Hardware för Bridge?

Hi!

Does Tor bridge require the same hardware as the relay, or can I use less memory?

Thinking of running a Bridge on VPS, would 512Mb be enough?

Hi @Guybrush,

Yes, 512 MB of RAM is enough. Thanks for running a Tor bridge! :slight_smile:

4 Likes

Is it in any particular place a bridge does more good? US, EU, Asia?

Should regimes be avoided?

Hello @Guybrush,

Actually most bridge users come from Russia and they are using moat distribution. It would be more useful to put it in Europe for them but otherwise any location works fine.

Hosting a bridge or a relay inside countries with censorship isn’t recommended.

Thanks for running a bridge :100:

5 Likes

Thanks for all the help, really appreciated.

It costs as much for me to set up a relay as a bridge, which does most good?

2 Likes

Hosting a bridge is more interesting and you will help many people (especially in Russia) to access the Tor network and bypass the censorship everyday.
There aren’t as many bridges as relays in the network.

Here you can find the number of bridges and relays :
https://metrics.torproject.org/networksize.html?start=2019-01-01&end=2022-04-30

The anti censorship campaign is still active and the network needs more bridges :slight_smile:

4 Likes

Hi!

How do i test my bridge and see that everything is configured correctly?

Do I need to test both ports? (QRPort 443, obfs4 8443)

Just use a Tor Browser and see if you can connect to your own bridge:

You can also check Relay Search after a while

6 Likes

Hi atari, thanks for quick reply!

If I want to use obfs4 port 443 I need to? (From debian guide)


sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy`

To work around systemd hardening, you will also need to set NoNewPrivileges=no in /lib/systemd/system/tor@default.service and /lib/systemd/system/tor@.service and then run systemctl daemon-reload . For more details, see ticket 18356.

I do not understand how I should,

to set NoNewPrivileges=no in /lib/systemd/system/tor@default.service and `/lib/systemd/system/tor@.service

I tried with nano tor@default.service but it does not seem right.

did you tweak around with the debian-default profiles?
if not, everything should work without “NoNewPrivileges”-stuff

so this should be enough:
sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy

if you installed obfs4proxy from backports (recommended) you should consider this fix for apparmor:


further exploring systemd hardening:
please run:
systemd-analyze security

see also:

4 Likes

Hi!

I cant get obfs port 443 to work but obfs port 8080 works fine.

Maybe it’s because the obfs port is lower than 1024.

Easiest solution for me is to use a port higher than 1024. Any special port recommended?

1 Like

did you use backports? if so you’ll have to do the setcap again to make 443 work

1 Like

apt list --installed =
obfs4proxy/bullseye-backports,now 0.0.13-1~bpo11+1 amd64 [installed]

and after
setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy

Correct?

Grateful for your help

1 Like

correct - setcap with sudo or as root.
afterwards the obfs4proxy on 443 should work…

you can have a look with “netstat -tlnp” if something already is listening on that port and it doesn’t work because of that

5 Likes

Works now!

I needet to run,
"To work around systemd hardening, you will also need to set NoNewPrivileges=no in /lib/systemd/system/tor@default.service and /lib/systemd/system/tor@.service and then run systemctl daemon-reload"

I was easy to configure VPS with “Commander One PRO” on MacOS

2 Likes

I think this feature was an easy way to test that bridge obfs4 port 443 work, can recommend it.

Thanks atari also for your tips.

2 Likes

Hello
I do not know if you have seen this possibility of control :thinking:

This service allows you to test whether your obfs4 bridge port is accessible to the rest of the world. Enter the IP address of your bridge (place the IPv6 addresses in square brackets) and the obfs4 port, then click “Scan”. The service will then attempt to establish a TCP connection with your bridge and let you know if it was successful.

Link:
:point_down:

TCP Accessibility Test

1 Like