This program is a server pluggable transport for Tor that accepts
incoming Extended ORPort (ExtORPort) connections and forwards them to
Tor's own ExtORPort. Why would you want to do that, rather than
arranging to have connections go directly to Tor's ExtORPort? Because
this program lets you run an ExtORPort with a static, unchanging
authentication cookie file, as opposed to Tor which re-randomizes the
cookie on every startup.

The intended use case is to permit an external server pluggable
transport process (i.e., one that was not started by Tor using
ServerTransportPlugin) to communicate with multiple instances of Tor
through a load balancer. Each instance of Tor generates its own
independent ExtORPort authentication cookie file, and so without
additional coordination, the server pluggable transport would not know
which cookie to use when communicating with the ExtORPort. Using this
program, you can generate a shared ExtORPort authentication cookie file
which the server pluggable transport can depend on to remain consistent.
This program accepts connections using the shared authentication cookie
and forwards and re-authenticates them to Tor using that Tor instance's
specific authentication cookie.


## Configuration

Generate an authentication cookie and place it where it can be read both
by the instances of extor-static-cookie started by Tor, and by the
external server pluggable transport process. You can use the included
Python script gen-auth-cookie to generate a cookie:

```
mkdir -m 755 /var/lib/extor-static-cookie
./gen-auth-cookie > /var/lib/extor-static-cookie/static_extended_orport_auth_cookie
```

Configure each instance of Tor's torrc file to run extor-static-cookie
as a server pluggable transport. Each instance needs to use a different
ServerTransportListenAddr.

```
ExtORPort auto
ServerTransportPlugin extor_static_cookie exec /usr/local/bin/extor-static-cookie /var/lib/extor-static-cookie/static_extended_orport_auth_cookie
ServerTransportListenAddr extor_static_cookie 127.0.0.1:10001
```

How you manage the external server pluggable transport is up to you. In
this example, you would start it in a way such that it communicates with
the ExtORPort at 127.0.0.1:10001 (or with a load balancer that
eventually forwards to there, along with other instances).


## References

[tor-relays] How to reduce tor CPU load on a single bridge?
https://lists.torproject.org/pipermail/tor-relays/2022-January/020183.html

Extended ORPort for pluggable transports
https://gitweb.torproject.org/torspec.git/tree/ext-orport-spec.txt
