Import obfs4 bridge deployment guide to lektor

2024-11-24 02:09:48 +00:00 · 2019-07-04 18:34:58 -04:00 · 2019-07-04 18:34:58 -04:00 · 084ee9038c
commit 084ee9038c
parent 8b4aaa6897
5 changed files with 76 additions and 5 deletions
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/centos-rhel-opensuse/contents.lr
@ -96,6 +96,6 @@ key:
 ---
 color: primary
 ---
-subtitle: How to deploy obfs4proxy on CentOS / RHEL
+subtitle: How to deploy obfs4proxy Bridge on CentOS / RHEL / OpenSUSE
 ---
 _template: layout.html
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/contents.lr
@ -2,18 +2,22 @@ _model: page
 ---
 title:

- Bridge deployment
+ Bridge
 ---
 body:

 This guide will help you run an obfs4 bridge to help censored users connect to the Tor network. The requirements are 1) 24/7 Internet connectivity and 2) the ability to expose TCP ports to the Internet (make sure that NAT doesn't get in the way). 
+
+Note: If you're running platforms that are not listed on this page, you should probably [compile obfs4 from source](https://gitlab.com/yawning/obfs4#installation).
 ---
 html: two-columns-page.html
 ---
-key: 1
+key: 2
 ---
 section: Bridge operations
 ---
 section_id: bridge-operations
 ---
 subtitle: Run an obfs4 bridge to help censored users connect to the Tor network
+---
+_slug: {{bridge}}
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/debian-ubuntu/contents.lr
@ -77,4 +77,4 @@ key: 1
 ---
 html: two-columns-page.html
 ---
-subtitle: Follow the steps below to deploy obfs4proxy on Debian / Ubuntu
+subtitle: How to deploy an obfs4proxy Bridge on Debian / Ubuntu
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/freebsd/contents.lr
@ -95,4 +95,4 @@ FreeBSDlatest: {
 ```

 ---
-subtitle: Follow the steps below to deploy obfs4proxy on FreeBSD
+subtitle: How to deploy obfs4proxy Bridge on FreeBSD
--- a/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr
+++ b/content/relay-operations/technical-setup/bridge-deployment-guide/openbsd/contents.lr
@ -5,3 +5,70 @@ title: OpenBSD
 html: two-columns-page.html
 ---
 key: 4
+---
+body:
+
+# 1. Install packages 
+```
+pkg_add tor obfs4proxy
+```
+
+# 2. Edit your Tor config file
+
+Usually located at `/etc/tor/torrc`, add the following lines:
+
+```
+#Bridge config
+RunAsDaemon 1
+ORPort auto
+BridgeRelay 1
+ServerTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
+# For a fixed obfs4 port (e.g. 34176), uncomment the following line.
+#ServerTransportListenAddr obfs4 0.0.0.0:34176
+# Local communication port between Tor and obfs4. Always set this to "auto". "Ext" means
+# "extended", not "external". Don't try to set a specific port number, nor listen on 0.0.0.0.
+ExtORPort auto
+
+# Contact information that allows us to get in touch with you in case of
+# critical updates or problems with your bridge.  This is optional, so you
+# don't have to provide an email address if you don't want to.
+ContactInfo <address@email.com>
+# Pick a nickname that you like for your bridge.
+Nickname PickANickname
+
+Log notice file /var/log/tor/notices.log
+
+User _tor
+```
+
+Don't forget to change the ContactInfo and Nickname options.
+
+Note that both Tor's OR port and its obfs4 port must be reachable. If your bridge is behind a firewall or NAT, make sure to open both ports. 
+
+# 3. Start the tor daemon and make sure it starts at boot: 
+
+```
+rcctl enable tor
+rcctl start tor
+```
+# 4. Monitor your logs
+
+To confirm your bridge is running with no issues, you should see something like this  (`/var/log/tor/notices.log`): 
+
+```
+[notice] Your Tor server's identity key fingerprint is '<NICKNAME> <FINGERPRINT>'
+[notice] Your Tor bridge's hashed identity key fingerprint is '<NICKNAME> <HASHED FINGERPRINT>'
+[notice] Registered server transport 'obfs4' at '[::]:46396'
+[notice] Tor has successfully opened a circuit. Looks like client functionality is working.
+[notice] Bootstrapped 100%: Done
+[notice] Now checking whether ORPort <redacted>:9001 is reachable... (this may take up to 20 minutes -- look for log messages indicating success)
+[notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
+```
+
+Remember to open the random port associated with your bridge. You can find it in your tor log; in the above example it is 46396. To use a fixed port, uncomment the [ServerTransportListenAddr](https://www.torproject.org/docs/tor-manual.html.en#ServerTransportListenAddr) option in your torrc. You can use [our reachability test](https://bridges.torproject.org/scan/)  to see if your obfs4 port is reachable from the Internet.
+---
+subtitle: How to deploy obfs4proxy Bridge on OpenBSD
+---
+section: Bridge
+---
+section_id: bridge