waaaaargh · February 12, 2018 17:32
diff --git a/multiple-processes b/multiple-processes
 Managing multiple Tor processes on one host
 ===========================================

 Due to Tor's internal architecture, running only one Tor process per physical
 host is often not enough. As a thumb rule, you should run one Tor process per
 physical CPU core to make full use of the host's CPU power. This, however
 brings with it other difficulties: The tor network limits the number of Tor
 relays per IP in the consensus to 2. Also, the relay nodes should be rechable
 on Port 80 and 443 since those ports are often unfiltered and unblocked.

 1. Preparing Your Host
 ----------------------

 This guide assumes that you have a Host with 4 CPU cores and that the IP
 Addresses x.y.z.11 - x.y.z.15 are routed to it correctly.

 2. Tor Configuration
 --------------------

 Managing multiple Tor processes requires an initscript that is different from
 the one distributed by Tor's Debian Package.

 ```
 # cd /etc/init.d
 # mv tor tor.dist
 # wget -O tor https://www.torservers.net/misc/config/initd-tor
 ```

 The new initscript itself requires some changes in the Tor configs. Instead
 of one `torrc` file, one file called `tor<n>.cfg` is needed per process.
 Feel free to use the config file provided by torservers.net which you find
 at http://www.torservers.net/misc/config/torrc as a template.

 After editing the template according to your needs, copy it for each process
 you want to run. The Following Attributes should be changed per process:

  * ``Nickname``
  * ``Address``
  * ``OutboundBindAddress``
  * ``ORListenAddress``
  * ``DirListenAddress``
  * ``DataDirectory``
  * ``PidFile``
  * ``Log notice file``

 Make sure the locations that ``DataDirectory``, ``PidFile`` and 
 ``Log notice file`` point to actually exist and are writable for the user running
 Tor.

 If you don't plan on running a web server on Port 80 that forwards Directory
 requests to the tor processes, you should change ``DirListenAddress`` to a publicly
 reachable IP Address, and - by convention - Port 80.

 3. Running Tor
 --------------

 ```
 # /etc/init.d/tor start    # starts tor 0-3
 # /etc/init.d/tor stop     # stops tor 0-3
 # /etc/init.d tor reload tor2 tor3
 # /etc/init.d/tor stop tor1
 ```

 4. Infopages
 ------------

 Most Tor exit relay operators consider it best practice to run a webserver on all
 Exit nodes in order to facilitate Abuse handling [1].

 torservers.net has a special page that clearly shows that this host is an exit
 relay and offers contact information in case of abuse.

 HTTP Requests to a resource under ``/tor`` are reverse-proxied to the corresponding
 tor process by the webserver.

 The first thing to do, is, of course install the webserver:

 ```
 # apt-get install lighttpd
 ```

 Now you should delete the default index that comes with lighttpd and deploy your own
 info page to html.

 ```
 # rm /var/www/index.lighttpd.html
 ```

 For reverse Proxying the requests to the Tor processes, you need to activate lighttpd's
 proxy module:

 ```
 # lighttpd-enable-mod proxy
 ```

 Now we need to edit the proxy config file at ``/etc/lighttpd/conf-enabled/10-proxy.conf``
 to contain a block like this for every Tor process:

 ```
 $SERVER["socket"] == "x.y.z.<n>:80" {
    $HTTP["url"] =~ "^/tor(/|$)" {
        proxy.server = ( "" => ( ( "host" => "127.0.0.1",
            "port" => 903<n> ) ) )
    }
 }
 ```

 Counterintuitively, You need to change lighttpd's bind address to localhost, the
 ``$SERVER["socket"]`` directive opens a port on its own.

 ```
 # vi /etc/lighttpd/lighttpd.conf

 ...
 server.bind = "127.0.0.1"
 ...
 ```

 One last restart of lighttpd and the Tor processes and everything should be working:

 ```
 # service tor stop
 # service lighttpd restart
 # service tor start
 ```

 5. Feedback? Questions?
 -----------------------

 If you have any questions or feedback regarding this document, feel free to contact
 me via mail: johannes [at] torservers.net
	Managing multiple Tor processes on one host
	===========================================

	Due to Tor's internal architecture, running only one Tor process per physical
	host is often not enough. As a thumb rule, you should run one Tor process per
	physical CPU core to make full use of the host's CPU power. This, however
	brings with it other difficulties: The tor network limits the number of Tor
	relays per IP in the consensus to 2. Also, the relay nodes should be rechable
	on Port 80 and 443 since those ports are often unfiltered and unblocked.

	1. Preparing Your Host
	----------------------

	This guide assumes that you have a Host with 4 CPU cores and that the IP
	Addresses x.y.z.11 - x.y.z.15 are routed to it correctly.

	2. Tor Configuration
	--------------------

	Managing multiple Tor processes requires an initscript that is different from
	the one distributed by Tor's Debian Package.

	```
	# cd /etc/init.d
	# mv tor tor.dist
	# wget -O tor https://www.torservers.net/misc/config/initd-tor
	```

	The new initscript itself requires some changes in the Tor configs. Instead
	of one `torrc` file, one file called `tor<n>.cfg` is needed per process.
	Feel free to use the config file provided by torservers.net which you find
	at http://www.torservers.net/misc/config/torrc as a template.

	After editing the template according to your needs, copy it for each process
	you want to run. The Following Attributes should be changed per process:

	* ``Nickname``
	* ``Address``
	* ``OutboundBindAddress``
	* ``ORListenAddress``
	* ``DirListenAddress``
	* ``DataDirectory``
	* ``PidFile``
	* ``Log notice file``

	Make sure the locations that ``DataDirectory``, ``PidFile`` and
	``Log notice file`` point to actually exist and are writable for the user running
	Tor.

	If you don't plan on running a web server on Port 80 that forwards Directory
	requests to the tor processes, you should change ``DirListenAddress`` to a publicly
	reachable IP Address, and - by convention - Port 80.

	3. Running Tor
	--------------

	```
	# /etc/init.d/tor start # starts tor 0-3
	# /etc/init.d/tor stop # stops tor 0-3
	# /etc/init.d tor reload tor2 tor3
	# /etc/init.d/tor stop tor1
	```

	4. Infopages
	------------

	Most Tor exit relay operators consider it best practice to run a webserver on all
	Exit nodes in order to facilitate Abuse handling [1].

	torservers.net has a special page that clearly shows that this host is an exit
	relay and offers contact information in case of abuse.

	HTTP Requests to a resource under ``/tor`` are reverse-proxied to the corresponding
	tor process by the webserver.

	The first thing to do, is, of course install the webserver:

	```
	# apt-get install lighttpd
	```

	Now you should delete the default index that comes with lighttpd and deploy your own
	info page to html.

	```
	# rm /var/www/index.lighttpd.html
	```

	For reverse Proxying the requests to the Tor processes, you need to activate lighttpd's
	proxy module:

	```
	# lighttpd-enable-mod proxy
	```

	Now we need to edit the proxy config file at ``/etc/lighttpd/conf-enabled/10-proxy.conf``
	to contain a block like this for every Tor process:

	```
	$SERVER["socket"] == "x.y.z.<n>:80" {
	$HTTP["url"] =~ "^/tor(/\|$)" {
	proxy.server = ( "" => ( ( "host" => "127.0.0.1",
	"port" => 903<n> ) ) )
	}
	}
	```

	Counterintuitively, You need to change lighttpd's bind address to localhost, the
	``$SERVER["socket"]`` directive opens a port on its own.

	```
	# vi /etc/lighttpd/lighttpd.conf

	...
	server.bind = "127.0.0.1"
	...
	```

	One last restart of lighttpd and the Tor processes and everything should be working:

	```
	# service tor stop
	# service lighttpd restart
	# service tor start
	```

	5. Feedback? Questions?
	-----------------------

	If you have any questions or feedback regarding this document, feel free to contact
	me via mail: johannes [at] torservers.net