Hi!
Does Tor bridge require the same hardware as the relay, or can I use less memory?
Thinking of running a Bridge on VPS, would 512Mb be enough?
Hi!
Does Tor bridge require the same hardware as the relay, or can I use less memory?
Thinking of running a Bridge on VPS, would 512Mb be enough?
Is it in any particular place a bridge does more good? US, EU, Asia?
Should regimes be avoided?
Hello @Guybrush,
Actually most bridge users come from Russia and they are using moat distribution. It would be more useful to put it in Europe for them but otherwise any location works fine.
Hosting a bridge or a relay inside countries with censorship isn’t recommended.
Thanks for running a bridge
Thanks for all the help, really appreciated.
It costs as much for me to set up a relay as a bridge, which does most good?
Hosting a bridge is more interesting and you will help many people (especially in Russia) to access the Tor network and bypass the censorship everyday.
There aren’t as many bridges as relays in the network.
Here you can find the number of bridges and relays :
https://metrics.torproject.org/networksize.html?start=2019-01-01&end=2022-04-30
The anti censorship campaign is still active and the network needs more bridges
Hi!
How do i test my bridge and see that everything is configured correctly?
Do I need to test both ports? (QRPort 443, obfs4 8443)
Just use a Tor Browser and see if you can connect to your own bridge:
You can also check Relay Search after a while
Hi atari, thanks for quick reply!
If I want to use obfs4 port 443 I need to? (From debian guide)
”
sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy`
To work around systemd hardening, you will also need to set NoNewPrivileges=no
in /lib/systemd/system/tor@default.service
and /lib/systemd/system/tor@.service
and then run systemctl daemon-reload
. For more details, see ticket 18356.
”
I do not understand how I should,
to set NoNewPrivileges=no
in /lib/systemd/system/tor@default.service
and `/lib/systemd/system/tor@.service
I tried with nano tor@default.service but it does not seem right.
did you tweak around with the debian-default profiles?
if not, everything should work without “NoNewPrivileges
”-stuff
so this should be enough:
sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
if you installed obfs4proxy from backports (recommended) you should consider this fix for apparmor:
further exploring systemd hardening:
please run:
systemd-analyze security
see also:
Hi!
I cant get obfs port 443 to work but obfs port 8080 works fine.
Maybe it’s because the obfs port is lower than 1024.
Easiest solution for me is to use a port higher than 1024. Any special port recommended?
did you use backports? if so you’ll have to do the setcap
again to make 443 work
apt list --installed =
obfs4proxy/bullseye-backports,now 0.0.13-1~bpo11+1 amd64 [installed]
and after
setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy
Correct?
Grateful for your help
correct - setcap with sudo or as root.
afterwards the obfs4proxy on 443 should work…
you can have a look with “netstat -tlnp
” if something already is listening on that port and it doesn’t work because of that
Works now!
I needet to run,
"To work around systemd hardening, you will also need to set NoNewPrivileges=no
in /lib/systemd/system/tor@default.service
and /lib/systemd/system/tor@.service
and then run systemctl daemon-reload
"
I was easy to configure VPS with “Commander One PRO” on MacOS
I think this feature was an easy way to test that bridge obfs4 port 443 work, can recommend it.
Thanks atari also for your tips.
Hello
I do not know if you have seen this possibility of control
This service allows you to test whether your obfs4 bridge port is accessible to the rest of the world. Enter the IP address of your bridge (place the IPv6 addresses in square brackets) and the obfs4 port, then click “Scan”. The service will then attempt to establish a TCP connection with your bridge and let you know if it was successful.
Link: