|
|
@@ -222,51 +222,59 @@ service url</a>).</p>
|
|
|
that have at least 1Mbit each way. Currently we don't use all of that,
|
|
|
but we want it available for burst traffic.</p>
|
|
|
|
|
|
-<p>To set up a Tor server, do the following steps. Some steps are optional
|
|
|
-but recommended.</p>
|
|
|
+<p>To set up a Tor server, do the following steps after installing Tor.
|
|
|
+(These instructions are Unix-centric; let us know if you get it working
|
|
|
+on Windows.)
|
|
|
+</p>
|
|
|
|
|
|
<ul>
|
|
|
-<li>(Optional) 1. Make a separate user to run the server. If you
|
|
|
-installed the deb or the rpm, this is already done. Otherwise,
|
|
|
-you can do it by hand. (The Tor server doesn't need to be run as
|
|
|
-root, so it's good practice to not run it as root. Running as a
|
|
|
-'tor' user avoids issues with identd and other services that
|
|
|
-detect user name. If you're the paranoid sort, feel free to <a
|
|
|
-href="http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot">put Tor
|
|
|
-into a chroot jail</a>.)
|
|
|
-<li>2. Copy torrc.sample to torrc (in the default configuration this
|
|
|
+<li>1. Copy torrc.sample to torrc (in the default configuration this
|
|
|
means copy /usr/local/etc/tor/torrc.sample to /usr/local/etc/tor/torrc),
|
|
|
and edit the bottom part. Create the DataDirectory, and make sure it's
|
|
|
owned by the uid/gid that will be running tor. Fix your system clock so
|
|
|
-it's not too far off. Make sure name resolution works. Make sure each
|
|
|
+it's not too far off. Make sure name resolution works.
|
|
|
+
|
|
|
process can get to 1024 file descriptors (this should be already done
|
|
|
-for everybody but some BSD folks).
|
|
|
-<li>3. Decide what exit policy you want. By default your server allows
|
|
|
-access to many popular services, but we restrict some (such as port 25)
|
|
|
-due to abuse potential. You might want an exit policy that is either
|
|
|
-less restrictive or more restrictive; edit your torrc appropriately.
|
|
|
-If you choose a particularly open exit policy, you might want to make
|
|
|
-sure your upstream or ISP is ok with that choice.
|
|
|
-<li>4. Run tor to generate keys and then exit: <tt>tor
|
|
|
+for everybody but some BSD folks). -->
|
|
|
+<li>2. Run tor to generate keys and then exit: <tt>tor
|
|
|
--list-fingerprint</tt>. Send mail to tor-ops@freehaven.net including
|
|
|
a) this key fingerprint, b) who you are, so we know whom to contact if
|
|
|
there's any problem, and c) what kind of connectivity the new server
|
|
|
will have. If possible, PGP sign your mail.
|
|
|
-<li>5. If you are using a firewall, open a hole in your firewall so
|
|
|
+<li>3. If you are using a firewall, open a hole in your firewall so
|
|
|
incoming connections can reach the ports you configured (i.e. ORPort,
|
|
|
plus DirPort if you enabled it). Make sure outgoing connections can reach
|
|
|
at least ports 80, 443, and 9001-9033 (to get to other onion routers),
|
|
|
plus any other addresses or ports your exit policy allows.
|
|
|
-<li>6. Start your server: <tt>tor</tt>. If it logs any warnings,
|
|
|
+<li>4. Start your server: <tt>tor</tt>. If it logs any warnings,
|
|
|
address them.
|
|
|
-<li>(Optional) 7. You may find the initscripts in contrib/tor.sh or
|
|
|
+</ul>
|
|
|
+
|
|
|
+Optionally, we recommend the following steps as well:
|
|
|
+
|
|
|
+<ul>
|
|
|
+<li>1. Make a separate user to run the server. If you
|
|
|
+installed the deb or the rpm, this is already done. Otherwise,
|
|
|
+you can do it by hand. (The Tor server doesn't need to be run as
|
|
|
+root, so it's good practice to not run it as root. Running as a
|
|
|
+'tor' user avoids issues with identd and other services that
|
|
|
+detect user name. If you're the paranoid sort, feel free to <a
|
|
|
+href="http://wiki.noreply.org/wiki/TheOnionRouter/TorInChroot">put Tor
|
|
|
+into a chroot jail</a>.)
|
|
|
+<li>2. Decide what exit policy you want. By default your server allows
|
|
|
+access to many popular services, but we restrict some (such as port 25)
|
|
|
+due to abuse potential. You might want an exit policy that is either
|
|
|
+less restrictive or more restrictive; edit your torrc appropriately.
|
|
|
+If you choose a particularly open exit policy, you might want to make
|
|
|
+sure your upstream or ISP is ok with that choice.
|
|
|
+<li>3. You may find the initscripts in contrib/tor.sh or
|
|
|
contrib/torctl useful if you want to set up Tor to start at boot. Let
|
|
|
us know which script you find more useful.
|
|
|
-<li>(Optional) 8. Consider setting your hostname to 'anonymous' or
|
|
|
+<li>4. Consider setting your hostname to 'anonymous' or
|
|
|
'proxy' or 'tor-proxy' if you can, so when other people see the address
|
|
|
in their web logs or whatever, they will more quickly understand what's
|
|
|
going on.
|
|
|
-<li>(Optional) 9. If you're not running anything else on port 80 or port
|
|
|
+<li>5. If you're not running anything else on port 80 or port
|
|
|
443, please consider setting up port-forwarding and advertising these
|
|
|
low-numbered ports as your Tor server. This will help allow users behind
|
|
|
particularly restrictive firewalls to access the Tor network. See section
|
Roger Dingledine