Good Bad ISPs
https://community.torproject.org/relay/community-resources/good-bad-isps/
I am running one relay at netcup and one at terrhost
Installation as root
$ su
SSH: Change the default port
$ sudo nano /etc/ssh/sshd_config
$ Port 22 mit dem gewünschten SSL Port Port xxx ersetzen und # entfernen nicht vergessen
Save and exit (CTRL+O, CTRL+X)
$ sudo service ssh restart
Install Fail2ban
$ sudo apt install fail2ban
Config fail2ban
https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-debian-11
Install ufw firewall
$ apt install ufw
Config ufw
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-debian-10
allow all tor ports + ssh (new ssh port)
Install tor
Enable Automatic Software Updates
$ apt-get install unattended-upgrades apt-listchanges
Edit: /etc/apt/apt.conf.d/50unattended-upgrades
$ nano /etc/apt/apt.conf.d/50unattended-upgrades
Remove all before you add the lines below
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=TorProject";
};
Unattended-Upgrade::Package-Blacklist {
};
Save and exit (CTRL+O, CTRL+X)
Update the file /etc/apt/apt.conf.d/20auto-upgrades with the following content
$ nano etc/apt/apt.conf.d/20auto-upgrades
add
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";
Save and exit (CTRL+O, CTRL+X)
Update /etc/apt/apt.conf.d/50unattended-upgrades for automatic update
$ nano /etc/apt/apt.conf.d/50unattended-upgrades
add
Unattended-Upgrade::Automatic-Reboot "true";
Save and exit (CTRL+O, CTRL+X)
Update repository
$ apt install apt-transport-https
Create tor.list
$ touch /etc/apt/sources.list.d/tor.list
Edit tor.list
$ nano /etc/apt/sources.list.d/tor.list
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org
main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.orgmain
Save and exit (CTRL+O, CTRL+X)
Replacewith your Operating System codename.
Runlsb_release -corcat /etc/debian_versionto check the Operating System version.
Install gpg
$ apt install gpg
Then add the gpg key used to sign the packages by running the following command at your command prompt
$ wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
Update and install tor debian keyring
$ apt update
$ apt install tor deb.torproject.org-keyring
Install tor
$ apt install tor
Edit torrc
$ nano /etc/tor/torrc
Nickname myNiceRelay # Change "myNiceRelay" to something you like
ContactInfo your@e-mail # Write your e-mail and be aware it will be published
ORPort 443 # You might use a different port, should you want to
ExitRelay 0
SocksPort 0
Save and exit (CTRL+O, CTRL+X)
My torrc
Nickname xxx
ContactInfo email: xxx fingerprint: xxx matrix: xxx
MyFamily xxx,xxx
ORPort 443
ControlPort 9051
DirPort 9034
RelayBandwidthRate 120 MBits
RelayBandwidthBurst 480 MBits
ExitRelay 0
SocksPort 0
6: Optional: Limiting bandwidth usage (and traffic)
Because i have 120TB bandwidth
I have 120TB 60TB for download and 60TB for uplaod
RelayBandwidthBurst is 4x RelayBandwidthRate
https://community.torproject.org/relay/setup/post-install/
Show Hosting Bandwidth Converter
https://www.calculator.net/bandwidth-calculator.html
Restart daemon
$ systemctl restart tor@default
Tor log
$ sudo journalctl -e -u tor@default
close log press q
Install nyx for monitoring
$ apt install nyx
use sudo as normal user
If you change torrc press 2*x for updating nyx
Backup tor identity keys
After your initial installation and start of the tor daemon it is a good idea to make a backup of your relay's long term identity keys. They are located in the "keys" subfolder of your DataDirectory (simply make a copy of the entire folder and store it in a secure location). Since relays have a ramp-up time it makes sense to back up the identity key to be able to restore your relay's reputation after a disk failure - otherwise you would have to go through the ramp-up phase again. Only do this if you have a very secure place for your keys as if stolen, these keys could theoretically allow traffic decryption or impersonation.
Default locations of the keys folder:Debian/Ubuntu: /var/lib/tor/keys
Backup tor keys
$ sudo -su
$ cd /var/lib/
$ tar -cvf tor.tar.gz tor
$ mv tor.tar.gz tor ../../home/your_user
now you can download via ftp
Sources:
https://community.torproject.org/relay/setup/guard/debian-ubuntu/
https://community.torproject.org/relay/setup/post-install/
https://support.torproject.org/relay-operators/upgrade-or-move/
https://nyx.torproject.org/
Support:
Forum: https://forum.torproject.net/
Matrix: https://blog.torproject.org/entering-the-matrix/