How to Run a Tor Relay at Home – Step-by-Step Guide

Jul 19, 2025

This guide walks you through setting up a non-exit Tor relay on your home network. A relay adds capacity and resilience to the Tor network without the higher exposure of an exit node.

1. Requirements & Considerations

• Hardware: Old mini PC, Raspberry Pi 3/4, home server, or a small VM.
• Uptime: The more continuous the better (aim for 24/7).
• Bandwidth: A few Mbps up/down minimum. You’ll set safe limits.
• OS: Debian / Ubuntu / Fedora (examples use Debian/Ubuntu commands).
• Ports: ORPort 9001 TCP (DirPort optional, usually 9030 – we skip it for simplicity).

2. Update the System

sudo apt update
sudo apt upgrade -y

3. Add the Official Tor Project Repository

You can use the distro’s default Tor, but the Tor Project repo typically ships security updates sooner.

sudo apt install -y gnupg2 apt-transport-https
curl https://deb.torproject.org/torproject.org/static/keys/torproject-keyring.gpg | \
  gpg --dearmor | sudo tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null

echo "deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] \
https://deb.torproject.org/torproject.org $(lsb_release -cs) main" | \
  sudo tee /etc/apt/sources.list.d/tor.list

sudo apt update
sudo apt install -y tor deb.torproject.org-keyring

4. Backup and Edit the Config

Main config lives at /etc/tor/torrc. Backup first, then edit:

sudo cp /etc/tor/torrc /etc/tor/torrc.backup.$(date +%Y%m%d)
sudo nano /etc/tor/torrc

5. Minimal Middle Relay Config

Nickname MichaelHomeRelay
ContactInfo michael.grigore@example (PGP key optional)
ORPort 9001
ExitRelay 0
SocksPort 0
DirPort 0

# Bandwidth limits (adjust for your connection):
RelayBandwidthRate 4 MB     # sustained (4 MB/s ≈ 32 Mbps)
RelayBandwidthBurst 8 MB    # short burst

# If auto-detection fails:
# Address 203.0.113.45

Log notice file /var/log/tor/notices.log

Key Lines Explained

• ExitRelay 0 — ensures this is not an exit node.
• SocksPort 0 — disables client proxy; this instance just relays.
• RelayBandwidthRate/Burst — protects your upstream capacity.

6. Router Port Forwarding

Forward TCP port 9001 (or the ORPort you chose) from the router to the relay’s LAN IP (e.g. 192.168.1.50). DirPort is optional—skip it for a basic relay.

7. Restart Tor

sudo systemctl restart tor
sudo systemctl status tor --no-pager

8. Watch the Logs

tail -f /var/log/tor/notices.log

Look for: Self-testing indicates your ORPort is reachable. If it doesn’t appear after ~20–30 minutes, re-check firewall/NAT/port forward.

9. (Optional) Firewall Allow

sudo ufw allow 9001/tcp
sudo ufw reload
sudo ufw status

10. Monitoring

• After a few hours your relay appears in the Tor consensus.
• Search its Nickname here: https://metrics.torproject.org/rs.html
• Traffic graphs show up as you accumulate uptime.

11. Keep It Updated

sudo apt update
sudo apt install tor

Run periodically (cron/systemd timer) for security updates.

12. Adjust Bandwidth Later

# Example lower values:
RelayBandwidthRate 2 MB
RelayBandwidthBurst 4 MB

13. Why Not an Exit (Yet)

Exit nodes carry cleartext egress traffic and can attract abuse complaints (DMCA, etc.). They require legal awareness, sometimes separate hosting, and tighter operational practices. Start with a middle relay.

14. Disable / Remove

sudo systemctl stop tor
sudo apt purge tor -y
sudo rm -rf /var/lib/tor

FAQ

Will it slow my Internet?

Minimal impact if RelayBandwidthRate is ~30–40% of your upstream.

Can my ISP complain?

Rare for a middle relay. Still, read your Terms and watch for notices initially.

Can I use a Raspberry Pi?

Yes. Use a reliable power supply and storage (good SD card or SSD). Pi 3B+ or 4 with cooling is recommended.

---

Educational purposes only. Always comply with local laws and your ISP’s policy.

Cheers,
Michael