एक middle relay वह सबसे उपयोगी काम है जो एक VPS खुले इंटरनेट के लिए कर सकता है। $11.90/माह पर एक Garrison ~50 Mbps बनाए रखता है — लगभग 16 TB प्रति माह दान की गई बैंडविड्थ — एक unmetered uplink पर जिसका AWS-समतुल्य egress बिल $1,440 होगा।
Garrison at $11.90/mo is the middle-relay sweet spot — 4 vCPU, 8 GB, and the headroom for tor + nyx + a couple of monitoring sidecars on the same box.
KYC-free signup means the abuse-report inbox is one we filter on operator-relevance, not a paper trail back to your legal name. Crypto-only billing, no card on file.
Nordic jurisdiction with a long pro-relay precedent (Bahnhof, Pionen, university CS), unmetered 1 Gbps uplink, no transfer ceiling that quietly throttles a healthy relay.
Tor is one of the few pieces of infrastructure that is genuinely run by its users. There are roughly seven thousand relays in the public consensus on any given day, and every one of them belongs to a single operator who decided that an extra $12 a month was a fair price for measurable contribution to the right to read in private. The network is built out of those decisions.
एक middle relay कभी भी सार्वजनिक इंटरनेट की ओर ट्रैफिक उत्पन्न नहीं करता — यह केवल दो अन्य relays के बीच एन्क्रिप्टेड Tor cells अग्रेषित करता है। यह संरचनात्मक तथ्य ही वह है जो middle-relay संचालन को लगभग सर्वत्र कानूनी रूप से नीरस बनाता है: किसी बाहरी व्यक्ति के पास शिकायत करने के लिए कुछ नहीं है, क्योंकि relay तकनीकी रूप से कहीं भी कुछ भी नहीं भेजता जो कोई सामान्य व्यक्ति देख सके।
The Tor Project's relay-operator guidelines are the canonical reading. The short version: pick a hoster that does not block the protocol, declare a contact-info email so the consensus auths can reach you, set MyFamily if you run more than one, and let the relay age into the consensus over its first two weeks. After that, there is essentially nothing to do.
The operator-pride part is real. Every circuit the Tor Browser builds across your relay is a sentence read, a video watched, an article filed, an organiser reaching home — small, anonymous, and exactly the point.
For a serious middle relay — one that aims to sustain ~50 Mbps and earn a consensus weight worth its uplink — the Garrison ($11.90/mo, 4 vCPU, 8 GB, 240 GB NVMe) is the right starting point. The Tor daemon is single-threaded per ORPort but spends most of its budget on AES and Curve25519; the extra cores let you also run Nyx, a Prometheus node-exporter, and Unbound for resolver hygiene without crowding the relay.
If the goal is a guard relay (which the consensus promotes you to automatically after enough uptime and bandwidth), the Ravelin ($23.90/mo, 8 vCPU, 16 GB, 480 GB NVMe) gives you headroom for the higher circuit churn guards see — guards are the first hop for the entire Tor Browser population that picks them, which means more connections per second and a steeper RAM curve.
एक Sentinel ($5.90/माह, 2 vCPU, 4 GB) 15–20 Mbps सीमित एक मिडल रिले चला सकता है और यह एक बिल्कुल सम्मानजनक योगदान है — Tor कंसेंसस छोटे रिले की उपेक्षा नहीं करता। लेकिन Garrison का बैंडविड्थ/डॉलर अनुपात इतना बेहतर है कि Sentinel से शुरू करने वाले अधिकांश ऑपरेटर एक तिमाही के भीतर Garrison पर चले जाते हैं।
What none of these are: an exit relay. Exits are a different conversation — different legal posture, different abuse-handling expectations, and a different platform conversation with us. Start with a middle. Let it age. Then if you still want to do more, we can talk.
एक रूपरेखा — Tor Project के relay-operator दिशानिर्देश उन सभी चीज़ों के लिए आधिकारिक संदर्भ बने रहते हैं जो consensus द्वारा आपका fingerprint सीखने के बाद होती हैं।
The distribution package is often a release behind. Add deb.torproject.org for the upstream daemon and the signing key.
# on the VPS, as rootapt install apt-transport-https
# add deb.torproject.org repo, then:apt update && apt install torThe four directives that define a middle relay. ContactInfo is mandatory — without it your relay is flagged "bad relay" candidate.
Nickname BorealisRelay01
ORPort 9001
RelayBandwidthRate 6 MBytes
ContactInfo tor@your-domain
ExitRelay 0होस्ट firewall पर TCP/9001 inbound की अनुमति दें। SSH को non-standard port पर छोड़ें, fail2ban हमेशा की तरह।
ufw allow 9001/tcp
ufw allow 22/tcp
ufw enableThe Debian package ships a tor@default service. Enable-at-boot so a NordBastion panel reboot does not silently drop you from the consensus.
systemctl enable \
--now tor@default
journalctl -u tor@default -fWithin 1–2 hours the directory auths pick you up; within 1–2 weeks the consensus weight stabilises. Bookmark your fingerprint on metrics.torproject.org.
cat /var/lib/tor/fingerprint
# then visit:# metrics.torproject.org/rs.html#search/<FP>आपके मौजूदा SSH सेशन पर एक curses-आधारित मॉनिटर — बैंडविड्थ, circuit count, uptime। कोई सार्वजनिक डैशबोर्ड उजागर नहीं।
apt install nyx
nyxWhen some external scanner notices that your IP is in the public Tor consensus and fires off an automated complaint, the report lands at our abuse desk against an account that is "the prepaid balance behind this email". There is no card issuer to subpoena, no billing PII to forward, and our standing answer for middle relays is "this is a known, published, legal Tor relay" — not "let us forward your details upstream".
Sweden, Finland, Norway and Iceland have a long pro-relay precedent — Bahnhof and Pionen are quoted in the Tor Project's own legal FAQ, university CS departments have been running public relays for over a decade, and there is no licensing regime or registration obligation for any of it. Our region selection is not coincidentally aligned with the four jurisdictions where running a relay is least friction.
एक स्वस्थ 50 Mbps middle relay हर दिशा में लगभग 16 TB प्रति माह स्थानांतरित करता है। AWS पर डिफ़ॉल्ट मूल्य निर्धारण पर वही egress लगभग $1,440 का चालान देगा — यहाँ Garrison-tier relay चलाने की पूरी वार्षिक लागत से अधिक। Unmetered नीति ही व्यावहारिक कारण है कि शौकिया relay ऑपरेटर hyperscalers पर नहीं चलाते; हम बस इसे औपचारिक रूप देते हैं।
Tor मिडल रिले एक एकल ऑपरेटर द्वारा ओपन इंटरनेट के लिए किए जा सकने वाले सबसे सस्ते और सबसे असंगत रूप से प्रभावशाली योगदानों में से एक है। लगभग एक स्ट्रीमिंग सब्सक्रिप्शन की कीमत पर आप महीने में 16 TB मज़बूत रूप से एन्क्रिप्टेड, गुमनाम रूप से रूट किए गए ट्रैफ़िक को उन लोगों के लिए फ़ॉरवर्ड करते हैं जिनसे आप कभी नहीं मिलेंगे, उन क्षेत्रों में जिन्हें आप कभी नहीं जानेंगे, उन उद्देश्यों के लिए जिन्हें आप कभी नहीं पढ़ेंगे।
NordBastion is built for the parts that matter for this specific job — KYC-free signup so abuse reports do not personalise to you, Nordic jurisdiction with a long pro-relay precedent, unmetered uplink that does not silently cap a healthy relay — and deliberately ordinary about the rest. The VPS is a Debian box. tor is the upstream daemon. Nyx watches it. The Tor consensus does the rest.
If you have been thinking about it for a while, the Garrison takes a coffee's worth of money and an afternoon's worth of attention. The relay outlives the afternoon by years.
The eight questions first-time relay operators actually ask before publishing a fingerprint to the consensus.
Yes. Sweden, Finland, Norway and Iceland all treat Tor-relay operation as ordinary internet-infrastructure activity: there is no licensing requirement, no registration obligation, and a long body of operator precedent (Bahnhof, Pionen, university CS departments, Riseup-aligned collectives) running relays publicly without legal friction. The Tor Project's own legal FAQ lists Sweden as a friendly jurisdiction for relays. What this page describes is middle and guard relays — non-exit nodes that never originate traffic toward the public internet, which is the safest legal posture for a first-time operator.
Not as your first relay, and not on a single-operator VPS without supporting infrastructure. Exit relays do originate traffic toward the public internet — which means abuse reports about that traffic land in your inbox, even though the underlying user is upstream of you. Run exits when you have a dedicated abuse-handling email, a written legal opinion for your jurisdiction, ideally a non-profit wrapper (Torservers.net, an EFF-style entity, or a university group), and your own AS-level relationship with the host. NordBastion is happy to host middle and guard relays at any tier; exits are a conversation, not a checkbox.
Garrison-होस्टेड middle relay एक बार Tor consensus द्वारा विश्वसनीय माने जाने पर (~1 सप्ताह ramp-up) लगभग 30–60 Mbps बनाए रखता है। यह सममित रूप से प्रति माह 10–20 TB इन और आउट के बराबर है। NordBastion का 1 Gbps unmetered uplink इसे बिना झिझक संभाल लेता है — संदर्भ के लिए, AWS EC2 के डिफ़ॉल्ट transfer pricing पर वही 16 TB/month egress लगभग $1,440/month खर्च करेगा। Unmetered नीति ही एकमात्र सबसे बड़ा कारण है कि शौकिया relay ऑपरेटर हमारे जैसे होस्टर्स पर आते हैं, न कि hyperscalers पर।
For a middle relay: practically never, because middle relays do not originate any traffic toward the public internet — only encrypted Tor traffic to the next relay in the circuit. For a guard relay: rare, because guards see only the first hop in. NordBastion's abuse desk understands the difference and will not forward generic "your IP was in a scan" auto-reports about a published middle relay; we will reach out to you for anything that looks substantive, which in practice is almost nothing.
Tor lets a single operator declare that several relays belong to the same operational family via the MyFamily torrc directive. The consensus then refuses to build circuits that traverse two relays of the same family — preventing one operator from de-anonymising their own users by accident. If you grow from one relay to two or three, declaring MyFamily is mandatory; it costs nothing and it is the difference between a thoughtful operator and a careless one.
The torrc directives. A middle relay is the default — ORPort set, ExitRelay 0, no DirPort needed. A guard is a middle that has accumulated enough uptime and bandwidth for the directory authorities to flag it Guard automatically; you do not opt into being a guard, the network promotes you. An exit relay sets ExitRelay 1 and an ExitPolicy. The hardware is the same; the legal exposure is not.
Yes — Nyx is a curses-based monitor that runs in a tmux session over SSH and gives you live bandwidth, circuit count, uptime and consensus weight. For longer-term graphs, the Tor Project's metrics.torproject.org page indexes every published relay by fingerprint, so you can bookmark your own and watch the consensus weight climb over the first two weeks. No public HTTP dashboard is required, which is the right default for a relay.
Irrelevant for middle and guard relays — they do not originate traffic, so they never touch port 25 in either direction. For exit relays, the standard reduced exit policy explicitly closes port 25 (anti-spam abuse is the single largest source of operator complaints), and we recommend honouring that. NordBastion does open port 25 for legitimate mail-server use cases, but on a relay box you want it closed at the application layer regardless of platform policy.
Kernel-fast VPN exit on a Sentinel — the sibling use case for operators who want a private tunnel, not a public relay.
bitcoind + LND on NVMe, Tor-routed by default — the natural neighbour of a Tor relay on the same operator's account.
End-to-end encrypted Synapse on Docker Compose, federated and Nordic — for operators who run their own E2E messaging.