net/tor/files/torrc

   1 ## Configuration file for a typical Tor user
   2 ## Last updated 22 December 2007 for Tor 0.2.0.14-alpha.
   3 ## (May or may not work for much older or much newer versions of Tor.)
   4 ##
   5 ## Lines that begin with "## " try to explain what's going on. Lines
   6 ## that begin with just "#" are disabled commands: you can enable them
   7 ## by removing the "#" symbol.
   8 ##
   9 ## See the man page, or https://www.torproject.org/tor-manual-dev.html,
  10 ## for more options you can use in this file.
  11 ##
  12 ## Tor will look for this file in various places based on your platform:
  13 ## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc
  14
  15
  16 ## Replace this with "SocksPort 0" if you plan to run Tor only as a
  17 ## server, and not make any local application connections yourself.
  18 SocksPort 9050 # what port to open for local application connections
  19 SocksListenAddress 127.0.0.1 # accept connections only from localhost
  20 #SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also
  21
  22 ## Entry policies to allow/deny SOCKS requests based on IP address.
  23 ## First entry that matches wins. If no SocksPolicy is set, we accept
  24 ## all (and only) requests from SocksListenAddress.
  25 #SocksPolicy accept 192.168.0.0/16
  26 #SocksPolicy reject *
  27
  28 ## Logs go to stdout at level "notice" unless redirected by something
  29 ## else, like one of the below lines. You can have as many Log lines as
  30 ## you want.
  31 ##
  32 ## We advise using "notice" in most cases, since anything more verbose
  33 ## may provide sensitive information to an attacker who obtains the logs.
  34 ##
  35 ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
  36 #Log notice file /var/log/tor/notices.log
  37 ## Send every possible message to /var/log/tor/debug.log
  38 #Log debug file /var/log/tor/debug.log
  39 ## Use the system log instead of Tor's logfiles
  40 #Log notice syslog
  41 ## To send all messages to stderr:
  42 #Log debug stderr
  43
  44 ## Uncomment this to start the process in the background... or use
  45 ## --runasdaemon 1 on the command line. This is ignored on Windows;
  46 ## see the FAQ entry if you want Tor to run as an NT service.
  47 RunAsDaemon 1
  48
  49 ## The directory for keeping all the keys/etc. By default, we store
  50 ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
  51 DataDirectory /var/lib/tor
  52
  53 ## The port on which Tor will listen for local connections from Tor
  54 ## controller applications, as documented in control-spec.txt.
  55 #ControlPort 9051
  56
  57 ############### This section is just for location-hidden services ###
  58
  59 ## Once you have configured a hidden service, you can look at the
  60 ## contents of the file ".../hidden_service/hostname" for the address
  61 ## to tell people.
  62 ##
  63 ## HiddenServicePort x y:z says to redirect requests on port x to the
  64 ## address y:z.
  65
  66 #HiddenServiceDir /var/lib/tor/hidden_service/
  67 #HiddenServicePort 80 127.0.0.1:80
  68
  69 #HiddenServiceDir /var/lib/tor/other_hidden_service/
  70 #HiddenServicePort 80 127.0.0.1:80
  71 #HiddenServicePort 22 127.0.0.1:22
  72
  73 ################ This section is just for relays #####################
  74 #
  75 ## See https://www.torproject.org/docs/tor-doc-relay for details.
  76
  77 ## A unique handle for your server.
  78 #Nickname ididnteditheconfig
  79
  80 ## The IP or FQDN for your server. Leave commented out and Tor will guess.
  81 #Address noname.example.com
  82
  83 ## Define these to limit the bandwidth usage of relayed (server)
  84 ## traffic. Your own traffic is still unthrottled.
  85 ## Note that RelayBandwidthRate must be at least 20 KB.
  86 #RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)
  87 #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)
  88
  89 ## Contact info to be published in the directory, so we can contact you
  90 ## if your server is misconfigured or something else goes wrong.
  91 #ContactInfo Random Person <nobody AT example dot com>
  92 ## You might also include your PGP or GPG fingerprint if you have one:
  93 #ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>
  94
  95 ## Required: what port to advertise for Tor connections.
  96 #ORPort 9001
  97 ## If you need to listen on a port other than the one advertised
  98 ## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the
  99 ## line below too. You'll need to do ipchains or other port forwarding
 100 ## yourself to make this work.
 101 #ORListenAddress 0.0.0.0:9090
 102
 103 ## Uncomment this to mirror directory information for others. Please do
 104 ## if you have enough bandwidth.
 105 #DirPort 9030 # what port to advertise for directory connections
 106 ## If you need to listen on a port other than the one advertised
 107 ## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line
 108 ## below too. You'll need to do ipchains or other port forwarding yourself
 109 ## to make this work.
 110 #DirListenAddress 0.0.0.0:9091
 111
 112 ## Uncomment this if you run more than one Tor server, and add the
 113 ## nickname of each Tor server you control, even if they're on different
 114 ## networks. You declare it here so Tor clients can avoid using more than
 115 ## one of your servers in a single circuit. See
 116 ## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers
 117 #MyFamily nickname1,nickname2,...
 118
 119 ## A comma-separated list of exit policies. They're considered first
 120 ## to last, and the first match wins. If you want to _replace_
 121 ## the default exit policy, end this with either a reject *:* or an
 122 ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
 123 ## default exit policy. Leave commented to just use the default, which is
 124 ## available in the man page or at https://www.torproject.org/documentation.html
 125 ##
 126 ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
 127 ## for issues you might encounter if you use the default exit policy.
 128 ##
 129 ## If certain IPs and ports are blocked externally, e.g. by your firewall,
 130 ## you should update your exit policy to reflect this -- otherwise Tor
 131 ## users will be told that those destinations are down.
 132 ##
 133 #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
 134 #ExitPolicy accept *:119 # accept nntp as well as default exit policy
 135 #ExitPolicy reject *:* # no exits allowed
 136 #
 137 ################ This section is just for bridge relays ##############
 138 #
 139 ## Bridge relays (or "bridges" ) are Tor relays that aren't listed in the
 140 ## main directory. Since there is no complete public list of them, even if an
 141 ## ISP is filtering connections to all the known Tor relays, they probably
 142 ## won't be able to block all the bridges. Unlike running an exit relay,
 143 ## running a bridge relay just passes data to and from the Tor network --
 144 ## so it shouldn't expose the operator to abuse complaints.
 145
 146 #ORPort 443
 147 #BridgeRelay 1
 148 #RelayBandwidthRate 50KBytes
 149 #ExitPolicy reject *:*
 150
 151 User tor
 152 Group tor
 153 PidFile /var/run/tor.pid