I just want to share some quick bugfix with you (sorry if this is obvious to you or has been written somewhere else).
Suddenly, I got the following error messages on my two bridges running on Debian 11 appearing in the logs (in /var/log/tor/notices.log and in the nyx output) every second until a restart:
<timestamp> [warn] Managed proxy "/usr/bin/obfs4proxy" process terminated with status code 65280
<timestamp> [warn] Server managed proxy encountered a method error. (obfs4 listen tcp 0.0.0.0:443: bind: permission denied)
<timestamp> [warn] Managed proxy '/usr/bin/obfs4proxy' was spawned successfully, but it didn't launch any pluggable transport listeners!
When restarting the corresponding bridge, in the startup process the second and the third of the above warning messages again appeared in the logs. So obfs4 was suddenly not usable any more. Port 443 is not blocked in the bridge's firewalls.
A bit research reveled that apparently, an automatic update set the systemd setting "NoNewPrivileges=no" in /lib/systemd/system/tor@default.service and tor@.service [1] back to yes, which caused the above issue. After setting it back and restarting, everything works fine now and instead of the warning messages mentioned above, the following message appears in the log again:
<timestamp> [notice] Registered server transport 'obfs4' at '[::]:443'
(Several places recommend to set the obfs4 port to 443 to get around restrictive firewalls, so I didn't want to set it to something else).
A bit research reveled that apparently, an automatic update set the systemd setting "NoNewPrivileges=no" in /lib/systemd/system/tor@default.service and tor@.service [1] back to yes,
There's a better way to set `NoNewPrivileges=no` that will not get
overwritten in an upgrade. Use a systemd override:
systemctl edit tor@.service tor@default.service
Enter this text in both editors that appear:
[Service]
NoNewPrivileges=no
Then run
service tor restart
This will create files /etc/systemd/system/tor@.service.d/override.conf
and /etc/systemd/system/tor@default.service.d/override.conf that will
not be overwritten in an upgrade.
···
On Thu, Sep 07, 2023 at 02:12:36PM +0200, telekobold wrote:
I just want to share some quick bugfix with you (sorry if this is obvious to
you or has been written somewhere else).
Suddenly, I got the following error messages on my two bridges running on
Debian 11 appearing in the logs (in /var/log/tor/notices.log and in the nyx
output) every second until a restart:
<timestamp> [warn] Managed proxy "/usr/bin/obfs4proxy" process terminated
with status code 65280
<timestamp> [warn] Server managed proxy encountered a method error. (obfs4
listen tcp 0.0.0.0:443: bind: permission denied)
<timestamp> [warn] Managed proxy '/usr/bin/obfs4proxy' was spawned
successfully, but it didn't launch any pluggable transport listeners!
When restarting the corresponding bridge, in the startup process the second
and the third of the above warning messages again appeared in the logs. So
obfs4 was suddenly not usable any more. Port 443 is not blocked in the
bridge's firewalls.
A bit research reveled that apparently, an automatic update set the systemd
setting "NoNewPrivileges=no" in /lib/systemd/system/tor@default.service and
tor@.service [1] back to yes, which caused the above issue. After setting it
back and restarting, everything works fine now and instead of the warning
messages mentioned above, the following message appears in the log again:
<timestamp> [notice] Registered server transport 'obfs4' at '[::]:443'