Tor (The Onion Router) stands as one of the internet's most important privacy tools, helping millions of people around the world access information freely and communicate securely.
This decentralized network enables anonymous communication by directing internet traffic through a worldwide network of volunteer relays, concealing users' locations and usage patterns from surveillance and traffic analysis.
Behind this privacy friendly network are thousands of volunteer-run relay nodes that form the backbone of Tor's infrastructure. These relay nodes, and those that run them, are what Tor rely on to continue to function.
If you're passionate about a free internet, running a Tor relay node is a great way to contribute, and setting up a Tor relay doesn't have to be complicated. With the right server infrastructure and a straightforward configuration process, you can have your relay contributing to the Tor network in no time. In this guide, we'll explain how. Let's dive in.
Understanding Tor and how it protects privacy
Tor works by routing your connection through multiple encrypted layers (like layers of an onion, hence the name).
When you connect to a website through Tor, your traffic is encrypted and passes through at least three different relays before reaching its destination. Each relay only knows the identity of the relay that came before it and the one that comes after it - no single relay knows both the origin and destination of the data.
Why Tor matters for internet freedom
Tor serves several critical functions in today's internet landscape:
- Privacy protection: It prevents websites and network observers from tracking your browsing habits
- Censorship circumvention: It helps users in restricted regions access blocked content
- Anonymous communication: It enables whistleblowers, journalists, activists, and more to communicate without exposing their identities
- Protection for vulnerable users: It safeguards individuals who may face persecution for their online activities
Understanding Tor relay types and their importance
Before diving into the setup process, it's helpful to understand the different types of Tor relays and their roles within the network.
Middle relays vs. guard relays vs. exit relays
Tor's network architecture uses three types of relays to route traffic:
- Guard (entry) relays: The first hop in the Tor circuit, receiving connections directly from Tor users
- Middle relays: The second hop, passing traffic between guard and exit relays
- Exit relays: The final hop, where traffic exits the Tor network to the regular internet
While exit relays are crucial to the network, they come with significant legal and operational considerations since the traffic leaving these nodes appears to come from your IP address.
Most hosting providers prohibit running exit relays due to these concerns. However, running guard or middle relays remains an excellent way to contribute to the network without the complications of exit traffic. If you're interested in running an exit relay, please see the dedicated section later in this guide.
Note: While xTom allows entry and middle relays, unfortunately we don't allow exit relays at this time.
Why run a Tor relay?
Running a Tor relay contributes to:
- Strengthening the privacy and security of the Tor network
- Improving network capacity and speeds for all Tor users
- Supporting internet freedom and anti-censorship efforts
- Building a more decentralized internet
How to set up a Tor relay
Step 1: Choose the right infrastructure
For a successful Tor relay, look for:
- Sufficient bandwidth (at least 10 Mbps, preferably more)
- Sufficient monthly data transfer allowance
- Reliable uptime
- A good network
xTom's dedicated servers offer excellent network connectivity with guaranteed resoruces, making them perfect for high-capacity relays. Though for many, V.PS's (xTom's VPS brand) NVMe-powered KVM virtual private servers can provide a good balance of performance and cost.
Note: Going forward, I've selected Debian/Ubuntu and RHEL 8/9 as the operating systems to focus on in this guide (all of which are a great choice for a Tor relay), but for a full list of supported operating systems, check out the Tor documentation here.
Step 2: Set up your server
Once you've provisioned your server, connect via SSH and update your system:
# For Debian/Ubuntu
sudo apt update
sudo apt upgrade -y
# For RHEL 8
sudo yum update -y
sudo yum upgrade -y
# For RHEL 9
sudo dnf update -y
sudo dnf upgrade -y
Step 3: Install Tor
For Debian/Ubuntu
The recommended way to install Tor is through the Tor Project's official repository:
# Add the Tor repository
sudo apt install apt-transport-https -y
echo "deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/tor.list
# Add the GPG key
wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | sudo tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
# Update and install
sudo apt update
sudo apt install tor deb.torproject.org-keyring -y
For RHEL 8
# Add the EPEL repository
sudo yum install epel-release -y
# Install Tor
sudo yum install tor -y
For RHEL 9
# Add the EPEL repository
sudo dnf install epel-release -y
# Install Tor
sudo dnf install tor -y
Step 4: Configure your Tor relay
Edit the Tor configuration file:
# For all systems
sudo nano /etc/tor/torrc
Add the following configuration, adjusting the values as desired:
# Basic relay configuration
Nickname YourRelayName # Choose a unique name
ContactInfo [email protected] # Optional but recommended
ORPort 443 # The port for Tor traffic, 443 often works best
# Relay type configuration (non-exit)
ExitRelay 0
ExitPolicy reject *:* # Explicitly reject all exit traffic
# Resource limits
RelayBandwidthRate 10 MB # Committed bandwidth
RelayBandwidthBurst 20 MB # Maximum burst bandwidth
AccountingMax 20 TB # Monthly data cap
AccountingStart month 1 00:00 # Reset accounting on the 1st of each month
# Miscellaneous settings
DisableDebuggerAttachment 0
Step 5: Start and enable your Tor relay
For Debian/Ubuntu
# Start Tor service
sudo systemctl start tor
# Enable Tor to start on boot
sudo systemctl enable tor
# Check the status
sudo systemctl status tor
For RHEL 8/9
# Start Tor service
sudo systemctl start tor
# Enable Tor to start on boot
sudo systemctl enable tor
# Check the status
sudo systemctl status tor
Step 6: Configure firewall
For Debian/Ubuntu (UFW)
sudo ufw allow 443/tcp
sudo ufw reload
For RHEL 8/9 (firewalld)
sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reload
Step 7: Monitor your Tor relay
Check your logs to ensure everything is working properly:
# For systems using systemd (Debian, RHEL 7/8)
sudo journalctl -u tor@default -f
# or
sudo journalctl -u tor -f
# Alternative for all systems
sudo tail -f /var/log/tor/notices.log
Step 8: Verify your Tor relay is working
After about 3 hours, check if your Tor relay is working properly by visiting the Tor Metrics website and searching for your Tor relay's nickname.
To see how your Tor relay is performing, you can use tools like:
- Tor Metrics: Search for your relay's nickname
- Relay Search: More detailed relay information
- Nyx: A command-line monitor for Tor
Setting up and running a Tor exit relay
Exit relays are the critical final nodes in the Tor circuit that connect to the destination websites. They require special consideration due to their higher risk profile and operational requirements.
Understanding the risks and responsibilities
Before running an exit relay, understand these key points:
- Legal considerations: Since the traffic appears to originate from your IP address, you may receive DMCA notices, abuse complaints, or even legal inquiries.
- Resource requirements: Exit nodes typically require more bandwidth and administrative attention than non-exit relays.
- Provider restrictions: Many hosting providers, including most standard VPS providers, prohibit exit relays in their terms of service.
Finding a suitable hosting environment
For exit relays, you'll need:
- A provider that explicitly allows Tor exit traffic
- Ideally, a dedicated IP address range
- A provider with experience handling abuse complaints
- A hosting location with favorable legal conditions
Note: While xTom allows entry and middle relays, unfortunately we don't allow exit relays at this time.
Configuration for exit relays
To configure an exit relay, you'll need to modify your torrc file with an appropriate exit policy:
# Basic exit relay configuration
ExitRelay 1
# A more restrictive exit policy allowing common ports
ExitPolicy accept *:80
ExitPolicy accept *:443
ExitPolicy reject *:*
# Contact information is especially important for exit relays
ContactInfo [email protected]
# Consider using a separate DNS resolver
DNSPort 5353
Operating an exit relay safely
When running an exit relay:
- Set up automated monitoring to quickly address issues
- Create a clear website on your server's IP explaining that you're running a Tor exit node
- Keep logs minimal to protect user privacy
- Have a process for handling abuse complaints
- Stay up-to-date with Tor Project recommendations for exit operators
Legal documentation
The Tor Project provides helpful templates for responding to complaints and explaining the nature of exit relays to those who may not understand the technology.
Keep these resources handy:
TLDR: Running an exit relay is one of the most valuable contributions you can make to the Tor network, but it requires more resources and attention than other relay types.
Conclusion
Running a Tor relay is a meaningful way to support online privacy and freedom.
Tor's role in protecting privacy has never been more important in our increasingly surveilled world. By operating a relay, you're directly contributing to a network that enables free speech, protects vulnerable populations, and preserves the open internet.
If you're looking to set up a Tor relay, xTom provides the perfect foundation with our dedicated servers featuring generous bandwidth allowances, NVMe-powered V.PS virtual servers , or even colocation services if you prefer to use your own hardware. Our global network presence and commitment to privacy-friendly services make us an ideal partner for your Tor relay project.
Thanks for reading, and here's to a free internet!
Frequently asked questions about Tor relays
What exactly is Tor and how does it work?
Tor (The Onion Router) is a privacy network that encrypts your internet traffic and routes it through a series of relays around the world. This process makes it difficult for anyone to track your activity or location. The encryption happens in layers (like an onion), with each relay only knowing a small part of the route.
Is running a Tor relay legal?
Yes, running a Tor relay is legal in most countries (though, you should make sure of your own countries stance on Tor before running a relay). Also, middle and guard relays simply pass encrypted traffic and don't allow connections to the regular internet from your IP address.
How much bandwidth does a Tor relay use?
This depends on your configuration. You can limit your relay to use as little as a few GB per day or allow it to use as much as your connection permits.
Will running a Tor relay get me in trouble with my hosting provider?
Not when using xTom's services with properly configured non-exit relays. xTom allows Tor relay traffic on their network. For other providers, we suggest asking first before running a Tor relay.
How powerful does my server need to be?
Even a basic VPS from xTom's V.PS service can run a small Tor relay. For larger relays, xTom's dedicated servers will provide better performance.
Can I run multiple relays?
Yes, you can run multiple relays on different servers. This is actually encouraged as it helps the network's diversity and resilience.