[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [community/develop] Added Fedora Instructions



commit 3adaf16263e0a38e70918ad03c9e3ca6ea3929bf
Author: Christopher King <bunnyapocalypse@xxxxxxxxxxxxxx>
Date:   Fri Aug 30 23:55:39 2019 +0000

    Added Fedora Instructions
    
    So this is what I needed to do in order to get my fedora server up and running as a bridge, and I've added these instructions as if these problems only affect Fedora users, but I would be surprised if that's the case, because the alternative ports that are encouraged in this guide for ORPort and ServerTransportListenAddr are exactly what selinux is supposed to stop. Because of that, I'd imagine that this would function the same on CentOS SUSE and RHEL.
    
     As for why the fedora instructions install the executable into normal bin, that's because you run into selinux problems there too when it's in /usr/local/bin , but problems that were more complicated than my tiny selinux knowledge can deal with.
    
    policycoreutils-python-utils is needed for semanage.
---
 .../bridge/centos-rhel-opensuse/contents.lr        | 56 ++++++++++++++++++++++
 1 file changed, 56 insertions(+)

diff --git a/content/relay-operations/technical-setup/bridge/centos-rhel-opensuse/contents.lr b/content/relay-operations/technical-setup/bridge/centos-rhel-opensuse/contents.lr
index 43f3883..29c68ff 100644
--- a/content/relay-operations/technical-setup/bridge/centos-rhel-opensuse/contents.lr
+++ b/content/relay-operations/technical-setup/bridge/centos-rhel-opensuse/contents.lr
@@ -21,6 +21,12 @@ yum install git golang tor
 zypper install tor go git
 ```
 
+* Fedora:
+
+```
+dnf install git golang tor policycoreutils-python-utils
+```
+
 ### 2. Build obfs4proxy and move it into place.
 
 Heavily outdated versions of git can make `go get` fail, so try upgrading to a more recent git version if you're running into this problem.
@@ -42,8 +48,18 @@ go get gitlab.com/yawning/obfs4.git/obfs4proxy
 sudo cp $GOPATH/bin/obfs4proxy /usr/local/bin/
 ```
 
+* Fedora:
+
+```
+export GOPATH=`mktemp -d`
+go get gitlab.com/yawning/obfs4.git/obfs4proxy
+sudo cp $GOPATH/bin/obfs4proxy /usr/bin/
+```
+
 ### 3. Edit your Tor config file, usually located at `/etc/tor/torrc` and replace its content with:
 
+* CentOS / RHEL / OpenSUSE:
+
 ```
 RunAsDaemon 1
 BridgeRelay 1
@@ -73,6 +89,36 @@ ContactInfo <address@xxxxxxxxx>
 # Pick a nickname that you like for your bridge.  This is optional.
 Nickname PickANickname
 ```
+* Fedora:
+
+```
+RunAsDaemon 1
+BridgeRelay 1
+
+# Replace "TODO" with a Tor port of your choice.  This port must be externally
+# reachable.  Avoid port 9001 because it's commonly associated with Tor and
+# censors may be scanning the Internet for this port.
+ORPort TODO
+
+ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
+
+# Replace "TODO" with an obfs4 port of your choice.  This port must be
+# externally reachable.  Avoid port 9001 because it's commonly associated with
+# Tor and censors may be scanning the Internet for this port.
+ServerTransportListenAddr obfs4 0.0.0.0:TODO
+
+# Local communication port between Tor and obfs4.  Always set this to "auto".
+# "Ext" means "extended", not "external".  Don't try to set a specific port
+# number, nor listen on 0.0.0.0.
+ExtORPort auto
+
+# Replace "<address@xxxxxxxxx>" with your email address so we can contact you if
+# there are problems with your bridge.  This is optional but encouraged.
+ContactInfo <address@xxxxxxxxx>
+
+# Pick a nickname that you like for your bridge.  This is optional.
+Nickname PickANickname
+```
 
  Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`, and `Nickname` options.
 
@@ -80,8 +126,18 @@ Nickname PickANickname
 
 ### 4. Restart tor
 
+* CentOS / RHEL / OpenSUSE:
+
 `systemctl restart tor`
 
+* Fedora:
+
+```
+sudo semanage port -a -t tor_port_t -p tcp [desired ORPort number set earlier]
+sudo semanage port -a -t tor_port_t -p tcp [desired ServerTransportListenAddr port number set earlier]
+systemctl restart tor
+```
+
 ### 5. Monitor your logs (usually in your syslog)
 
 To confirm your bridge is running with no issues, you should see something like this:



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits