TOR : relay and hidden services

Tor is software helping protect privacy on the Internet.

It relies on multiple layers onion-like router, that's why this project needs volunteers to run relay nodes.

Configure a tor relay

Tor peut avoir besoin d'ouvrir de nombreuses connexions. Réduire les limitations peut alors être une bonne idée. Ajoutez dans le fichier "/etc/sysctl.conf"

Tor may need to open lots of connexions, so you'll need to edit "/etc/sysctl.conf" to increase limits:

kern.maxfiles=20000

Install and enable tor:

# pkg_add tor
# rcctl enable tor

Then, make sure you open port 9001.

Then, edit "/etc/tor/torrc", with the following lines :

SOCKSPort 0
ORPort 9001
Nickname nick
RelayBandwidthRate 75 KB  
RelayBandwidthBurst 100 KB 
ContactInfo yourname <adress AT email dot tld>
ExitPolicy reject *:* # no exits allowed

Adjust values according to your needs and how much bandwidth you want to allocate.

Finally, restart tor and look at such messages in "var/log/messages" :

May 12 12:20:41 athome Tor[12059]: Bootstrapped 80%: Connecting to the Tor network
May 12 12:20:41 athome Tor[12059]: Bootstrapped 85%: Finishing handshake with first hop
May 12 12:20:42 athome Tor[12059]: Bootstrapped 90%: Establishing a Tor circuit
May 12 12:20:44 athome Tor[12059]: Tor has successfully opened a circuit. Looks like client functionality is working.
May 12 12:20:44 athome Tor[12059]: Bootstrapped 100%: Done
May 12 12:20:44 athome Tor[12059]: Now checking whether ORPort 109.190.xxx.xxx:9001 is reachable... (this may
take up to 20 minutes -- look for log messages indicating success)
May 12 12:21:10 athome Tor[12059]: Self-testing indicates your ORPort is reachab

Configure a hidden service

Hidden services are availables with .onion URL.

⚠ Understand it is strongly discouraged to run a relay AND a hideen service.

Enable a hidden service in "/etc/tor/torrc" :

SOCKSPort 0
HiddenServiceDir /var/tor/hidden/
HiddenServicePort 80 127.0.0.1:80

Reload Tor with "rcctl restart tor". Two new files are in "/var/tor/hidden" : "hostname" and "private_key". Find your onion URL in hostname file :

# cat /var/tor/hidden/hostname
5rud2tr7sm3oskw5.onion

KEEP private_key safe.

In the above example, we provide a website (port 80 on localhost). You can add a new section in httpd.conf to serve this URL :

server "5rud2tr7sm3oskw5.onion" {
        listen on 127.0.0.1 port 80
        # emplacement du site
        root "/htdocs/athome.tld"     
        directory index index.html
        [...]
}