Tuesday, December 2, 2025

Debian 13: part 3 participate your vps, cofigure your vps as tor relay/exit

There 2 type of TOR network you an configure on VPS

  1. Relay
  2. Exit

Minimum system requirement:

  1. CPU 1 vcpu
  2. Ram 512MB (1GB Recommended)
  3. Bandwidth 10 Mbps in & out
  4. Traffic 100 GB in & out
  5. Disk 200 MB 
  6. swap not mention (better twice RAM size) 

Enable Debian 13 auto upgrade

# apt install unattended-upgrades
# systemctl enable unattended-upgrades
# systemctl start unattended-upgrades

Installing tor packages and key

  1. Install require software
    # apt install apt-transport-https gnupg
  2. Create /etc/apt/sources.list.d/tor.list with:
    deb     [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org trixiemain
    deb-src [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org trixie main
  3. installing key and tor
    # wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg >/dev/null
    # apt install tor deb.torproject.org-keyring
    # apt install tor

Note: you can browse using browser https://deb.torproject.org/torproject.org/ if A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc has change 

TOR relay 

TOR relay consider safer way to contribute to TOR network, It does not act as critical point entry or exit network. 

configure your tor relay /etc/tor/torrc:

Nickname    myNiceRelay  # Change "myNiceRelay" to something you like
ContactInfo your@e-mail  # Write your e-mail and be aware it will be published
ORPort      443          # You might use a different port, should you want to
ExitRelay   0
SocksPort   0 

Enable and restart tor service

# systemctl enable tor
# systemctl restart tor

TOR Exit

Exit TOR may have high security risk including breaking law. you need to carefully decide your county's rules where your vps located. Some country has aware with Exit TOR node.  

install unbound dns resolver

  1. install unbound
    # apt install unbound
  2. configure dns resolver using localhost
    # cp /etc/resolv.conf /etc/resolv.conf.backup
    # echo nameserver 127.0.0.1 > /etc/resolv.conf
  3. protect resolver from change
    # chattr +i /etc/resolv.conf
  4. edit unbound configuration
    server:    ...
        qname-minimisation: yes
        ...
  5. enable and restart unbound
    # systemctl enable unbound
    # systemctl restart unbound

Definitely do not use torproject.org as a domain name for your reverse DNS

configure your tor relay /etc/tor/torrc:

Nickname    myNiceRelay  # Change "myNiceRelay" to something you like
ContactInfo your@e-mail  # Write your e-mail and be aware it will be published
ORPort      443          # You might use a different port, should you want to
ExitRelay   1            # it is exit relay
SocksPort   0 

Enable and restart tor service

# systemctl enable tor
# systemctl restart tor

Wait until tor network recognize your node.

Done, now you are on track to run vps as tor volunteer.

Posted by at