First, What is tor ?

Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic through a free, worldwide, volunteer overlay network, consisting of more than six thousand relays, for concealing a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace the Internet activity to the user. Tor’s intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities unmonitored.

Source : Wikipedia

Questions you should clarify before configuring a Tor service

What is a bridge?

Bridge relays are Tor relays that are not listed in the public Tor directory.

That means that ISPs or governments trying to block access to the Tor network can’t simply block all bridges. Bridges are useful for Tor users under oppressive regimes, and for people who want an extra layer of security because they’re worried somebody will recognize that they are contacting a public Tor relay IP address.

A bridge is just a normal relay with a slightly different configuration. See How do I run a bridge for instructions.

Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges. Obfsproxy bridges address this by adding another layer of obfuscation. Setting up an obfsproxy bridge requires an additional software package and additional configurations. See our page on pluggable transports for more info.

Source :

Why using docker ?

Docker use OS-level virtualization to deliver software in packages called containers, using that technology is more secure if you are planning to host other services on the same host as well.

In this case we are using « docker-compose » for convenience, with one file we can deploy the full Tor-bridge with minimal effort and the same efficiency as in plain docker.

How to host a bridge using docker-compose

To host a Tor bridge container, your first need to have a docker & docker-compose installed. Then make sure you select two public ports and forward them to your Tor bridge server if you are using NAT based network environment.

Create two following files in the same directory. Make sure to change your environment variable in the .env file to match your current setup.

Make sure to uncomment variables to use them properly, make also sure to not edit the docker-compose volumes structure, or if you want to do so, check the link below.


version: "3.4"
    container_name: obfs4-bridge    
    image: thetorproject/obfs4-bridge:latest           
    # Exit with an error message if OR_PORT is unset or empty.      
      - OR_PORT=${OR_PORT:?Env var OR_PORT is not set.}       
    # Exit with an error message if PT_PORT is unset or empty.      
      - PT_PORT=${PT_PORT:?Env var PT_PORT is not set.}      
    # Exit with an error message if EMAIL is unset or empty.      
      - EMAIL=${EMAIL:?Env var EMAIL is not set.}    
      - .env    
      - data:/var/lib/tor    
      - ${OR_PORT}:${OR_PORT}      
      - ${PT_PORT}:${PT_PORT}    
    restart: unless-stopped


# This file assists operators in (re-)deploying an obfs4 bridge Docker container.  You need the tool 'docker-compose' to use this file. You can find it in the Debian package 'docker-compose'.
First, you need to create a configuration file, ".env", in the same directory as this file, "docker-compose.yml".  Add the following environment variables to this configuration file.  EMAIL is your email address; OR_PORT is your onion routing port; and PT_PORT is your obfs4 port:   
## If needed, you can also activate there an additional variables processing with:
## followed by defining desired torrc entries prefixed with OBFS4V_
# For example:
##   OBFS4V_AddressDisableIPv6=1

Next, pull the Docker image, by running :

docker-compose pull obfs4-bridge

And finally, to (re-)deploy the container, run :

docker-compose up -d obfs4-bridge

How to check if your relay is active ?

The first thing you can do is check your logs for an error, if you see none and you see the bandwidth speedtest complete, you can check for your relay on the Tor metrics website.

docker logs obfs4-bridge

To identify your relay you need your tor bridge hashed identity key, you can find it in the logs, it should look like this.

Your Tor bridge's hashed identity key  fingerprint is 'DockerObfs4Bridge AAAABBBBCCCCDDDDEEEE'

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *