Difference between revisions of "How to Set Up a Tor Relay on CentOS 6"

Revision as of 16:44, 27 June 2014

UNDER CONSTRUCTION

1. Setting up the OS
   1. Follow my guide for Setting Up a Secure CentOS 6 Server
2. Installing Tor
   1. BACKUP ANY FILES YOU MODIFY. I TYPICALLY CREATE A COPY NAMED <originalname>_bak_defaults
   2. Add the Tor Project Repositories to the Yum repos list
      1. Run sudo vi /etc/yum.repos.d/torproject.repo
      2. Add the following to the file
         • [tor]
         • name=Tor experimental repo
         • enabled=1
         • baseurl=http://deb.torproject.org/torproject.org/rpm/el/6/$basearch/
         • gpgcheck=1
         • gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
         • [tor-source]
         • name=Tor experimental source repo
         • enabled=1
         • autorefresh=0
         • baseurl=http://deb.torproject.org/torproject.org/rpm/el/6/SRPMS
         • gpgcheck=1
         • gpgkey=http://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc
   3. Install tor
      1. Run sudo yum install tor
      2. Yum will ask if it is ok to install the GPG Key from torproject.org, say yes
   4. Install ntp & set it up as a daemon to keep your clock, date, & timezone accurate.
      1. Run sudo yum install ntp
      2. Start ntpd by running sudo service ntpd restart
      3. Enable ntpd to start at boot time by running sudo chkconfig ntpd on
   5. At this point you can reboot your system and hit Esc after entering your HDD Encryption Password and watch for ntpd and tor to start toward the end of the boot process if you want.
   6. Configure Tor to act as a Relay
      1. Edit /etc/tor/torrc
      2. Uncomment ORPort 9001 to enable the system as a Relay
      3. Uncomment ExitPolicy reject *:* to configure the Relay as a "common" Middle Relay
      4. Uncomment ContactInfo Random Person <nobody AT example dot com and replace the Random Person with an email address you create specifically for the Relay and forward to your standard email account
      5. Ucomment Nickname ididntedittheconfig and replace with a suitable nickname for your Relay
      6. Uncomment Address noname.example.com & update it if you have domain that identifies your Relay
      7. Uncomment DataDirectory /var/lib/tor if you want your keys/etc to be saved here. I prefer this since tor is typically run as a _tor user
      8. Uncomment ControlPort 9051 if you intend to use arm to monitor your Relay (I recommend this and will describe the installation below)
      9. Uncomment HashedControlPassword ... to use a password to secure the ControlPort. We will setup this password later
      10. Uncomment RelayBandwidthRate and RelayBandwidthBurst and set them to something suitable for your connection. I recommend running a speedtest and taking half of the upload value. Keep in mind that the configuration is in KiloBytes. This particular speedtest returns results in MegaBits. This means you must take the Mb result from the speedtest, multiply by 1000 (to convert to Kb) and then divide by 8 (to convert to KB). Then divide by 2 to get half of this value.
   7. Setup any Firewalls to pass your 9001 ORPort
      1. I use DD-WRT for my Router Firmware. It allows me to run multiple PCs on my network and direct traffic to the correct computer based on Port.

• Resources
  1. https://www.torproject.org/docs/rpms.html.en
  2. https://www.torproject.org/docs/tor-relay-debian.html.en
  3. https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-Date_and_Time_Configuration-Command_Line_Configuration-Network_Time_Protocol.html