Tutorials / Tor

How to Set Up a Tor Relay on a VPS

intermediate35 minLast reviewed: 2026-04-30

Tor relays contribute bandwidth to the Tor network without sending user traffic directly to the public internet. That distinction matters. A middle relay or guard relay is much easier to operate than an exit node because abuse complaints for destination traffic do not point at your server as the final source. uNode permits relays without special approval; exit nodes require notifying support first so abuse complaints can be routed.

This guide installs tor and nyx on Debian 13, configures a non-exit relay, sets bandwidth limits, and shows basic monitoring. If you want to run an exit node, stop here and contact support@unode.net before deploying.

Illustration for How to Set Up a Tor Relay on a VPS

Prerequisites

  • A uNode VPS deployed with Debian 13.
  • Root SSH access.
  • A decision to run a relay, not an exit node.
  • A plan for bandwidth limits that fit your transfer budget.
Open console server deploy

Recommended plans

Starter

1 vCPU, 3 GB RAM, 20 GB NVMe SSD, 10 TB transfer

Standard

2 vCPU, 4 GB RAM, 30 GB NVMe SSD, 10 TB transfer

Step 1

Install Tor and nyx

Use Debian packages for a straightforward relay. nyx is a terminal monitor for Tor that helps you inspect bandwidth, circuits, and logs.

ssh root@<your-server-ip>
apt update && apt upgrade -y
apt install -y tor nyx ufw

Step 2

Configure a non-exit relay

Edit torrc with a clear nickname, contact email, relay port, and exit policy that rejects everything. The ExitRelay 0 and reject policy make the intent explicit. Replace the nickname and contact address with your own values.

cat >/etc/tor/torrc <<'EOF'
Nickname uNodeRelayExample
ContactInfo relay-operator@example.com
ORPort 9001
ExitRelay 0
ExitPolicy reject *:*
SocksPort 0
Log notice file /var/log/tor/notices.log
RelayBandwidthRate 20 MBytes
RelayBandwidthBurst 40 MBytes
EOF

Step 3

Open the relay port

Allow SSH and the Tor ORPort through the local firewall. The VPS public IP is already reachable; there is no router port-forwarding step.

ufw allow OpenSSH
ufw allow 9001/tcp
ufw --force enable
systemctl restart tor
systemctl status tor --no-pager

Step 4

Tune bandwidth limits

RelayBandwidthRate is the long-term cap and RelayBandwidthBurst permits short bursts. Pick values that fit the plan's transfer allowance and your intent. A relay that runs out of transfer or causes constant saturation is less useful than one that contributes steadily.

tor --verify-config
journalctl -u tor -n 100 --no-pager

Step 5

Monitor with nyx

Run nyx locally over SSH to watch traffic and logs. It may take hours or days for a new relay to be measured and used meaningfully by the network. Do not judge success by the first few minutes.

nyx

Step 6

Understand AUP and legal notes

uNode permits Tor relays unrestricted. Tor exits are different because traffic exits to third-party destinations from your IP and can generate abuse complaints. Exit nodes require notifying support@unode.net first. Relays still need normal server hygiene: patch Debian, monitor logs, and keep contact information current.

Running a relay is legal in many jurisdictions, but you are responsible for understanding local requirements and the uNode AUP. Do not combine a relay with unrelated abusive services, scanning, spam, or malware infrastructure.

Step 7

Keep the relay maintained

Enable security updates or patch on a schedule. Check Tor notices after package upgrades. If you change bandwidth limits, restart Tor and verify the config. If the server is retired, shut it down cleanly rather than abandoning a stale relay.

apt install -y unattended-upgrades
systemctl enable --now unattended-upgrades
systemctl reload tor

What's next

Tor relay VPS use caseRead the AUPDebian 13 VPS hosting