Install Tor relay on CentOS 7

This is a quick guide to running up a Tor relay on a CentOS 7 server. Firewall config has been omitted, check out these links if you need help with the OS firewall config.
How to setup a firewall using firewalld on CentOS 7
How to migrate from firewalld to iptables on CentOS 7

It’s worth noting that you can score a Tor t-shirt if you run an exit node or relay that satisfies a set criteria:
Tor T-Shirt for contributing!

“Operate a fast Tor relay that’s been running for the past two months: you are eligible if you allow exits to port 80 and you average 250 KBytes/s traffic, or if you’re not an exit but you average 500 KBytes/s traffic.”

Let’s get started.

Create the .repo file below.

vim /etc/yum.repos.d/torproject.repo

[tor]
name=Tor repo
enabled=1
baseurl=https://deb.torproject.org/torproject.org/rpm/el/7/$basearch/
gpgcheck=1
gpgkey=https://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc

[tor-source]
name=Tor source repo
enabled=1
autorefresh=0
baseurl=https://deb.torproject.org/torproject.org/rpm/el/7/SRPMS
gpgcheck=1
gpgkey=https://deb.torproject.org/torproject.org/rpm/RPM-GPG-KEY-torproject.org.asc

Install Tor through yum.


yum -y install tor


Edit the config file for Tor.


vim /etc/tor/torrc

SOCKSPort 0
Log notice file /var/log/tor/notices.log
RunAsDaemon 1
DataDirectory /var/lib/tor
#Listen port
ORPort 443
#IP Address or DNS name of your relay.
Address cheddar.cheese.sexy
#The name of your relay.
Nickname chsxy
#If you're worried about spam then you really don't want to format the email address like I have here.
ContactInfo oh boy suddenly all this spam is going to - [email protected]
DirPort 9058
# no exits allowed.
ExitPolicy reject *:*

Verify the config to make sure there are no issues.

tor -f /etc/tor/torrc --verify-config

Run Tor.

/etc/init.d/tor start
Starting tor...done.
/etc/init.d/tor status
tor (pid 3666) running

Check the log file to make sure everything is running smoothly.

tail -f /var/log/tor/notices.log

Aug 28 04:19:43.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more descriptors: we have 5382/6917, and can only build 50% of likely paths. (We have 77% of guards bw, 79% of midpoint bw, and 81% of exit bw = 50% of path bw.)
Aug 28 04:19:43.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Aug 28 04:19:44.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Aug 28 04:19:44.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Aug 28 04:19:45.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Aug 28 04:19:45.000 [notice] Bootstrapped 100%: Done
Aug 28 04:19:45.000 [notice] Now checking whether ORPort 163.172.170.23:443 and DirPort 163.172.170.23:9058 are reachable... (this may take up to 20 minutes -- look for log messages indicating success)
Aug 28 04:19:45.000 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
Aug 28 04:19:45.000 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent.
Aug 28 04:19:46.000 [notice] Performing bandwidth self-test...done.

After a couple of hours you should be able to see your relay on one of the various index sites!

Here’s mine.

This particular relay is hosted over at Scaleway.

Leave a Reply

Your email address will not be published. Required fields are marked *