Sorry for the late reply, but at least on ArchLinux, Tor already comes with a service file for systemd and an example configuration file at
> /etc/tor/torrc
To make Tor auto-start on system boot, use:
> systemctl enable tor
systemd also offers variable sandboxing mechanisms, which should be enabled for
long-running services.
My current service file shipped by ArchLinux looks like this and has the
sandboxing variables enabled:
> /usr/lib/systemd/system/tor.service:
>
> # tor.service -- this systemd configuration file for Tor sets up
>
> # relatively conservative, hardened Tor service. You may need to
> # edit it if you are making changes to your Tor configuration that it
> # does not allow. Package maintainers: this should be a starting point
> # for your tor.service; it is not the last point.
>
> [Unit]
> Description=Anonymizing overlay network for TCP
> After=network.target nss-lookup.target
>
> [Service]
> Type=notify
> NotifyAccess=all
> ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
> ExecStart=/usr/bin/tor -f /etc/tor/torrc
> ExecReload=/bin/kill -HUP ${MAINPID}
> KillSignal=SIGINT
> TimeoutSec=60
> Restart=on-failure
> WatchdogSec=1m
> LimitNOFILE=32768
>
> # Hardening
> PrivateTmp=yes
> PrivateDevices=yes
> ProtectHome=yes
> ProtectSystem=full
> ReadOnlyDirectories=/
> ReadWriteDirectories=-/var/lib/tor
> ReadWriteDirectories=-/var/log/tor
> NoNewPrivileges=yes
> CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE
> CAP_DAC_READ_SEARCH CAP_KILL
>
> [Install]
>
> WantedBy=multi-user.target
By using:
You can see in the above default service file that the timeout for the service
not responding is 60, yet I have ShutdownWaitLength set to 120 seconds instead
of 60.
So I used:
> systemctl edit tor
to override the default unit file:
> /etc/systemd/system/tor.service.d/override.conf
>
> ### Editing /etc/systemd/system/tor.service.d/override.conf
> ### Anything between here and the comment below will become the contents of
> the drop-in file
>
> [Service]
> TimeoutSec=135
> WatchdogSec=2m 15s
>
> ### Edits below this comment will be discarded
Here you can see how I made systemd not deem my process unresponsive by
increasing the timeout and watchdog thresholds.
The next time you have such trivial questions (regarding systemd, if it still
has something to do with Tor, feel free to ask here), please refer to the
systemd documentation and their mailing lists.
Google is also pretty good nowadays, and many problems have already been
documented and solved by others.
I am happy to help new users, but I also have some time constraints.
All the best,
-GH
On Monday, November 25th, 2024 at 9:47 AM, Keifer Bly [email protected]
wrote:
> Thanks. One more question, is there a way to configure tor to start
> automatically when Linux bolts? Thanks.
>
> --Keifer
>
> On Thu, Nov 21, 2024, 1:26 AM George Hartley [email protected] wrote:
>
> > Does your server CPU support hardware AES extensions?
> >
> > Run this command in your shell (bash most likely):
> >
> > lscpu | grep aes
> >
> > If it returns the string AES, then you can make use of the crypto hardware
> > acceleration.
> >
> > This severely reduces CPU usage by Tor.
> >
> > Also, if you want to reduce CPU usage further, throttle bandwidth, I
> > wouldn't use external tools not provided by Tor, unless you absolutely have
> > to.
> >
> > Take a look at RelayBandwidthRate / RelayBandwidthBurst, right here:
> >
> > https://2019.www.torproject.org/docs/tor-manual.html.en#BandwidthRate
> >
> > -GH
> > On Tuesday, November 19th, 2024 at 10:29 PM, Keifer Bly
> > [email protected] wrote:
> >
> > > Hi, yes I got it running. Wondering is there a single debain command to
> > > set up automatic upgrades for tor, and is there a torrc configuration to
> > > limit CPU usage? Thanks
> > >
> > > On Mon, Nov 18, 2024, 11:19 PM torproject.qj5i9--- via tor-relays
> > > [email protected] wrote:
> > >
> > > > Hi,
> > > >
> > > > have you installed the obfs4proxy? If you follow this guide:
> > > > https://community.torproject.org/relay/setup/bridge/debian-ubuntu/ you
> > > > should be good to go.
> > > >
> > > > I've added "BridgeDistribution https" for my bridge, if you follow the
> > > > post install page there is written something about distribution
> > > > channels.
> > > >
> > > > Sent with Proton Mail secure email.
> > > >
> > > > On Monday, November 18th, 2024 at 12:37 PM, Keifer Bly - keifer.bly at
> > > > gmail.com [email protected] wrote:
> > > >
> > > > > This email failed anti-phishing checks when it was received by
> > > > > SimpleLogin, be careful with its content. More info on anti-phishing
> > > > > measure
> > > > >
> > > > > Hi,
> > > > >
> > > > > So for Debain 12, what is the command to install OBFS4? For my bridge
> > > > > at
> > > > > https://metrics.torproject.org/rs.html#details/0E547D99DEB753B20A19EEAA053CEF19EB5D54CD
> > > > >
> > > > > Even though I configured obfs4 in torrc its saying no transport
> > > > > protocols. Thanks.
> > > > >
> > > > > The torrc
> > > > >
> > > > > Nickname udeservefreedom
> > > > > ORPort <hidden>
> > > > > Log notice file /var/tornitces.log/notices.log
> > > > > SocksPort 0
> > > > > BridgeRelay 1
> > > > > PublishServerDescriptor bridge
> > > > > BridgeDistribution email
> > > > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
> > > > > ServerTransportListenAddr obfs4 0.0.0.0:<hidden>
> > > > > ExtOrPort auto
> > > > > ExitPolicy reject :
> > > > > ContactInfo keiferdodderblyyatgmaildoddercom
> > > > >
> > > > > --Keifer
> > > >
> > > > _______________________________________________
> > > > tor-relays mailing list -- [email protected]
> > > > To unsubscribe send an email to [email protected]
> > >
> > > --Keifer
publickey - [email protected] - 0xAEE8E00F.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list -- [email protected] To unsubscribe send an email to [email protected]
