Hi dear list,
I hope I am in the correct place for my questions regarding my tor
setup.
I am currently running a guard/middle relay on a vServer.
The relay runs inside a docker container, exposing OrPort and DirPort
externally and ControlPort and MetricsPort internally.
On the same machine, but in different docker networks (except for
prometheus for metrics), multiple other containers providing my personal
infrastructure are running. All of them run behind caddy, which only
forwards requests coming to specific subdomains on a specific domain.
First of all: Is this already a bad idea? Do you seperate tor relays and
personal infrastructure physically or in VMs instead of containers?
Now, as netcup is my provider and they seem to tolerate exit nodes, I am
thinking about allowing exits. I assume this would increase visibility
of my server and maybe attract more attention. Knowing the IP address of
the tor node, it could be possible to find other domains pointing to it
(the PTR record however points to an irrelevant entry) and maybe find
the subdomains leading to (still login-protected) infra.
Do you think this is a reason not to open the relay for exits?
I only have a single IPv4 address to use, additional addresses would
imply additional costs. However, I do have a /64 block of IPv6
addresses. For IPv6, i could separate the tor address from the address
used personally and therefore make it impossible to reach anything
except tor over the designated address and covert any other domains, as
they won't be associated with the tor address.
Do you think this would be needed/enough? In this case, I would restrict
the relay to IPv6-only exits.
I am sorry if I could have found more information in the docs, but
everything that I did find did not answer my questions enough.
Kind regards.
_______________________________________________
tor-relays mailing list -- [email protected]
To unsubscribe send an email to [email protected]
