Comprehensive Guide to Setting Up and Maintaining a Tor Middle Relay on Ubuntu or CentOS

The Tor network is a beacon of privacy and freedom in a world increasingly dominated by surveillance and censorship. By running a Tor middle relay, you can actively contribute to this vital network, enhancing its speed, reliability, and capacity for users worldwide. This guide will explain how to set up and maintain a Tor middle relay on Ubuntu or CentOS, along with tips for supporting the Tor Project and securing your relay.

---

Why Support the Tor Project?

The Tor Project enables anonymous communication, protecting activists, journalists, and ordinary users from tracking and censorship. Supporting the project is not just about preserving privacy—it’s about safeguarding freedom. Here’s how you can contribute:

1. Donate: Financial contributions fund development and infrastructure.
2. Run a Relay: Boost the Tor network’s capacity and performance by operating a relay.
3. Spread Awareness: Educate others about the importance of online privacy and Tor.

---

What is a Tor Middle Relay?

A middle relay is a critical part of the Tor network. Unlike exit relays, which interact directly with the internet, middle relays securely pass encrypted data between other relays. They provide anonymity to users without exposing you to legal risks often associated with exit relays.

---

Requirements for Running a Tor Middle Relay

Hardware and System Requirements

• A reliable internet connection (minimum 1 Mbps upload/download; higher is better).
• A server with at least 2 GB RAM, 20 GB disk space, and a dual-core processor.
• A static IP address (not mandatory but highly recommended).
• Linux operating system: Ubuntu 20.04, Ubuntu 22.04, or CentOS 8/Stream.

Legal Considerations

• Understand the laws in your country regarding operating Tor relays.
• Middle relays are typically low-risk, as they do not route traffic to external websites.

Bandwidth Considerations

• Allocate sufficient bandwidth. The more bandwidth you dedicate, the more traffic your relay can handle, improving the network for everyone.

---

Step-by-Step Guide: Setting Up a Tor Middle Relay

This guide covers the setup on both Ubuntu and CentOS.

---

1. Install a Linux Server

If you don’t already have a Linux server, choose a cloud provider like One Provider’s One Cloud or Hetzner or use a dedicated machine at home.

Update the System

Ubuntu:

sudo apt update && sudo apt upgrade -y

CentOS:

sudo yum update -y

Install Essential Tools

Ubuntu:

sudo apt install curl wget gnupg ufw -y

CentOS:

sudo yum install curl wget epel-release firewalld -y

---

2. Add the Tor Repository

For Ubuntu

1. Add the Tor Project’s GPG key: sudo apt install -y gnupg curl https://deb.torproject.org/torproject.org/policy/torbrowser.asc | sudo gpg --import
2. Add the repository: echo "deb https://deb.torproject.org/torproject.org $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/tor.list
3. Update and install Tor: sudo apt update sudo apt install -y tor deb.torproject.org-keyring

For CentOS

1. Enable the EPEL repository: sudo yum install epel-release -y
2. Install Tor from the Fedora Copr repository: sudo dnf install dnf-plugins-core -y sudo dnf copr enable @torproject/tor -y sudo dnf install tor -y

---

3. Configure the Tor Relay

Open the Tor configuration file:

sudo nano /etc/tor/torrc

Add or modify the following settings:

Basic relay configuration

RunAsDaemon 1
ORPort 9001
SocksPort 0
ExitRelay 0 # Disable exit relay functionality
RelayBandwidthRate 1 MB # Limit bandwidth to 1 MB/s
RelayBandwidthBurst 2 MB # Burst bandwidth limit

Server identity

Nickname YourRelayNickname
ContactInfo YourEmail@example.com

Directory for relay data

DataDirectory /var/lib/tor

Save the file and restart Tor:

Ubuntu:

sudo systemctl restart tor

Centos
sudo systemctl restart tor

Verify Tor is running:
sudo systemctl status tor

---

4. Open Ports in the Firewall

Ubuntu

1. Allow incoming traffic on the ORPort (default 9001): sudo ufw allow 9001
2. Enable the firewall: sudo ufw enable
3. Verify the firewall status: sudo ufw status

CentOS

1. Allow the ORPort through firewalld: sudo firewall-cmd --permanent --add-port=9001/tcp sudo firewall-cmd --reload
2. Verify open ports: sudo firewall-cmd --list-ports

---

5. Monitor Your Relay

• Install nyx, a Tor monitoring tool: Ubuntu: sudo apt install nyx -y CentOS: sudo yum install nyx -y
• Run the tool: nyx
• Check your relay’s status on the Tor Metrics page.

---

Tips for Hardening Your Tor Relay

1. Regular Updates: Keep your system updated to patch vulnerabilities. sudo apt update && sudo apt upgrade -y # Ubuntu sudo yum update -y # CentOS
2. Restrict SSH Access:
   • Disable password logins and use SSH keys: ssh-keygen -t rsa -b 4096
   • Change the default SSH port from 22 to something else.
3. Run Tor in a Sandbox: Add Sandbox 1 to the torrc file for additional isolation.
4. Monitor Logs: Regularly review logs for unusual activity: sudo journalctl -u tor
5. Isolate Services: Use virtualization or containerization (e.g., Docker) to run Tor separately from other services.

---

Maintaining Your Tor Relay

1. Monitor Bandwidth Usage: Ensure your relay is not exceeding your ISP’s bandwidth cap.
2. Engage with the Community: Join forums and discussions to stay updated on best practices.
3. Contribute Back: Share your experiences and help others set up their relays.

---

Supporting the Tor Project Beyond Relays

1. Donate: Visit https://donate.torproject.org to contribute financially.
2. Educate Others: Spread awareness about Tor and its importance in preserving online privacy.
3. Run an Exit Relay: If you’re confident in managing a relay and understand the legal implications, consider running an exit node.

---

Conclusion

Setting up a Tor middle relay is an impactful way to support the Tor network and the principles of online privacy and freedom. With this guide, you now have the tools to configure and maintain a relay on Ubuntu or CentOS. Remember to prioritize security and stay engaged with the Tor community to maximize your contribution. Together, we can help create a safer, freer internet for everyone.