Tor bridges in the Amazon cloud

The Tor Cloud project gives you a user-friendly way of deploying bridges to help users access an uncensored Internet. By setting up a bridge, you donate bandwidth to the Tor network and help improve the safety and speed at which users can access the Internet. Learn more about Tor and bridges ».

This project runs on the Amazon EC2 cloud computing platform, which powers Amazon.com and other major websites. Amazon EC2 allows users to launch their own virtual machines and computing resources with flexible and cost-effective terms. Learn more about Amazon EC2 »

Setting up a Tor bridge on Amazon EC2 is simple and will only take you a couple of minutes. The images have been configured with automatic package updates and port forwarding, so you do not have to worry about Tor not working or the server not getting security updates. Get started with Tor Cloud »

How much does it cost?

To help new customers get started in the cloud, Amazon has introduced a free usage tier. The Tor Cloud images are all micro instances, and new customers can run a micro instance for free for a whole year. The AWS free usage tier also includes 15 GB of bandwidth out per month.

The Tor Cloud images have been configured to use no more than 40 GB of bandwidth out per month. We have estimated that customers who do not qualify for the free usage tier will pay up to $20 a month for an instance located in us-east-1 (Virginia).

Customers who qualify for the free usage tier, but who run bridges that use more than 15 GB of bandwidth out per month, will pay up to $3 per month for an instance located in us-east-1 (Virginia).

The cost of running a bridge in the Amazon cloud depends on the region you put it in. Please see http://aws.amazon.com/free/ and the AWS pricing page for more information.

Sign up

Before you can set up a bridge, you need to sign up for an Amazon
Web Services (AWS)
account.


Amazon will send you an email once your account has been activated.

Select a region

Please click on one of the regions below to choose where you want to launch your Tor Cloud instance. A pre-configured image will be selected, and you will be directed to the AWS Management Console. See How much does it cost? on the front page for information about pricing.


Obfsproxy Bridges (required ports: 22, 443, 40872, 52176)



Private Bridges (required ports: 22, 443, 40872, 52176)

Step by step process

After selecting the region, you will be redirected to Amazon's management console. Simply follow the steps as illustrated below, and your bridge will up and running in just a couple of minutes:

Step 1

Click "Continue". (No changes needed here.)

Step 2

Click "Continue". (No changes needed here.)

Step 3

Click "Continue". (No changes needed here.)

Step 4

Select "Create a new Key Pair", type "tor-cloud-servers" for key pair name, and click "Create & Download your Key Pair". You will need the key pair if you want to connect to your instance using SSH.

Step 5

Select "Create a new Security Group", type "tor-cloud-servers" for Group Name and Group Description. You need to create four rules; SSH (22), HTTPS (443), 40872, and 52176. Select "SSH" from the "Create a new rule" dropdown and click on "Add Rule". Do the same for HTTPS. Select "Custom TCP rule" and add port 40872, do the same with port 52176. Then click "Continue".

Step 6

Click "Launch."

Step 7

You're done! Congratulations!

Frequently Asked Questions (FAQ)

0. Private bridge or obfsproxy bridge?
If you set up a private bridge, your bridge will not tell the bridge authority that it exists. You will have to manually give out your bridge address to users.

1. How much does it cost?
There is no fee charged by the Tor Project, Inc for you to run a Tor Cloud image. Amazon does, however, charge instances according to their pricing. See How much does it cost? on the front page for more information.

2. The instance is running, what's next?
You should not have to do anything once the instance is up and running. Tor will start up as a bridge and confirm that it is reachable from the outside. If you have set up an obfsproxy bridge, then it will also tell the bridge authority that it exists, and the address for your bridge will be given out to users.

3. How do I find the address of my bridge?
To find the address of your bridge, log on to the AWS Management Console, find your instance, and click on it. The bottom half of the page will show some details about the instance you have selected, including Public DNS. If the AWS Management Console says that the Public DNS for your instance is ec2-192-0-2-27.compute-1.amazonaws.com, then you know that the IP address is 192.0.2.27. All of the bridges run on port 443, so the address of your bridge is 192.0.2.27:443. Obfsproxy bridges will also run on port 52176.

4. How can I check if my bridge is running?
There are two ways you can check to see if your bridge is running; you can either log on to the instance and check /var/log/tor/log, or you can use Tor and connect to your own bridge. For instructions on how to use a bridge with Tor, see the Tor Project website.

5. I can't connect as user root, what's wrong?
When you right-click and choose connect, AWS will suggest that you use root as the username. This is wrong. You need to use ubuntu as the username if you wish to connect to your server via SSH.

6. How do I stop or terminate the instance?
To stop or terminate the instance, log on to the AWS Management Console, find your instance, right click on it and choose either "Stop" or "Terminate". "Stop" will just shutdown the instance as normal and will allow you to start it up again later. "Terminate" will delete the instance from your AWS account.

7. How do I change the IP address of my instance?
To change the IP address of your instance, log on to the AWS Management Console, find your instance, right click on it and choose "Stop". Once the instance has shut down completely, right click on it again and choose "Start". The instance will be assigned a new IP address when it starts up again.

8. What is arm and how do I use it?
The anonymizing relay monitor (arm) is a terminal status monitor for Tor. This works much like top does for system usage, providing real time statistics for bandwidth, cpu, memory usage, current Tor configuration, connection details etc. To run arm, connect to your instance with SSH and run sudo -u debian-tor arm. You can read more about arm here.

9. What's in the Tor configuration file?
Here's the configuration for an obfsproxy bridge and a private bridge. The following packages are installed when you start a Tor Cloud instance: tor, tor-geoipdb, tor-arm, deb.torproject.org-keyring, obfsproxy.

10. Will the images automatically download and install package updates?
Yes, the images have all been configured with the unattended-upgrades package. This means that your system will automatically download and install updates.

11. Will you let me know when you publish new images?
New cloud images will be announced on Twitter, identi.ca, our blog and on the tor-talk mailing list.

12. Where do I report a bug I am encountering?
If you think the bug you have found is specific to the Tor Cloud images we provide, please file a bug or send an email to help AT rt.torproject.org.

13. Is there an IRC channel where I can ask about Tor Cloud?
Yes, simply join #tor on irc.oftc.net and ask your question. It may take a while before we get back to you, so please be patient.

14. I have a question that is not answered here, what do I do?
Please send an email to help AT rt.torproject.org.