How to Setup a Tor Bridge on Bare Metal

  • Users in countries that block Tor (China, Iran, etc.)

  • High-risk individuals avoiding surveillance

  • People whose ISPs block Tor traffic

  • Users where using Tor could draw attention

  • Whistleblowers and activists in restrictive regions

1

Domain Name Configuration

Make sure A-record and AAAA-record (IPv6) point to the Vultr instance for your subdomain or for @ and www.

2

Environment

Using a Debian Bookworm (v12) instance on Vultr.

Install Packages

Install tor and torsocks
apt-get install tor torsocks

Open ports

UFW: allow ports
sudo ufw allow 9001/tcp
sudo ufw allow 9002/tcp
sudo ufw reload

Configure Tor

Edit /etc/tor/torrc by adding the following to the bottom:

/etc/tor/torrc (append)
RunAsDaemon 1
ORPort 9001
Address tor-bridge.buildintheshade.com
Nickname BuildInTheShade
ExitPolicy reject *:*
BridgeRelay 1
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:9902
SafeLogging 1
PublishServerDescriptor 0
3

Start the Server

Restart tor service
sudo systemctl restart tor

  • Verify ports can be accessed — example output:

Example: listening sockets
tor       5471 debian-tor    6u  IPv4  40403      0t0  TCP 127.0.0.1:9050 (LISTEN)
tor       5471 debian-tor    7u  IPv4  40404      0t0  TCP *:9001 (LISTEN)
tor       5471 debian-tor    8u  IPv6  40405      0t0  TCP *:9001 (LISTEN)
obfs4prox 5472 debian-tor    3u  IPv6  39708      0t0  TCP *:9902 (LISTEN)
4

Testing

On Tor Browser (desktop):

  • Go to Settings > Connection

  • Go to Add new bridges

  • Paste in your Bridge Address

Example bridge (public / non-working anymore; kept as in original):

Bridge example
Bridge obfs4 66.42.82.241:9902 91ECD875762F9F3F7325E1E14834A541FE66D403 cert=Fy7i5dcRTChZSJqvfXLAG+YdzIRt9O7367nSLYEVp9XhwUNq8wMWkYyUamZPkMUV2SUrAw iat-mode=0
PreviousHow to Setup a Signal Proxy on Bare MetalNextPATH Welcome Page

Was this helpful?