Setup a Tor Middle/Guard Relay

Requirements

VPS or server running Debian/Ubuntu (or any Debian-based distro)
Root access

Check the official relay requirements: Clearnet | Onion

Step by Step guide

Step 1: Update and upgrade the system

apt update

apt upgrade -y

Step 2: Install dependencies

apt install -y apt-transport-https gnupg ufw wget

Step 3: Add Tor repository

Official Tor installation guide: Clearnet | Onion

Get your distribution code name:

dist=$(lsb_release -cs)

Create the Tor source list:

cat > /etc/apt/sources.list.d/tor.list << EOF
deb     [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org $dist main
deb-src [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org $dist main
EOF

Import the Tor Project GPG key:

wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg >/dev/null

Step 4: Install Tor

apt update

apt install -y tor

Step 5: Configure the relay

Official Middle/Guard relay setup guide: Clearnet | Onion

Stop Tor before configuring:

systemctl stop tor

Edit the Tor configuration file:

nano /etc/tor/torrc

Add the following at the end of the file:

Nickname YourRelayName
ContactInfo your@email.com
ORPort 443
ExitRelay 0
SocksPort 0

Nickname: Pick a name for your relay (letters and digits only)
ContactInfo: Your email address (will be published)
ORPort: The port your relay will listen on (443 is recommended)
ExitRelay 0: This ensures you're running a middle/guard relay, not an exit
SocksPort 0: Disables the SOCKS proxy

Step 6: Setup firewall

Allow SSH (change the port if you use a different one):

ufw allow 22/tcp

Allow the Tor ORPort (change if you use a different port):

ufw allow 443/tcp

Enable the firewall:

ufw --force enable

Step 7: Start the relay

systemctl restart tor

Step 8: Get your relay fingerprint

Wait a few seconds for Tor to generate the fingerprint, then run:

cat /var/lib/tor/fingerprint

You can find your relay on Tor Metrics after a few hours: Clearnet | Onion

Verify your relay is running

systemctl status tor

Check the logs:

journalctl -u tor -f