[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] relay behind reverse proxy

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] relay behind reverse proxy
From: s7r <s7r@xxxxxxxxxx>
Date: Mon, 09 Mar 2015 23:03:46 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 09 Mar 2015 17:04:04 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1425935032; bh=d5VI+l+uHEIMUCuXskAFi6cw25TdoQRmdO2TSvc9SJA=; h=Message-ID:Date:From:Reply-To:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Content-Transfer-Encoding; b=cZRB+81EMJ+v3EHZHqD62BXVqdoF8oQ0TVfiNE0hfpynSbeBsxozyvb+rKGBVsiii HG2r7B9oL1BJqRlEx+KsxzxEdJlzUG4qBcUf6qtKfBbSjfTeyq6bxDmFmlUWeH3hvz 2vS8QDR7RH13297aUnuv8JBSBJMJbh2NW/SvHzMM=
In-reply-to: <54FDDD48.7020902@xxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <54FD8830.4080103@xxxxxxxxxx> <54FDAF9E.10709@xxxxxxxxxx> <54FDDD48.7020902@xxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi again

I don't know anything about haproxy config and how it should look like
unfortunately.

As for torrc:

ORPort <ip address, where the proxy forwards the requests>:3128
NoAdevertise
ORPort <ip address of the actual proxy, where the server should be
reached>:3128 NoListen

remove Address line.

Leave the contact info and other settings. Let us know if it works
this way.

On 3/9/2015 7:50 PM, efkin wrote:
> 
> 
> On 03/09/2015 03:35 PM, s7r wrote:
>> If you are using the free nginx, community project, that will
>> only allow you to deploy a http(s) proxy. Only the commercial
>> (paid) nginx allows you to deploy a TCP proxy (handles all TCP
>> traffic), which is what you need for a Tor relay.
> 
> nice to know!
> 
>> If you want to use a proxy, you should look into a TCP proxy
>> which will handle any type of TCP traffic, regardless of
>> protocol. (Tor uses http for directory requests [DirPort] but not
>> for ORPort). Make sure your relay can reach the other relays in
>> the consensus and it doesn't have any kind of restrictions or
>> limitations such as being able only to talk on certain ports or
>> reach a limited number of IP addresses, etc. Your relay needs to
>> be able to connect to all the other relays, so the clients can
>> build circuits through it.
> 
>> A free open source solution might be haproxy ( 
>> http://www.haproxy.org/ ) Maybe this will help you with your 
>> setup.
> 
> Took a look at it and is quite cool.
> 
>> Make sure you properly bind DirPort and ORPort to the correct 
>> interface and use NoAdvertise and NoListen accordingly. Provide 
>> more information about your setup and the relevant configs, if
>> you are not able to do it.
> 
> i just setup: ORPort 3128 Address oni-on.cf
> 
> and some other stuff like nicks and contact info.
> 
> my haproxy config is somehting like this:
> 
> frontend oni-on bind *:3128
> 
> acl host_onion hdr(host) oni-on.cf
> 
> use_backend onion if host_onion
> 
> 
> it seems that when it checks for reachability at the end of 20 mins
> it does not manage to reach it.
> 
> 
>> Thanks for running a relay!
> 
> still trying to set it up but a pleasure.
> 
> 
>> On 3/9/2015 1:46 PM, efkin wrote:
>>> hello tor ^.^
> 
>>> i'm trying to setup a tor relay behind a nginx reverse
>>> proxy... i would like to know if it's correctly setup.
> 
>>> i have this warn in the logs:
> 
>>> [warn] Received http status code 404 ("Not found") from server
>>>  '85.14.240.188:443' while fetching 
>>> "/tor/keys/fp/27B6B5996C426270A5C95488AA5BCEB6BCC86956".
> 
> 
>>> but then in the same log little bit after:
> 
>>> [notice] Tor has successfully opened a circuit. Looks like
>>> client functionality is working.
> 
>>> last message is : Now checking whether ORPort X.X.X.X:9001 is 
>>> reachable... (this may take up to 20 minutes -- look for log 
>>> messages indicating success)
> 
> 
>>> thx for support.
> 
>>> it's a great community!
> 
>>> efkin _______________________________________________
>>> tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx 
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>>> 
>> _______________________________________________ tor-relays
>> mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx 
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
> _______________________________________________ tor-relays mailing
> list tor-relays@xxxxxxxxxxxxxxxxxxxx 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQEcBAEBCAAGBQJU/gqyAAoJEIN/pSyBJlsRrXsIAIuK70LrNYTV7SxqldCxjD7U
+26EtuE3ddb1MJks75ogeBvEKr3sHhiDUk278CDVoQuyMF/s7Tm5jPkxLrk0eNaV
32PtyECNjMQWigyBwmlrdcalvsvQtDs3agPrV5iUts//i9JqvuSoM1j3vi7j1Uba
ZvTT/ICznUDskLHMjkgY7UdOUmF4KYuMBc4ZDrAgqWixAusKbpDYx+eGenQLRhK4
ysFW5hbVvarqPQWvmC31ivwJ/pZ2riZGsmKKjwBXcQ6cOe/7f/2OQOQshjTS6JZM
690ZMx7DPnodXtOkeWRRCvqP8q9PsQYMbaCkl9Q6vLuEgGHzxi/0cWKPaZ0hnTg=
=/dV5
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] relay behind reverse proxy
  - From: efkin

References:
- [tor-relays] relay behind reverse proxy
  - From: efkin
- Re: [tor-relays] relay behind reverse proxy
  - From: s7r
- Re: [tor-relays] relay behind reverse proxy
  - From: efkin

Prev by Author: Re: [tor-relays] Legal situation of tor in Europe
Next by Author: Re: [tor-relays] relay behind reverse proxy
Previous by thread: Re: [tor-relays] relay behind reverse proxy
Next by thread: Re: [tor-relays] relay behind reverse proxy
Index(es):
- Author
- Thread