The Tor network relies completely on volunteers to route the traffic from the origin to the destination.

Thanks to the volunteers the performance of the Tor network increased significantly this year and from my own experience, I could feel a boost of 10 times the speed this year (from 2 Mbps max to 20+ Mbps).


There are 3 main types of nodes:

  • Guard
    • The entry point of the Tor network.
  • Relay
    • Middle node.
  • Exit
    • Exit node to the public internet.

Other types such as Bridges and Snowflakes are additional non-advertised hosts that prevent nations or organizations to block the public listed nodes.

Prepare the server and make sure it will automatically patch any vulnerable application and upgrade itself.

sudo timedatectl set-timezone America/New_York
sudo apt update && sudo apt upgrade -y
sudo apt-get install unattended-upgrades apt-listchanges -y
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Replace the content of the file with:

Unattended-Upgrade::Origins-Pattern {
Unattended-Upgrade::Package-Blacklist {
Unattended-Upgrade::Automatic-Reboot "true";

Configure the auto-upgrade parameters:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

Replace the content of the file with:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";

Test for errors.

sudo unattended-upgrades --dry-run
sudo cat /var/log/unattended-upgrades/unattended-upgrades.log


sudo apt install tor -y
sudo nano /etc/tor/torrc

Append or replace the content of the whole file with:

Nickname NodeNick
ORPort 443
ExitRelay 0
SocksPort 0
ControlSocket 0
ContactInfo [email protected]

Note: ExitRelay value 0 can be changed to 1 to become an ExitRelay (not recommended).

sudo systemctl restart [email protected]
sudo ufw enable
sudo ufw allow 443
sudo ufw status


Takes less than 3 hours for the server to be listed in the directory [Link].

Each node goes through 4 phases in its cycle-life:

  • 1st – 0 to 3 days
    • Unmeasured
  • 2nd – 3 to 8 days
    • Remote Measurement
  • 3rd – 8 to 68 days
    • Ramping Up as a Guard Relay
  • 4th – 68+ days
    • Steady-state Guard Relay

Read more about the node cycle-life at [Link].

It is recommended to backup the Tor Identity Keys:

scp -r [email protected]:/var/lib/tor/keys .

Note: port 22 may be allowed on the firewall before the copy. Remember to block the port after using it or allow it to be accessible only from a trusted source.

Alternatively to a Tor Node, there are also Tor Bridge [Link] and Tor Snowflake [Link]. All types of volunteers are needed to make the Internet free and accessible to everyone.


Consider giving some limits to traffic usage in order to prevent overage fees from your ISP (if not unlimited).

Append the following lines to /etc/tor/torrc configuration file:

AccountingStart day 0:00
AccountingMax 50 GBytes
RelayBandwidthRate 25 MBytes
RelayBandwidthBurst 100 MBytes

Note: the speed is in Mega-Bytes, not in Mega-Bits.

Follow the CPU and bandwidth usage for a new node under different configurations:

  • A – Unmeasured (not relaying traffic yet).
  • B –¬†Remote Measurement followed by Ramping Up as a Guard Relay (Relaying traffic progressively). In a short time, a single-core with 1GB of RAM was able to relay about 1 TB.
  • C – A limit of 35GB (each direction) was applied to control the total amount of data used.
  • D – Not only a daily limit but also speed control up to 1.5MByte/s, which resulted in extra CPU usage.

Monitor traffic in real-time with Tor Nyx [Link].

sudo apt-get install nyx -y
sudo nano /etc/tor/torrc

Append the following lines:

ControlPort 9051
CookieAuthentication 1

Restart Tor and execute Nyx:

sudo systemctl restart [email protected]