New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tor Relay Operator #72

Open
sqrrm opened this Issue Jun 29, 2018 · 19 comments

Comments

Projects
None yet
5 participants
@sqrrm
Member

sqrrm commented Jun 29, 2018

Docs:
Team: @bisq-network/tor-relay-operators
Primary owner: @sqrrm


As discussed in bisq-network/proposals#15 (comment)

The tor relay operator should keep a tor relay running with reasonable stats on https://metrics.torproject.org/rs.html#search

To be eligible for compensation the operator should:

  • be a regular contributor to bisq
  • announce their intention to run relay nodes here
  • link to stats for node showing reasonable consensus weight

Installation

There are instructions on how to set up a relay at https://trac.torproject.org/projects/tor/wiki/TorRelayGuide and a tool to locally manage multiple relays at https://github.com/nusenu/ansible-relayor

Example

I followed the guide at https://medium.com/@nusenu/deploying-tor-relays-with-ansible-6612593fa34d
Setting up relays on three VPSs with 2GB RAM (probably overkill) and 20GB SSD (definitely more than needed). The VPSs run ubuntu 16.04.

From the control machine which would typically not be running tor relays itself (my local laptop in my example)

sudo apt-add-repository ppa:ansible/ansible
sudo apt update

// On control machine: (ubuntu 16.04 in my example)
apt install ansible tor python-netaddr

// If tor is not needed on the control machine
systemctl disable --now tor

// Add config files
sqrrm@sqrrm:~ $ cat ~/.ansible.cfg 
[defaults]
inventory = ~/ansible/hosts
roles_path = ~/ansible/roles

sqrrm@sqrrm:~ $ cat ~/ansible/hosts 
[relays]
relay2.sqrrm.net
relay3.sqrrm.net
relay4.sqrrm.net

// Install relayor
ansible-galaxy install nusenu.relayor

// Add role
sqrrm@sqrrm:~ $ cat ~/ansible/roles/sqrrm-relay.yml 
---

- hosts: relays
  remote_user: relay
  vars:
    tor_ContactInfo: sqrrm@tutanota.com
    tor_signingkeylifetime_days: 90
    tor_nickname: sqrrm
    tor_IPv6: False
  roles:
   - nusenu.relayor

// Install relays
ansible-playbook ~/ansible/roles/sqrrm-relay.yml --ask-sudo-pass

All relays should now be up and running, two per VPS.

@sqrrm

This comment has been minimized.

Member

sqrrm commented Jun 29, 2018

I'm running https://metrics.torproject.org/rs.html#details/D4FBE51BC35C3921F31B6E561FD8C07BC56F9D71 which I will use as a baseline for what reasonable relay node stats would be. This setup costs about USD6 per month.

@sqrrm

This comment has been minimized.

Member

sqrrm commented Jun 30, 2018

Using https://github.com/nusenu/ansible-relayor I have now setup 6 more relays on 3 VPSs, 2 per instance according to recommendations from the Tor relay guide.

I've tried this before but it didn't work properly but with the newest ansible-relayor it might be better. Hopefully this works as it seems like a much more solid way to manage relays.

@HarryMacfinned

This comment has been minimized.

HarryMacfinned commented Jul 1, 2018

Little technical question:
I have seen some low-cost VPS, located in Asia, but there is a little lag. Little but however existent.
I suppose this is a problem for using such VPS as a tor-relay ?

@sqrrm

This comment has been minimized.

Member

sqrrm commented Jul 1, 2018

I think it's more important to spread the relays but maybe it's no good if there is too much lag. Typically the Tor community recommends spreading out the relays as much as possible and Africa in particular is under represented and I think Asia could also use more relays. If you're in the mood you should try it out and see if you get any usage.

@HarryMacfinned

This comment has been minimized.

HarryMacfinned commented Jul 1, 2018

In fact, I had a look 6 months or one year ago, but I read that the install was rather complicated (?), so I didn't try.
But reading your posts here makes me rethink.

Here, from Europe, I experimented sure lag with a VPS in Asia (thru ssh).
But maybe/probably for Asia/Asia usage, there is no lag (?).

@sqrrm

This comment has been minimized.

Member

sqrrm commented Jul 1, 2018

@HarryMacfinned That's probably part of the lag at least. If you want to just setup a single relay to test follow the Tor Relay Guide. I added a link in the initial comment. It's not hard if you're already comfortable setting up your own linux VPS.

@sqrrm

This comment has been minimized.

Member

sqrrm commented Jul 30, 2018

2018.07 report

This was the first month running tor relays and asking compensation. The relays I run can be found at https://metrics.torproject.org/rs.html#search/sqrrm and specifically
https://metrics.torproject.org/rs.html#details/D4FBE51BC35C3921F31B6E561FD8C07BC56F9D71
https://metrics.torproject.org/rs.html#details/1B9C26C1DAB190EAD3EBADB70914E0949ADC2588
https://metrics.torproject.org/rs.html#details/EE556626236B477A40770AACDE5BB140006EFB4D
https://metrics.torproject.org/rs.html#details/8C3AD2C2AAF7F7B7E92B81F13C1A9267B39416DA
https://metrics.torproject.org/rs.html#details/406788A9108C14F10067BE7960985EB2EC8224D2
https://metrics.torproject.org/rs.html#details/793ED35AA169BB4269CD49A31ABE35E05A960C96
https://metrics.torproject.org/rs.html#details/ACEC94B015533531CEE55DBF6FE0AAC36B21174A

They are all > 4MB/s now. The first one is running on its own server and has been running for several months, it's also used as guard. The other 6 are sharing a server for two instances and only started running for this month. I'm not sure why they're not yet used as guards, could be they're still too new.

@sqrrm sqrrm referenced this issue Jul 30, 2018

Closed

For July 2018 #97

@sqrrm

This comment has been minimized.

Member

sqrrm commented Aug 31, 2018

2018.08 report

All relays have been running without any trouble, see https://metrics.torproject.org/rs.html#search/sqrrm

I think it's a good thing we support relay nodes considering how dependent bisq is on the tor network, would be good if some more people were to run them.

@sqrrm sqrrm referenced this issue Aug 31, 2018

Closed

For August 2018 #113

@ManfredKarrer

This comment has been minimized.

Member

ManfredKarrer commented Sep 1, 2018

@sqrrm Could you provide some info how to get a Tor relay node setup? System requirements, install scripts,...

@alexej996

This comment has been minimized.

Member

alexej996 commented Sep 14, 2018

@ManfredKarrer it is really simple to be honest. You just need to install Tor with "apt-get install tor", uncomment "RunAsDeamon 1" and "ORPort 9001" option in /etc/tor/torrc.

Those two are the only required options, but of course there are all kinds of nice little options under that "just for relays" section in torrc file. You can setup a DNS address so the relay isn't just known by the IP, you can setup a nickname for the node so you can recognize it by more then just a fingerprint.
Adding contact info is also cool so they can contact you if something is wrong.

Only options that is concerning security is the "MyFamily" option where you list fingerprints of your other nodes.
The rest is just some specifics if you want. For example uncommenting "DirPort" if you got decent bandwidth.

Personally I would love to run a relay on a VPS one day, as I like running them whenever I am in position to do so, at least a bridge if nothing else, but currently I am not is position to do so for Bisq.
I am looking forward to it in future though.

@sqrrm

This comment has been minimized.

Member

sqrrm commented Sep 28, 2018

2018.09 report

All relays have been running without any trouble at reasonable rates, see https://metrics.torproject.org/rs.html#search/sqrrm

Added installation instructions in issue description #72 (comment)

@clearwater-trust

This comment has been minimized.

Member

clearwater-trust commented Oct 6, 2018

I decided to run a couple of tor relays after reading this role and recent forum post https://bisq.community/t/how-to-deal-with-repeated-tor-problems/6334/

My goal is to better understand bisq, the dao, and how i might be able to help. This seems like a good place for me to start.

https://metrics.torproject.org/rs.html#details/038D03689EE87ADA0224ED0671C109506039A8B5
https://metrics.torproject.org/rs.html#details/615F7FAEF7F23DFAD24ECC5E09DADE221B37878D

The relays reside on digital ocean. tor specifically names this hosting provider as over-saturated :(

I'm expecting to see advertised bandwidth increase in 72 hours according to tor documentation.

Admittedly, low hanging fruit. But you have to start somewhere.

@ManfredKarrer

This comment has been minimized.

Member

ManfredKarrer commented Oct 7, 2018

@clearwater-trust Great thanks!

@sqrrm

This comment has been minimized.

Member

sqrrm commented Oct 23, 2018

@clearwater-trust It might be low hanging fruit but you're the first to do it after the role was created, good initiative.

I noticed 188.166.21.247:9001 (clearwatertrustx2) has been down for a few days, in case you're not aware.

@clearwater-trust

This comment has been minimized.

Member

clearwater-trust commented Oct 23, 2018

@sqrrm thanks for the heads up! I'm serving bisq.shop from the vps and probably need to run the relay elsewhere. I switched the relay off in the interim.

@ManfredKarrer

This comment has been minimized.

Member

ManfredKarrer commented Oct 23, 2018

@sqrrm It would be good if we communicate a bit more in our community as well it the Tor community that we support Tor relay nodes by paying BSQ.

@sqrrm

This comment has been minimized.

Member

sqrrm commented Oct 29, 2018

2018.10 report

I have run 7 relays on 4 servers. All relays have been running without any trouble at reasonable rates, see https://metrics.torproject.org/rs.html#search/sqrrm

@sqrrm sqrrm referenced this issue Oct 29, 2018

Closed

For October 2018 #145

@sqrrm

This comment has been minimized.

Member

sqrrm commented Nov 29, 2018

2018.11 report

I run 7 relays on 4 servers. This month there was an issue with upgrading to a new tor version. There was some trouble upgrading but all now looks good, see https://metrics.torproject.org/rs.html#search/sqrrm

bisq-network/compensation#173

@sqrrm sqrrm referenced this issue Nov 29, 2018

Closed

For November 2018 #173

@sqrrm

This comment has been minimized.

Member

sqrrm commented Dec 16, 2018

2018.12 report

One of the relays (185.25.51.202) got a complaint and bacloud suspended the service. After explaining that I run a relay and it's possible whoever complained don't understand the activity they thought were port scans I got it unsuspended. It's not exactly clear what caused the complaint but others running relays have had similar issues when the complainer were running a tor client and not understanding the replies. I'm currently monitoring the ip that complained to see if there is any further activity.

Complaint:

To Whom it May Concern,

You have a system on your network that is actively scanning and/or attacking external sites on the Internet. This can come from many sources and because it is often difficult to detect this activity, we are sending this E-mail in an attempt to help you solve the problem.

We have detected your system with an IP of, 185.25.51.202, scanning a client we monitor. This was not a short attack but a prolonged scan and/or probe that was designed to find and intrude into the target network.

This may be someone on your network who is actively trying to hack others. This person may be a legitimate user on your network or it may be that this system has been compromised and is being used by someone to hack others. It is also likely that the system is running automated tools that have been installed to perform these actions without any human intervention.

Below is the information about the attack. Keep in mind that the source IP of our client has been sanitized for anonymity.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment