|
Hi, here is it. Please, feel free to contribute to it.
Running a Tor Server in Windows
- Download latest Tor Browser Bundle.
- Install to c:\tor
- Create a temporary folder on your Desktop and name it "server".
- Copy all files from C:\Tor\Browser\TorBrowser\Data\Tor to the "server" folder on the Desktop.
- Browse to C:\Tor\Browser\TorBrowser\Tor; delete the folder "PluggableTransports" and it content.
- Copy all files from C:\Tor\Browser\TorBrowser\Tor to the "server" folder on the Desktop.
- Browse to C:\Tor and delete everything inside that folder. C:\Tor should be completely empty at this point.
- Move all files from the "server" folder on your Desktop to C:\Tor
- Browse to C:\Tor and create a new folder named "datadir".
- Create a new text file in C:\Tor named "notices" (I myself use notices.log but we want to keep it simple for users who may not know how to change the file extension from .txt to .log)
- Edit C:\Tor\torrc file: (this could be the torrc-defaults file and all its comments). Note that the sample below is just for references. Each user needs to define her/his own parameters based on their own needs and that's impossible for me to cover in a single file for everyone. Hence, each parameter should be included in the torrc-defaults with due comments to be used as reference. Also, noted that I'm using IPv4 geoip by default. Users using IPv6 should define geoip6 in their torrc file. Then again, I cannot use a single sample file for all deployments. The defaults file should be used as reference once again.
DataDirectory .\datadir
Log notice file .\notices.txt
GeoIPFile .\geoip
AvoidDiskWrites 1
SocksPort 0
ORPort 9001
DirPort 9030
ExitPolicy reject *:*
Nickname
RelayBandwidthRate
RelayBandwidthBurst
Up until this point, all I've written is nothing more than using the default Tor Bundle to create a "Server" package. All steps above could be made easier for users if a "Tor Windows Server" package was available for download on the Tor Project or somewhere else. I refuse the idea of creating such package myself to distribute it since many packages could start floating on the net and bad intentioned people could bundle them with arbitrary code, viruses and so on. A Windows Installer package can be built for distribution though.
Next, I will address the two main things we need to run tor as a Windows service (server):
1- Install Tor as Windows Service.
2- Security (Isolating the Tor service).
Install Tor as Windows Service
I personally use nssm (Non-Sucking Service Manager) myself to register the service but feel free to use default Windows tools for registering Tor service if you believe so. Anyways, irrespective the tool used to register the Tor service, we just need the following:
Service: C:\Tor\tor.exe
Name: TorServer
Parameters: -f C:\Tor\torrc
Start the TorServer service and everything should just work at this point. The datadir directory will be populated with tor files once started and the notices.txt file will also reflect so.
Security (Quick explanation - We can go into details later)
- Create a Standard user account and name it Tor with a strong password.
- Policies:
1- Deny access to this computer from the network
2- Deny log on locally
3- Deny log on through Remote Desktop Services
- NTFS Permissions for Tor windows user account:
1- Read/Write permissions to datadir folder
2- Read/Write permissions to notices.txt or (notices.log) file
- Open Services, Start -> Run -> type "services.msc" without quotes, press enter and your Services window will pop up. Scroll down and find the TorServer service and double click it. Move to the Log On tab and set the “Log on as: This account: .Tor. Enter the strong password for the Tor user account in the password field and apply changes. Restart the service and now Tor will be running in its own isolated/limited account in Windows.
On 2014-11-04 18:06, Rafael Rodriguez wrote:
Does the mailing list accept images in emails? The process is rather simple but screenshots in a how-to is what makes it easy for not technical people.
I will be posting the process to this mailing list in a few.
On 2014-11-04 17:25, Nick Mathewson wrote:
On Fri, Oct 31, 2014 at 4:18 AM, Rafael Rodriguez <rafaelr@xxxxxxxxxx> wrote:
Hello fellows, Where can we contribute (post a guide) to deploy Tor in Windows without the extras unneeded stuff? I was looking for a Tor Server installation guide on Windows to run Tor as a service. I did not wanted to install all the extra browser stuff but a plain "Tor server" service and secure it by giving the service its own limited account and write permissions just to the datadir. Since I couldn't find information online to help me out, I ended up using the latest Tor Browser package and removing everything except Tor itself and deployed it in two Windows servers as services. I would like to post somewhere in the Top project about the process for others to benefit from it.
I'd suggest that you start by posting your process to this mailing
list, so that other folks can add improvements for it. (Though I hope
that expert packages in some form will return soon.)
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
|