Linux noob spinning up a Relay for the first time

kaddaj · 2024-06-20T20:19:24.758Z

I fired up a Relay on one of the Linux servers. I want to add a few more Relays but is this correctly made? It shows me 500 Outbound and 150 Inbound connections but constantly only 5-10KB/s. Also is there any “auto deploy” way for tor relays? Ubuntu/Debian only got way old versions of Tor so adding and editing files was kinda hard for me and not doable only through command prompt.

image915×505 62.5 KB

capole · 2024-06-21T11:06:17.833Z

kaddaj:

It shows me 500 Outbound and 150 Inbound connections but constantly only 5-10KB/s

This is expected. Read more about a relay lifecycle.

kaddaj:

Also is there any “auto deploy” way for tor relays?

You may have a look at relayor, some operators have developed some interesting tools for the community.

sunshinecowboy · 2024-06-22T17:30:03.242Z

For a guided to relay setup see my auto relay script: Debian-Tor/autotorrelay.sh at main · sunshinecowboy/Debian-Tor · GitHub

kaddaj · 2024-06-24T20:34:29.853Z

With this one I see Fail2Ban gets enabled too. Is it recommended to run it?

capole · 2024-06-24T21:52:47.680Z

That depends on your case. No pun intended for @sunshinecowboy but the script lacks Tor’s repositories. Therefore, if you haven’t configured them before, you will be installing an EOL version of Tor and your relay wont be usable. This happens because the Tor package on the main repository of Debian is out of date. I’m working on a guided setup script myself, it is quite complete and almost finished. I plan to release it soon.

Using Fail2Ban is up to you and it is useful if you have ports open for any particular service at all times, such as ssh, nginx…

It is much preferable to set up a VPN connection with WireGuard, TailScale or the one you like the most. Or, as in my case, use port-knocking. Port-knocking allows to have SSH (or any other service port) closed all the time, rejecting or dropping (depends on your policy) packets, and only open it by sending the correct TCP/UDP packets (with or without flags enabled) to some ports you only know, only then, the port will accept just from your IP and still reject/drop others.

sunshinecowboy · 2024-06-25T12:53:15.987Z

This is because I run Debian Trixie repositories which are updated. I will take your suggestion and add the Tor repository for those running base Debian systems.

kaddaj · 2024-06-25T19:05:53.575Z

Last noob question from me:
What is the limiting factor of a tor relay? Im running a relay and its hitting around 15MB/s each way. I should easily reach 50MB/s per way. In NYX I see that the CPU is running with 130.9% tor and 7.5% nyx. I got a VPS with 4 vCores. Memory is hitting around 10%.

So if i want to hit higher rates i should go with a 8vCore server or one without shared ressources?

CPU in question: AMD EPYC 7502 32-Core Processor
AES is contained in /cpuinfo as in Tor Project | Relay requirements

atari · 2024-06-26T09:10:08.233Z

in this case the limiting factor is the shared CPU i guess.
try using more tor instances to make use of the 4 CPUs: e.g.
https://manpages.debian.org/bookworm-backports/tor/tor-instance-create.8.en.html

sunshinecowboy · 2024-06-26T14:06:32.943Z

Yes, CPU is typically the limiting factor. However, other relays you’re connected to can also bottleneck the speed.