Install Anyone Exit Relay
This page instructs how to configure an Exit Relay with recommended minimum configuration.
Last updated
Was this helpful?
This page instructs how to configure an Exit Relay with recommended minimum configuration.
Last updated
Was this helpful?
This setup process includes installing the Anon client using the APT repository, configuring the client as an Exit, adding an Exit Notice, setting up firewall rules and guidelines on how to achieve Double-reverse DNS.
It is important to understand that running an Exit relay requires more maintenance and security awareness than in comparison to a Middle relay. Read our before installing an Exit Relay. It is recommended to never host an Exit relay at home or other private premises.
apt
repositoryEdit the anon configuration:
Use the template below and replace with a non-personal mail address for ContactInfo
and change Nickname
to your liking.
Edit line 101 in the file anyone-exit-notice.html
and change the value EMAIL_ADDRESS
to a non-personal mail address to be able to respond to Abuse complaints.
If additional changes are made to the anyone-exit-notice.html
file, reloading the anon service to apply the changes is necessary. Reloading is executed with the command:
This example assumes default ports are used for ORPort (9001
), SSH (22
) and HTTP (80
). Change these values from the example if needed.
It is highly recommended that you set up a valid Double-reverse DNS, also known as a "double reverse lookup", which refers to the process of performing a reverse DNS lookup on the result of a forward DNS lookup. This is typically done for purposes of adding legitimacy to the identity of a remote system. To achieve this the two DNS records, PTR and A, need to be configured for an IP-address.
For example, if you have a domain name like example.com
with an IP address of 192.0.2.1, a double-reverse DNS lookup would involve:
Pointer Record (PTR)
Address Record (A)
As mentioned above the two DNS records that need to be configured are A and PTR. For the exact steps on how to configure the two DNS records then it is important to refer to the providers documentation on how to achieve this.
Mind that multiple Exit IP-addresses must not have identical DNS records, so adding an index number per Exit, like anyone-exit-1.example.com
is a suggestion.
Pointer Record (PTR)
In the example where an Exit Relay is hosted at a cloud provider, then the control panel of the VPS will provide the possibility to configure a PTR record for your Exit IP. This setting can also be referred to as Reverse DNS, rDNS, Reverse mapping and more.
Here's a simplified breakdown:
Acquire a domain name: Choose a domain registrar (e.g., GoDaddy, Namecheap). Search for a domain name and purchase it.
Manage DNS Settings: Log in to your domain registrar's account. Go to the DNS management section.
Create an A Record: Add a new A record for your domain. Set the Hostname (e.g., anyone-exit-1.example.com
). Enter the Public IP address of your Exit relay and save the record.
DNS changes can take between 24 and 48 hours to fully propagate across the internet. However, it can sometimes be much quicker for simple DNS changes, or longer, especially for complex DNS configurations or in specific regions.