Controls the maximum average bandwidth rate to prevent network congestion and manage costs.
  • RelayBandwidthBurst 200 KB: Sets the maximum burst bandwidth rate allowed.
  • Nickname and ContactInfo: Provides a unique nickname and contact information for the relay. This helps network administrators contact you if there are issues.
  • Log notice stdout: Logs messages at the 'notice' level to standard output for monitoring and troubleshooting.
  • GeoIPFile /path/to/geoip and GeoIPv6File /path/to/geoip6: Paths to GeoIP data files for geographic information logging. Uncomment and set these if you have GeoIP files.
  • AccountingStart month 1 00:00 and AccountingMax 10 GB: Manages bandwidth usage by limiting total data transfer to 10 GB per month, starting on the 1st of each month.
  • ClientUseIPv6 1: Enables IPv6 support, increasing connectivity options.
  • ServerTransportListenAddr obfs4 0.0.0.0:9002: Adds support for obfs4 (an advanced pluggable transport) on port 9002, providing additional obfuscation to bypass censorship.
  • MyFamily $FingerPrint1,$FingerPrint2: If you operate multiple relays, you can declare them as a family to prevent Tor from using them in the same circuit, enhancing security. Uncomment and set this if you have multiple relays.

Building and Running the Docker Container

  1. Clone the repository:

    git clone https://git.nixc.us/Nixius/tor-relay.git
cd tor-relay

  2. Build the Docker Image:

    docker build -t tor-relay-scratch .

  3. Run the Docker Container:

    docker run -d --name tor-relay-scratch -p 9001:9001 -p 9030:9030 tor-relay-scratch

  4. Check the Logs:

    docker logs -f tor-relay-scratch

This setup provides a secure and minimal Tor relay configuration, making it easier for anyone to contribute relay bandwidth while avoiding the complexities and risks associated with running a guard or exit node.