A middle relay is the most useful thing a single VPS can do for the open internet. A Garrison at $11.90/mo sustains ~50 Mbps — about 16 TB a month of donated bandwidth — on an unmetered uplink whose AWS-equivalent egress bill would run to $1,440.
Garrison at $11.90/mo is the middle-relay sweet spot — 4 vCPU, 8 GB, and the headroom for tor + nyx + a couple of monitoring sidecars on the same box.
KYC-free signup means the abuse-report inbox is one we filter on operator-relevance, not a paper trail back to your legal name. Crypto-only billing, no card on file.
Nordic jurisdiction with a long pro-relay precedent (Bahnhof, Pionen, university CS), unmetered 1 Gbps uplink, no transfer ceiling that quietly throttles a healthy relay.
Tor is one of the few pieces of infrastructure that is genuinely run by its users. There are roughly seven thousand relays in the public consensus on any given day, and every one of them belongs to a single operator who decided that an extra $12 a month was a fair price for measurable contribution to the right to read in private. The network is built out of those decisions.
A middle relay never originates traffic toward the public internet — it only forwards encrypted Tor cells between two other relays. That structural fact is what makes middle-relay operation legally boring almost everywhere: there is nothing for an outsider to complain about, because the relay does not, technically, send anything anywhere a normal person can see.
The Tor Project's relay-operator guidelines are the canonical reading. The short version: pick a hoster that does not block the protocol, declare a contact-info email so the consensus auths can reach you, set MyFamily if you run more than one, and let the relay age into the consensus over its first two weeks. After that, there is essentially nothing to do.
The operator-pride part is real. Every circuit the Tor Browser builds across your relay is a sentence read, a video watched, an article filed, an organiser reaching home — small, anonymous, and exactly the point.
For a serious middle relay — one that aims to sustain ~50 Mbps and earn a consensus weight worth its uplink — the Garrison ($11.90/mo, 4 vCPU, 8 GB, 240 GB NVMe) is the right starting point. The Tor daemon is single-threaded per ORPort but spends most of its budget on AES and Curve25519; the extra cores let you also run Nyx, a Prometheus node-exporter, and Unbound for resolver hygiene without crowding the relay.
If the goal is a guard relay (which the consensus promotes you to automatically after enough uptime and bandwidth), the Ravelin ($23.90/mo, 8 vCPU, 16 GB, 480 GB NVMe) gives you headroom for the higher circuit churn guards see — guards are the first hop for the entire Tor Browser population that picks them, which means more connections per second and a steeper RAM curve.
A Sentinel ($5.90/mo, 2 vCPU, 4 GB) can run a middle relay capped at 15–20 Mbps and it is a perfectly honourable contribution — the Tor consensus does not despise small relays. But the bandwidth/dollar ratio of the Garrison is so much better that most operators who start on a Sentinel migrate to a Garrison within a quarter.
What none of these are: an exit relay. Exits are a different conversation — different legal posture, different abuse-handling expectations, and a different platform conversation with us. Start with a middle. Let it age. Then if you still want to do more, we can talk.
A skeleton sketch — the Tor Project's relay-operator guidelines remain the authoritative reference for everything that follows the consensus learning your fingerprint.
The distribution package is often a release behind. Add deb.torproject.org for the upstream daemon and the signing key.
# on the VPS, as rootapt install apt-transport-https
# add deb.torproject.org repo, then:apt update && apt install torThe four directives that define a middle relay. ContactInfo is mandatory — without it your relay is flagged "bad relay" candidate.
Nickname BorealisRelay01
ORPort 9001
RelayBandwidthRate 6 MBytes
ContactInfo tor@your-domain
ExitRelay 0Allow TCP/9001 inbound on the host firewall. Leave SSH on a non-standard port, fail2ban as usual.
ufw allow 9001/tcp
ufw allow 22/tcp
ufw enableThe Debian package ships a tor@default service. Enable-at-boot so a NordBastion panel reboot does not silently drop you from the consensus.
systemctl enable \
--now tor@default
journalctl -u tor@default -fWithin 1–2 hours the directory auths pick you up; within 1–2 weeks the consensus weight stabilises. Bookmark your fingerprint on metrics.torproject.org.
cat /var/lib/tor/fingerprint
# then visit:# metrics.torproject.org/rs.html#search/<FP>A curses-based monitor — bandwidth, circuit count, uptime — over your existing SSH session. No public dashboard exposed.
apt install nyx
nyxWhen some external scanner notices that your IP is in the public Tor consensus and fires off an automated complaint, the report lands at our abuse desk against an account that is "the prepaid balance behind this email". There is no card issuer to subpoena, no billing PII to forward, and our standing answer for middle relays is "this is a known, published, legal Tor relay" — not "let us forward your details upstream".
Sweden, Finland, Norway and Iceland have a long pro-relay precedent — Bahnhof and Pionen are quoted in the Tor Project's own legal FAQ, university CS departments have been running public relays for over a decade, and there is no licensing regime or registration obligation for any of it. Our region selection is not coincidentally aligned with the four jurisdictions where running a relay is least friction.
A healthy 50 Mbps middle relay moves roughly 16 TB a month in each direction. The same egress on AWS at default pricing would invoice at about $1,440 — more than the entire annual cost of running a Garrison-tier relay here. The unmetered policy is the practical reason hobbyist relay operators do not run on hyperscalers; we simply formalise that.
A Tor middle relay is one of the cheapest, most disproportionate contributions a single operator can make to the open internet. For roughly the price of a streaming subscription you forward 16 TB a month of strongly encrypted, anonymously routed traffic for people you will never meet, in jurisdictions you will never know, for purposes you will never read.
NordBastion is built for the parts that matter for this specific job — KYC-free signup so abuse reports do not personalise to you, Nordic jurisdiction with a long pro-relay precedent, unmetered uplink that does not silently cap a healthy relay — and deliberately ordinary about the rest. The VPS is a Debian box. tor is the upstream daemon. Nyx watches it. The Tor consensus does the rest.
If you have been thinking about it for a while, the Garrison takes a coffee's worth of money and an afternoon's worth of attention. The relay outlives the afternoon by years.
The eight questions first-time relay operators actually ask before publishing a fingerprint to the consensus.
Yes. Sweden, Finland, Norway and Iceland all treat Tor-relay operation as ordinary internet-infrastructure activity: there is no licensing requirement, no registration obligation, and a long body of operator precedent (Bahnhof, Pionen, university CS departments, Riseup-aligned collectives) running relays publicly without legal friction. The Tor Project's own legal FAQ lists Sweden as a friendly jurisdiction for relays. What this page describes is middle and guard relays — non-exit nodes that never originate traffic toward the public internet, which is the safest legal posture for a first-time operator.
Not as your first relay, and not on a single-operator VPS without supporting infrastructure. Exit relays do originate traffic toward the public internet — which means abuse reports about that traffic land in your inbox, even though the underlying user is upstream of you. Run exits when you have a dedicated abuse-handling email, a written legal opinion for your jurisdiction, ideally a non-profit wrapper (Torservers.net, an EFF-style entity, or a university group), and your own AS-level relationship with the host. NordBastion is happy to host middle and guard relays at any tier; exits are a conversation, not a checkbox.
A healthy Garrison-hosted middle relay sustains roughly 30–60 Mbps once the Tor consensus has learned to trust it (~1 week ramp-up). That works out to 10–20 TB per month, in and out, symmetrically. NordBastion's 1 Gbps unmetered uplink absorbs this without a flinch — for context, the same 16 TB/month of egress would cost roughly $1,440/month on AWS EC2's default transfer pricing. The unmetered policy is the single biggest reason hobbyist relay operators end up on hosters like us rather than on the hyperscalers.
For a middle relay: practically never, because middle relays do not originate any traffic toward the public internet — only encrypted Tor traffic to the next relay in the circuit. For a guard relay: rare, because guards see only the first hop in. NordBastion's abuse desk understands the difference and will not forward generic "your IP was in a scan" auto-reports about a published middle relay; we will reach out to you for anything that looks substantive, which in practice is almost nothing.
Tor lets a single operator declare that several relays belong to the same operational family via the MyFamily torrc directive. The consensus then refuses to build circuits that traverse two relays of the same family — preventing one operator from de-anonymising their own users by accident. If you grow from one relay to two or three, declaring MyFamily is mandatory; it costs nothing and it is the difference between a thoughtful operator and a careless one.
The torrc directives. A middle relay is the default — ORPort set, ExitRelay 0, no DirPort needed. A guard is a middle that has accumulated enough uptime and bandwidth for the directory authorities to flag it Guard automatically; you do not opt into being a guard, the network promotes you. An exit relay sets ExitRelay 1 and an ExitPolicy. The hardware is the same; the legal exposure is not.
Yes — Nyx is a curses-based monitor that runs in a tmux session over SSH and gives you live bandwidth, circuit count, uptime and consensus weight. For longer-term graphs, the Tor Project's metrics.torproject.org page indexes every published relay by fingerprint, so you can bookmark your own and watch the consensus weight climb over the first two weeks. No public HTTP dashboard is required, which is the right default for a relay.
Irrelevant for middle and guard relays — they do not originate traffic, so they never touch port 25 in either direction. For exit relays, the standard reduced exit policy explicitly closes port 25 (anti-spam abuse is the single largest source of operator complaints), and we recommend honouring that. NordBastion does open port 25 for legitimate mail-server use cases, but on a relay box you want it closed at the application layer regardless of platform policy.
Kernel-fast VPN exit on a Sentinel — the sibling use case for operators who want a private tunnel, not a public relay.
bitcoind + LND on NVMe, Tor-routed by default — the natural neighbour of a Tor relay on the same operator's account.
End-to-end encrypted Synapse on Docker Compose, federated and Nordic — for operators who run their own E2E messaging.