install TOR on a centOS 7 server
Tor no longer recommends using their repo for CentoOS and to instead use epel repos. You'll just end up with a very old version out of their repos.
Instead do:
yum install epel-release
yum install tor
This will get you a current version of Tor managed by a repo. This is perfectly fine.
For CentOS, I have been self-compiling for a while. I have a hacky shell script I'm not yet willing to post here ;) but really it's just compiling Tor and OpenSSL. I'd still recommend using the epel-release since its more tested.
To try building Tor statically linked to OpenSSL yourself, grab a recent copy of OpenSSL (e.g. 1.1.1x), then grab the version of Tor you want to build (e.g. 0.4.1.6).
First you will need to install some prerequisites:
yum install -y \
gcc gcc-c++ \
zlib-devel \
perl-Module-Load-Conditional perl-Test-Harness \
libevent-devel \
libzstd-devel xz-devel \
libscrypt-devel libseccomp-devel
From OpenSSL source dir:
./config --prefix=/opt/openssl --openssldir=/opt/openssl \
-fPIC zlib-dynamic no-shared enable-ec_nistp_64_gcc_128
make
make test
make install
OpenSSL 1.1.1 note: Remove the no-shared
option when building OpenSSL, otherwise Tor configuration will fail with an error that it can't find a linkable OpenSSL even though it is being built statically. Tor will still link a static OpenSSL but it seems to require the shared libraries to work. This appears to be fixed in 1.1.1c and later.
This installs OpenSSL to /opt/openssl
so it doesn't interfere or replace the system's OpenSSL.
Then, build Tor:
./configure --prefix=/opt/tor-VERSION --sysconfdir=/etc --localstatedir=/var \
--enable-static-openssl --with-openssl-dir=/opt/openssl \
--with-tor-user=tor --with-tor-group=tor \
--enable-lzma --enable-zstd
make
make test
make install
unlink /usr/bin/tor && ln -s /opt/tor-VERSION/bin/tor /usr/bin/tor
The systemd service file I use is:
[Unit]
Description=Anonymizing overlay network for TCP
After=syslog.target network.target nss-lookup.target
[Service]
Type=forking
PidFile=/var/run/tor/tor.pid
NotifyAccess=all
ExecStartPre=/usr/bin/tor -f /etc/tor/torrc --verify-config
ExecStart=/usr/bin/tor -f /etc/tor/torrc --RunAsDaemon 1
ExecReload=/bin/kill -HUP ${MAINPID}
KillSignal=SIGINT
TimeoutStartSec=120
TimeoutStopSec=60
Restart=on-failure
LimitNOFILE=65536
# Hardening
PrivateTmp=yes
PrivateDevices=yes
ProtectHome=yes
ProtectSystem=full
ReadOnlyDirectories=/
ReadWriteDirectories=-/var/lib/tor
ReadWriteDirectories=-/var/log/tor
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_SETUID CAP_SETGID CAP_NET_BIND_SERVICE CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER
[Install]
WantedBy=multi-user.target
saf1
Updated on June 15, 2022Comments
-
saf1 almost 2 years
I have tried downloading TOR by following this article but I am getting 503 errors. So is there no other way to download TOR? Please can someone help me as I have to do a research project on it.
I am using a centOS server: CentOS Linux release 7.3.1611 (Core) but am getting the follwing errors,
[sam@xx etc]$ sudo yum install tor [sudo] password for sam: Loaded plugins: fastestmirror, langpacks base | 3.6 kB 00:00 extras | 3.4 kB 00:00 http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror. http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror. http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror. http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror. http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror. http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror. http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror. http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror. http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror. http://deb.torproject.org/torproject.org/rpm/el/7/x86_64/repodata/repomd.xml: [Errno 14] HTTP Error 503 - Service Unavailable Trying other mirror.
-
saf1 over 7 yearsi tried using the epel repos as you said but keep on getting the 503 error. Do you think it has something to do with me using the uni server to download it?
-
drew010 over 7 yearsYes its probably still trying to use Tor's. I'd remove that from your yum conf, or try
yum install tor --enablerepo epel-release
to force it to use the right one. -
michnovka over 5 yearsfor anybody trying to compile this with openssl 1.1.1 - I did not have luck. I went to 1.0.2o and worked well. I had tor 0.3.4.8
-
drew010 over 5 years@michnovka what errors did you get with openssl 1.1.1? I have working Tor builds with static 1.1.1 on centos 7 and Debian 8. You will need to remove the
no-shared
flag most likely as I found it doesn't work anymore without that. Tor won't seem to find it for some reason. This was written when 1.1.x meant "0" -
michnovka over 5 yearsproblem was .configure was unable to find "linkable" openssl, it would always default to (system) (provided I had openssl-devel installed). I did not try without no-shared flag though
-
drew010 over 5 yearsYep that's the same error I'd get with Tor and OpenSSL 1.1.1 using the config command above. Removing the
no-shared
option fixes the issue despite the--enable-static-openssl
compile option. And I can confirm it does statically link OpenSSL. Not sure if this is a bug with Tor compilation options, but it was an easy enough fix to build OpenSSL shared so I haven't filed any bug report or looked further into it. @michnovka