Tor bridges in the Amazon cloud
The Tor Cloud project gives you a user-friendly way of deploying
bridges to help users access an uncensored Internet. By setting up a
bridge, you donate bandwidth to the Tor network and help improve the
safety and speed at which users can access the Internet. Learn more about Tor and bridges ».
This project runs on the Amazon EC2 cloud computing
platform, which powers Amazon.com and other major websites. Amazon
EC2 allows users to launch their own virtual machines and computing
resources with flexible and cost-effective terms. Learn more about Amazon EC2 »
Setting up a Tor bridge on Amazon EC2 is simple and will only take
you a couple of minutes. The images have been configured with automatic
package updates and port forwarding, so you do not have to worry about
Tor not working or the server not getting security updates.
Get
started with Tor Cloud »
How much does it cost?
To help new customers get started in the cloud, Amazon has
introduced a free usage tier. The Tor Cloud images are all
micro instances, and new customers can run a micro instance for
free for a whole year. The AWS free usage tier also includes 15
GB of bandwidth out per month.
The Tor Cloud images have been configured to use no more than
40 GB of bandwidth out per month. We have estimated
that customers who do not qualify for the free usage tier will
pay up to $20 a month for an instance located in us-east-1
(Virginia).
Customers who qualify for the free usage
tier, but who run bridges that use more than 15 GB of bandwidth
out per month, will pay up to $3 per month for an instance
located in us-east-1 (Virginia).
The cost of running a bridge in the Amazon cloud depends on the region you put it in.
Please see http://aws.amazon.com/free/
and the AWS pricing
page for more information.
Sign up
Before you can set up a bridge, you need to sign up for
an Amazon
Web Services (AWS) account.
Sign Up Now!
Amazon will send you an email once your account has
been activated.
Select a region
Please click on one of the regions below to choose where you
want to launch your Tor Cloud instance. A pre-configured image
will be selected, and you will be directed to the AWS Management
Console. See How much does it cost? on the front page for
information about pricing.
Normal bridges
Private bridges
Step by step process
After selecting the region, you will be redirected to Amazon's
management console. Simply follow the steps as illustrated below,
and your bridge will up and running in just a couple of
minutes:
Step 1
Click "Continue". (No changes needed here.)
Step 2
Click "Continue". (No changes needed here.)
Step 3
Click "Continue". (No changes needed here.)
Step 4
Select "Create a new Key Pair", type "tor-cloud-servers" for key pair name, and click "Create & Download your Key Pair". You will need the key pair if you want to connect to your instance using SSH.
Step 5
Select "Create a new Security Group", type "tor-cloud-servers" for Group Name and Group Description. You need to create two rules; HTTPS and SSH. Select "HTTPS" from the "Create a new rule" dropdown and click on "Add Rule". Do the same for SSH. Then click "Continue".
Step 6
Click "Launch."
Step 7
You're done! Congratulations!
Frequently Asked Questions (FAQ)
0. Private bridge or normal bridge?
If you set up a private bridge, your bridge will not tell the bridge
authority that it exists. You will have to manually give out your bridge
address to users.
1. How much does it cost?
There is no fee charged by the Tor Project, Inc for you to run a
Tor Cloud image. Amazon does, however, charge instances
according to their pricing. See
How much does it cost? on the front page for more
information.
2. The instance is running, what's next?
You should not have to do anything once the instance is up and
running. Tor will start up as a bridge and confirm that it is reachable
from the outside. If you have set up a normal bridge, then it will also
tell the bridge authority that it exists, and the address for your
bridge will be given out to users.
3. How do I find the address of my bridge?
To find the address of your bridge, log on to the AWS Management
Console, find your instance, and click on it. The bottom half of the
page will show some details about the instance you have selected,
including Public DNS. If the AWS Management Console says
that the Public DNS for your instance is
ec2-192-0-2-27.compute-1.amazonaws.com, then you know that the IP
address is 192.0.2.27. All of the bridges run on port 443, so the
address of your bridge is 192.0.2.27:443.
4. How can I check if my bridge is running?
There are two ways you can check to see if your bridge is running;
you can either log on to the instance and check
/var/log/tor/log, or you can use Tor and connect to your
own bridge. For instructions on how to use a bridge with Tor, see
the Tor
Project website.
5. I can't connect as user root, what's wrong?
When you right-click and choose connect, AWS will suggest that
you use root as the username. This is wrong. You need to use
ubuntu as the username if you wish to connect to your server via
SSH.
6. How do I stop or terminate the instance?
To stop or terminate the instance, log on to the AWS Management
Console, find your instance, right click on it and choose either
"Stop" or "Terminate". "Stop" will just shutdown the instance as
normal and will allow you to start it up again later. "Terminate"
will delete the instance from your AWS account.
7. How do I change the IP address of my instance?
To change the IP address of your instance, log on to the AWS
Management Console, find your instance, right click on it and choose
"Stop". Once the instance has shut down completely, right click on
it again and choose "Start". The instance will be assigned a new IP
address when it starts up again.
8. What is arm and how do I use it?
The anonymizing relay monitor (arm) is a terminal status
monitor for Tor. This works much like top does for system
usage, providing real time statistics for bandwidth, cpu, memory
usage, current Tor configuration, connection details etc. To run
arm, connect to your instance with SSH and run sudo -u
debian-tor arm. You can read more about arm here.
9. What's in the Tor configuration file?
The Tor configuration file for normal bridges can be found here. The configuration
file for private bridges also contain PublishServerDescriptor 0.
10. Will the images automatically download and install package updates?
Yes, the images have all been configured with the unattended-upgrades package. This means that your system will automatically download and install updates.
11. Will you let me know when you publish new images?
New cloud images will be announced on Twitter, identi.ca, our blog and on the tor-talk mailing list.
12. Where do I report a bug I am encountering?
If you think the bug you have found is specific to the Tor Cloud
images we provide, please file a bug or
send an email to help AT rt.torproject.org.
13. Is there an IRC channel where I can ask about Tor Cloud?
Yes, simply join #tor on irc.oftc.net and ask your question. It may take a while before we get back to you, so please be patient.
14. I have a question that is not answered here, what do I do?
Please send an email to help AT rt.torproject.org.