Run a Tor Exit on an Anubiz Romania VPS Without Getting Suspended

Tor exits attract abuse complaints. On Anubiz Host the Romania line tolerates exits provided you publish a contact, run the reduced exit policy and rate-limit. Pick at least the Mini-V plan for bandwidth headroom; the smaller mass tiers do not have the egress budget. The credential you receive in the panel is the initial root password from the cloud image - rotate it before you do anything else.

SSH in on the port and IP from your panel. Add a non-root user with sudo, push your key, then disable password and root login in /etc/ssh/sshd_config.d/99-anubiz.conf: PermitRootLogin no, PasswordAuthentication no, KbdInteractiveAuthentication no. The cloud image ships a drop-in that allows key-only root, so your override must come later alphabetically. Run sshd -t then systemctl reload ssh. Enable unattended-upgrades for security only: apt install unattended-upgrades and keep the default Unattended-Upgrade::Origins-Pattern.

Add the official Tor Project repo (do not use the Ubuntu package, it lags). After install, edit /etc/tor/torrc: set ORPort 443, DirPort 80 if you want directory traffic, ExitRelay 1, IPv6Exit 1, ReducedExitPolicy 1, Nickname anubizRO<n>, ContactInfo abuse@yourdomain, MyFamily if you run more than one. Set RelayBandwidthRate 20 MBytes and RelayBandwidthBurst 30 MBytes to stay inside the plan allowance. Reload tor and watch journalctl -u tor -f for Bootstrapped 100%.

Drop everything except SSH, ORPort, DirPort and outbound. Put this in /etc/nftables.conf as the inet filter table: accept established, accept lo, accept tcp dport { 22, 80, 443 }, accept icmp echo, drop everything else inbound. Outbound stays accept so the relay can talk to the network. systemctl enable --now nftables. Verify with nft list ruleset.

Point a small nginx on port 80 (a different IP or a path) to the official Tor exit notice HTML so abuse handlers and Romanian ISPs see who you are before they ticket us. Set DirPortFrontPage /var/lib/tor/tor-exit-notice.html in torrc. Without this page abuse complaints land in our queue and we may rate-limit or migrate you.