Create a ToR Relay

ToR Documentation 👉

Table of Contents

Setup Unattended Upgrades

Once we have a machine with Ubuntu running, we need to update the Repositories and install Unattended Upgrades.

# Update repositories
apt update

#install unattended upgrades
apt-get install unattended-upgrades apt-listchanges

We then need to configure Unattended Upgrades to check for Tor Project Upgrades and enable it to auto-restart unattended when needed.

# open the config file in nano
nano /etc/apt/apt.conf.d/50unattended-upgrades

We will delete this first section:

And replace it with this:

Unattended-Upgrade::Allowed-Origins {
  Unattended-Upgrade::Package-Blacklist {
Unattended-Upgrade::Automatic-Reboot "true";

Save, then close.

Optionally, we are going to edit this second auto-upgrades config file to help in the background by adding the following

nano /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-List "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";

Then, Test the configuration changes by running unattended-upgrade. If successful it should upgrade and restart.

unattended-upgrade --debug

Install ToR

Add Official ToR Repos

apt install apt-transport-https

Find your machine’s Debian version

cat /etc/debian_version

## If you get an error installing torr use this command for the Debian version
lsb_release -c

Create a new sources file

nano /etc/apt/sources.list.d/tor.list

Add these two repos to the new sources file, replace <yourdistor> with your Debian version

deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] <yourdistro> main

deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] <yourdistro> main

Add the ToR GPG Key so we can verify the updates.

wget -qO- | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

Update the repositories and install ToR

apt update

apt install tor

Configure ToR

Open the ToR Config file and add the below:

$nano /etc/tor/torrc


ContactInfo your@e-mail
ORPort 443
ExitRelay 0
SocksPort 0

## The config below has a maximum of 800GB
## (up/down) per month, starting on the 1st
## at midnight
AccountingMax 800 GB
AccountingStart month 1 0:00

ControlPort 9051
CookieAuthentication 1

Enable ToR and Restart ToR

systemctl enable tor

systemctl restart tor

Install Monitoring

Install and run nyx

# Install nyx
apt install nyx

# Run nyx

Tighten the machine security (Optional)

Create a non-sudo user

adduser euser

Edit SSHD file so Root can not ssh in

$ sudo vi /etc/ssh/sshd_config

## Change this line from yes to no
PermitRootLogin no

Restart sshd and then confirm euser can SSH in before disconnecting as root

$ sudo systemctl restart sshd

ssh euser@<serverIP>
Scroll to Top