Permalink
Cannot retrieve contributors at this time
Fetching contributors…
Cannot retrieve contributors at this time
| ## Configuration file for a typical Tor user | |
| ## Last updated 12 April 2009 for Tor 0.2.1.14-rc. | |
| ## (May or may not work for much older or much newer versions of Tor.) | |
| ## | |
| ## Lines that begin with "## " try to explain what's going on. Lines | |
| ## that begin with just "#" are disabled commands: you can enable them | |
| ## by removing the "#" symbol. | |
| ## | |
| ## See 'man tor', or https://www.torproject.org/tor-manual.html, | |
| ## for more options you can use in this file. | |
| ## | |
| ## Tor will look for this file in various places based on your platform: | |
| ## https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#torrc | |
| ## Replace this with "SocksPort 0" if you plan to run Tor only as a | |
| ## relay, and not make any local application connections yourself. | |
| SocksPort 0 | |
| #SocksPort 9050 # what port to open for local application connections | |
| #SocksListenAddress 127.0.0.1 # accept connections only from localhost | |
| #SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also | |
| ## Entry policies to allow/deny SOCKS requests based on IP address. | |
| ## First entry that matches wins. If no SocksPolicy is set, we accept | |
| ## all (and only) requests from SocksListenAddress. | |
| #SocksPolicy accept 192.168.0.0/16 | |
| #SocksPolicy reject * | |
| ## Logs go to stdout at level "notice" unless redirected by something | |
| ## else, like one of the below lines. You can have as many Log lines as | |
| ## you want. | |
| ## | |
| ## We advise using "notice" in most cases, since anything more verbose | |
| ## may provide sensitive information to an attacker who obtains the logs. | |
| ## | |
| ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log | |
| #Log notice file /var/log/tor/notices.log | |
| ## Send every possible message to /var/log/tor/debug.log | |
| #Log debug file /var/log/tor/debug.log | |
| ## Use the system log instead of Tor's logfiles | |
| #Log notice syslog | |
| ## To send all messages to stderr: | |
| #Log debug stderr | |
| ## Uncomment this to start the process in the background... or use | |
| ## --runasdaemon 1 on the command line. This is ignored on Windows; | |
| ## see the FAQ entry if you want Tor to run as an NT service. | |
| #RunAsDaemon 1 | |
| ## The directory for keeping all the keys/etc. By default, we store | |
| ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. | |
| #DataDirectory /var/lib/tor | |
| ## The port on which Tor will listen for local connections from Tor | |
| ## controller applications, as documented in control-spec.txt. | |
| ControlPort 9051 | |
| ## If you enable the controlport, be sure to enable one of these | |
| ## authentication methods, to prevent attackers from accessing it. | |
| #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C | |
| CookieAuthentication 1 | |
| ############### This section is just for location-hidden services ### | |
| ## Once you have configured a hidden service, you can look at the | |
| ## contents of the file ".../hidden_service/hostname" for the address | |
| ## to tell people. | |
| ## | |
| ## HiddenServicePort x y:z says to redirect requests on port x to the | |
| ## address y:z. | |
| #HiddenServiceDir /var/lib/tor/hidden_service/ | |
| #HiddenServicePort 80 127.0.0.1:80 | |
| #HiddenServiceDir /var/lib/tor/other_hidden_service/ | |
| #HiddenServicePort 80 127.0.0.1:80 | |
| #HiddenServicePort 22 127.0.0.1:22 | |
| ################ This section is just for relays ##################### | |
| # | |
| ## See https://www.torproject.org/docs/tor-doc-relay for details. | |
| ## Required: what port to advertise for incoming Tor connections. | |
| ORPort 9001 | |
| ## If you want to listen on a port other than the one advertised | |
| ## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the | |
| ## line below too. You'll need to do ipchains or other port forwarding | |
| ## yourself to make this work. | |
| #ORListenAddress 0.0.0.0:9090 | |
| ## A handle for your relay, so people don't have to refer to it by key. | |
| Nickname vee | |
| ## The IP address or full DNS name for your relay. Leave commented out | |
| ## and Tor will guess. | |
| #Address noname.example.com | |
| ## Define these to limit how much relayed traffic you will allow. Your | |
| ## own traffic is still unthrottled. Note that RelayBandwidthRate must | |
| ## be at least 20 KBytes. | |
| RelayBandwidthRate 500 KBytes | |
| RelayBandwidthBurst 1000 KBytes | |
| # Don't suck up all our bandwidth. Note that the total bandwidth tor | |
| # might use will be ~ AccountingMax * 2. See torrc(5) | |
| AccountingStart day 02:00 | |
| AccountingMax 1 GB | |
| ## Contact info to be published in the directory, so we can contact you | |
| ## if your relay is misconfigured or something else goes wrong. Google | |
| ## indexes this, so spammers might also collect it. | |
| ContactInfo v.nix.is tor <tor@v.nix.is> | |
| ## You might also include your PGP or GPG fingerprint if you have one: | |
| #ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com> | |
| ## Uncomment this to mirror directory information for others. Please do | |
| ## if you have enough bandwidth. | |
| #DirPort 9030 # what port to advertise for directory connections | |
| ## If you want to listen on a port other than the one advertised | |
| ## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line | |
| ## below too. You'll need to do ipchains or other port forwarding yourself | |
| ## to make this work. | |
| #DirListenAddress 0.0.0.0:9091 | |
| ## Uncomment to return an arbitrary blob of html on your DirPort. Now you | |
| ## can explain what Tor is if anybody wonders why your IP address is | |
| ## contacting them. See contrib/tor-exit-notice.html for a sample. | |
| #DirPortFrontPage /etc/tor/exit-notice.html | |
| ## Uncomment this if you run more than one Tor relay, and add the identity | |
| ## key fingerprint of each Tor relay you control, even if they're on | |
| ## different networks. You declare it here so Tor clients can avoid | |
| ## using more than one of your relays in a single circuit. See | |
| ## https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#MultipleServers | |
| #MyFamily $keyid,$keyid,... | |
| ## A comma-separated list of exit policies. They're considered first | |
| ## to last, and the first match wins. If you want to _replace_ | |
| ## the default exit policy, end this with either a reject *:* or an | |
| ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the | |
| ## default exit policy. Leave commented to just use the default, which is | |
| ## described in the man page or at | |
| ## https://www.torproject.org/documentation.html | |
| ## | |
| ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses | |
| ## for issues you might encounter if you use the default exit policy. | |
| ## | |
| ## If certain IPs and ports are blocked externally, e.g. by your firewall, | |
| ## you should update your exit policy to reflect this -- otherwise Tor | |
| ## users will be told that those destinations are down. | |
| ## | |
| #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more | |
| #ExitPolicy accept *:119 # accept nntp as well as default exit policy | |
| ExitPolicy reject *:* # no exits allowed | |
| # | |
| ## Bridge relays (or "bridges") are Tor relays that aren't listed in the | |
| ## main directory. Since there is no complete public list of them, even if an | |
| ## ISP is filtering connections to all the known Tor relays, they probably | |
| ## won't be able to block all the bridges. Also, websites won't treat you | |
| ## differently because they won't know you're running Tor. If you can | |
| ## be a real relay, please do; but if not, be a bridge! | |
| #BridgeRelay 1 | |
| #ExitPolicy reject *:* | |
| # How many processes to use at once for decrypting onionskins. (Default: 1) | |
| NumCPUs 4 |