Anyone Docs
  • 🔷The Documentation For Anyone
    • About
    • FAQ
  • 🔷Relay Setup
    • Get Started
    • Relay Operator Standards
    • Installation and Usage
      • Virtualization on Windows
      • Virtualization on macOS
      • Install Ubuntu Server 24.04
      • Server management with SSH in Windows and macOS
      • Install Anon on Linux
      • Firewall and Network Configurations
        • Router Port Forwarding
        • Install and Configure Firewall
      • Troubleshooting Common Issues
        • Diagnosing CGNAT and Public IPv4
        • Confirm ORPort Reachability
        • Configure IPv4 and IPv6
      • Advanced Configuration
        • Install Anon using the apt repository
          • Binary Verification
        • Install Anon in Docker
        • Install Anyone Exit Relay
          • Exit Relay Guidelines
        • DoS mitigation parameters
        • Update Anon and accept terms and conditions
        • Configure SOCKS5 Proxy for Anyone
  • 🔷Hardware Setup
    • Setup Guide
    • Router Mode Setup
    • Description and Specifications
    • Relay Control Panel Pages
      • Home
      • Network Settings
      • Relay Settings
      • Relay Family
      • Proxy Settings BETA
      • Change Password
      • Logs
      • Update
    • Hardware Updates
      • System Update (USB)
      • System Update (WebUI)
      • Anon Update (WebUI)
    • Troubleshooting and additional configuration
      • Router Port Forwarding
      • Diagnosing CGNAT and Public IPv4
  • 🔷Security and Privacy
    • VPS Hardening
  • 🔷Rewards Dashboard
    • Registering to the Rewards Program
    • Accessing the Rewards Dashboard
    • Using the Rewards Dashboard
    • Rewards Status
  • 🔷Anyone SDK
    • NPM SDK
      • Install NPM Package
      • Run as Library
        • Anon
        • AnonSocksClient
        • AnonControlClient
      • Run from CLI
      • Tutorials
        • Hello Anon World I
        • Hello Anon World II
        • Circuit Control I
        • Circuit Control II
    • Native SDK
      • Anyone Client Releases
      • MAN - Anon Manual
      • Tutorials
        • Anyone Services I
        • Anyone Services II
    • iOS SDK [Beta]
      • Manual Install - CocoaPods
  • 🔷Connect to Anyone
    • Connecting to Linux
      • [Beta] One-Click Linux Setup
    • Connecting to macOS
      • macOS with NPM
      • [Beta] One-Click macOS Setup
    • Connecting to Windows
      • [Beta] One-Click Windows Setup
    • Individual Applications with Anyone
    • Connect Through Hardware
  • 🔷Tokenomics
    • Introduction
    • Token Distribution
      • Token Outflow
      • Other Tokens
      • Multichain
    • Relay Rewards
      • Lock Requirement
      • Lock Adjustments
      • Reward Multipliers
    • Additional Roles
      • Authorities and Staking
      • Governance Voting
    • Premium Circuits
      • Premium Circuits
      • Premium Circuits: Metrics
    • Summary
      • Value Accrual Summary
      • Rewards Case Study
    • Appendix
      • M Derivation
      • Risk Equation Derivation
  • 🔷Resources
    • Community and Customer Support
    • Links
    • Token
    • Whitepaper
    • Roadmap
    • API
      • REST
      • [Future] GraphQL
Powered by GitBook
On this page
  • Install using the apt repository
  • Fully upgrade the system
  • Install anon
  • Configure anonrc
  • Download the Anyone Exit Notice
  • Add a non-personal mail address to the Exit Notice
  • Restart anon service to apply anon configuration
  • Apply firewall rules
  • Double-reverse DNS
  • How do I achieve Double-reverse DNS?
  1. Relay Setup
  2. Installation and Usage
  3. Advanced Configuration

Install Anyone Exit Relay

This page instructs how to configure an Exit Relay with recommended minimum configuration.

This setup process includes installing the Anon client using the APT repository, configuring the client as an Exit, adding an Exit Notice, setting up firewall rules and guidelines on how to achieve Double-reverse DNS.

It is important to understand that running an Exit relay requires more maintenance and security awareness than in comparison to a Middle relay. Read our Exit Guidelines before installing an Exit Relay. It is recommended to never host an Exit relay at home or other private premises.

Install using the apt repository

. /etc/os-release
sudo wget -qO- https://deb.en.anyone.tech/anon.asc | sudo tee /etc/apt/trusted.gpg.d/anon.asc
sudo echo "deb [signed-by=/etc/apt/trusted.gpg.d/anon.asc] https://deb.en.anyone.tech anon-live-$VERSION_CODENAME main" | sudo tee /etc/apt/sources.list.d/anon.list

Fully upgrade the system

sudo apt-get update
sudo apt-get upgrade

Install anon

sudo apt-get install anon

Configure anonrc

Edit the anon configuration:

sudo nano /etc/anon/anonrc

Use the template below and replace with a non-personal mail address for ContactInfo and change Nickname to your liking.

Nickname ExitRelayName
ContactInfo email@me.com
Log notice file /var/log/anon/notices.log
ORPort 9001
SocksPort 0
ExitRelay 1
IPv6Exit 0
DirPort 80
DirPortFrontPage /etc/anon/anyone-exit-notice.html
ReevaluateExitPolicy 1
ExitPolicy reject *:25
ExitPolicy reject *:587
ExitPolicy reject *:465
ExitPolicy reject *:2525
ExitPolicy reject *:3389
ExitPolicy reject *:23
ExitPolicy reject *:465
ExitPolicy reject *:3128
ExitPolicy reject *:5900
ExitPolicy reject *:9999

Download the Anyone Exit Notice

sudo curl -o /etc/anon/anyone-exit-notice.html -fsSLO https://raw.githubusercontent.com/anyone-protocol/anon-install/refs/heads/main/html/anyone-exit-notice.html

Add a non-personal mail address to the Exit Notice

Edit line 101 in the file anyone-exit-notice.html and change the value EMAIL_ADDRESS to a non-personal mail address to be able to respond to Abuse complaints.

sudo nano +101 /etc/anon/anyone-exit-notice.html

Restart anon service to apply anon configuration

sudo systemctl restart anon

If additional changes are made to the anyone-exit-notice.html file, reloading the anon service to apply the changes is necessary. Reloading is executed with the command:

sudo systemctl reload anon

Apply firewall rules

This example assumes default ports are used for ORPort (9001), SSH (22) and HTTP (80). Change these values from the example if needed.

sudo apt-get install ufw
sudo ufw allow 9001
sudo ufw allow 80
sudo ufw limit 22
sudo ufw enable

Double-reverse DNS

It is highly recommended that you set up a valid Double-reverse DNS, also known as a "double reverse lookup", which refers to the process of performing a reverse DNS lookup on the result of a forward DNS lookup. This is typically done for purposes of adding legitimacy to the identity of a remote system. To achieve this the two DNS records, PTR and A, need to be configured for an IP-address.

  • Pointer Record (PTR): Also called Reverse DNS is a DNS record that maps an IP address to a domain name, commonly used for reverse DNS lookups to verify the authenticity of the sender's domain. PTR adds another layer of legitimacy when accessing services and for the destination to easier evaluate the source.

  • Address Record (A): The most commonly used DNS record that links a domain name to an IP address, enabling devices to find and connect to websites and servers on the internet.

For example, if you have a domain name like example.com with an IP address of 192.0.2.1, a double-reverse DNS lookup would involve:

Pointer Record (PTR)

Reverse lookup: Resolving 195.1.2.3 to example.com.

Address Record (A)

Forward lookup: Resolving example.com to 195.1.2.3.

How do I achieve Double-reverse DNS?

As mentioned above the two DNS records that need to be configured are A and PTR. For the exact steps on how to configure the two DNS records then it is important to refer to the providers documentation on how to achieve this.

Mind that multiple Exit IP-addresses must not have identical DNS records, so adding an index number per Exit, like anyone-exit-1.example.com is a suggestion.

Pointer Record (PTR)

In the example where an Exit Relay is hosted at a cloud provider, then the control panel of the VPS will provide the possibility to configure a PTR record for your Exit IP. This setting can also be referred to as Reverse DNS, rDNS, Reverse mapping and more.

Address Record (A)

Here's a simplified breakdown:

  1. Acquire a domain name: Choose a domain registrar (e.g., GoDaddy, Namecheap). Search for a domain name and purchase it.

  2. Manage DNS Settings: Log in to your domain registrar's account. Go to the DNS management section.

  3. Create an A Record: Add a new A record for your domain. Set the Hostname (e.g., anyone-exit-1.example.com). Enter the Public IP address of your Exit relay and save the record.

DNS changes can take between 24 and 48 hours to fully propagate across the internet. However, it can sometimes be much quicker for simple DNS changes, or longer, especially for complex DNS configurations or in specific regions.

Last updated 6 months ago

🔷