Skip to content

Tor-relay setup guide

Warning

The guide was created with Docker in mind, not Podman, as the feasibility of using Podman has not yet been assessed

Pangolin setup guide

Create the initial directory

The pangolin script sets the initial folder to the folder you are currently in pwd. In order to avoid fucking up the directory ~/. the following structure is created: 

mkdir ~/appdata && mkdir ~/appdata/tor-relay
cd ~/appdata/tor-relay

Docker compose

Create the file ~/appdata/tor-relay/docker-compose.yml with the following config:

services:
  tor:
    image: dockurr/tor
    container_name: tor
    ports:
      - 9001:9001
      - 9030:9030
    volumes:
      - ./config:/etc/tor
      - ./data:/var/lib/tor
    restart: always

Create volumes and grant permissions

Create the following directories: 

mkdir config && mkdir data
Now try starting the Docker and see if it gives you only an error about a missing torrc file or if it lack permissions to create or access the files. IIn the second case, follow the bug troubleshooting steps.

sudo docker compose up      # Without -d to see the logs, Ctrl+C to exit
sudo docker compose down    # To get the stack down
Bug

For some reason unknown to me, the container refuses to write to folders and files due to a permissions issue that shouldn't exist. This is because in theory the docker should run with user permissions and not root but, lo and behold, despite the permissions inside the folder already being user, it refuses to start so this step is fundamental. 

sudo chmod -R 777 ../tor-relay

Creation of the torrc file

In the config folder, create the torrc file with the following characteristics:

# =================== /etc/torrc ===================
# Node identification
Nickname ajeje                    # Public name of the relay (change if you want)
ContactInfo example@onionmail.org  # Public email for contacts (will be published)

# Ports and addresses to advertise (listening for incoming connections)
# ORPort: port for connections OR (relay-to-relay and client-to-relay for incoming connections)
ORPort 0.0.0.0:9001               # Usually: 9001 or 443. Format: [IP]:port or port only.
# For IPv6: ORPort [IPv6-address]:9001

# DirPort: port to serve the directory (relay list) to other nodes
DirPort 0.0.0.0:9030              # It is optional but useful for some types of relay/mirror directories

# Node role and client/relay behavior
SocksPort 0                       # Disable local use of Tor as a SOCKS proxy (relay only)
ControlSocket 0                   # Disable socket control (prevent local control via socket)

# Don't be an exit relay
ExitRelay 0                       # Flag legacy to disable exit behavior
ExitPolicy reject *:*             # Exit policy: rejects everything here (no outgoing traffic to the Internet)

# Bandwitch limits
RelayBandwidthRate 10 MBytes      # Guaranteed average speed (relay upload/download limit)
RelayBandwidthBurst 50 MBytes     # Maximum burst allowed

# Memory/Queue Limits
MaxMemInQueues 500 MB             # Limit memory usage for internal queues
# =================== fine /etc/torrc ===================

Info

  • Nickname: Public name of the relay; used in directories.
  • ContactInfo: Email or contact displayed publicly in directories.
  • ORPort: Port on which the relay accepts Tor connections; must be reachable from the outside.
  • DirPort: (optional) Port to serve parts of the directory to clients/relays.
  • SocksPort: SOCKS port for local client use; setting to 0 disables.
  • ControlSocket: Socket for local control (stem/torctl); 0 disables.
  • ExitRelay / ExitPolicy: Prevent the relay from acting as an exit (blocking traffic to the Internet).
  • RelayBandwidthRate / RelayBandwidthBurst: Bandwidth limits to avoid saturating the connection.
  • MaxMemInQueues: Limits memory used for internal queues.