#################################################################### ## This config file is divided into four sections. They are: ## 1. Global Options (clients and servers) ## 2. Client Options Only ## 3. Server Options Only ## 4. Directory Server Options (for running your own Tor network) ## 5. Hidden Service Options (clients and servers) ## ## The conventions used are: ## double hash (##) is for summary text about the config option; ## single hash (#) is for the config option; and, ## the config option is always after the text. #################################################################### ## Section 1: Global Options (clients and servers) ## A token bucket limits the average incoming bandwidth on this node ## to the specified number of bytes per second. (Default: 2MB) #BandwidthRate N bytes|KB|MB|GB|TB ## Limit the maximum token bucket size (also known as the burst) to ## the given number of bytes. (Default: 5 MB) #BandwidthBurst N bytes|KB|MB|GB|TB ## If set, we will not advertise more than this amount of bandwidth ## for our BandwidthRate. Server operators who want to reduce the ## number of clients who ask to build circuits through them (since ## this is proportional to advertised bandwidth rate) can thus ## reduce the CPU demands on their server without impacting ## network performance. #MaxAdvertisedBandwidth N bytes|KB|MB|GB|TB ## If set, Tor will accept connections from the same machine ## (localhost only) on this port, and allow those connections to ## control the Tor process using the Tor Control Protocol ## (described in control-spec.txt). Note: unless you also specify ## one of HashedControlPassword or CookieAuthentication, setting ## this option will cause Tor to allow any process on the local ## host to control it. #ControlPort Port ## Don’t allow any connections on the control port except when the ## other process knows the password whose one-way hash is ## hashed_password. You can compute the hash of a password by ## running "tor --hash-password password". #HashedControlPassword hashed_password ## If this option is set to 1, don’t allow any connections on the ## control port except when the connecting process knows the ## contents of a file named "control_auth_cookie", which Tor will ## create in its data directory. This authentication method ## should only be used on systems with good filesystem security. ## (Default: 0) #CookieAuthentication 0|1 ## Store working data in DIR (Default: /usr/local/var/lib/tor) #DataDirectory DIR ## Every time the specified period elapses, Tor downloads a direc- ## tory. A directory contains a signed list of all known servers ## as well as their current liveness status. A value of "0 sec- ## onds" tells Tor to choose an appropriate default. ## (Default: 1 hour for clients, 20 minutes for servers) #DirFetchPeriod N seconds|minutes|hours|days|weeks ## Tor only trusts directories signed with one of these keys, and ## uses the given addresses to connect to the trusted directory ## servers. If no DirServer lines are specified, Tor uses the built-in ## defaults (moria1, moria2, tor26), so you can leave this alone unless ## you need to change it. ## ## WARNING! Changing these options will make your Tor behave ## differently from everyone else's, and hurt your anonymity. Even ## uncommenting these lines is a bad idea. They are the defaults now, ## but the defaults may change in the future, leaving you behind. ## #DirServer moria1 v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441 #DirServer moria2 v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF #DirServer tor26 v1 86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D ## Attempt to lock current and future memory pages and effectively disable swap # DisableAllSwap 0|1 ## On startup, setgid to this user. #Group GID ## Tor will make all its directory requests through this host:port ## (or host:80 if port is not specified), rather than connecting ## directly to any directory servers. #HttpProxy host[:port] ## If defined, Tor will use this username:password for Basic Http ## proxy authentication, as in RFC 2617. This is currently the ## only form of Http proxy authentication that Tor supports; feel ## free to submit a patch if you want it to support others. #HttpProxyAuthenticator username:password ## Tor will make all its OR (SSL) connections through this ## host:port (or host:443 if port is not specified), via HTTP CON- ## NECT rather than connecting directly to servers. You may want ## to set FascistFirewall to restrict the set of ports you might ## try to connect to, if your Https proxy only allows connecting ## to certain ports. #HttpsProxy host[:port] ## If defined, Tor will use this username:password for Basic Https ## proxy authentication, as in RFC 2617. This is currently the ## only form of Https proxy authentication that Tor supports; feel ## free to submit a patch if you want it to support others. #HttpsProxyAuthenticator username:password ## To keep firewalls from expiring connections, send a padding ## keepalive cell every NUM seconds on open connections that are ## in use. If the connection has no open circuits, it will instead ## be closed after NUM seconds of idleness. (Default: 5 minutes) #KeepalivePeriod NUM ## Send all messages between minSeverity and maxSeverity to the ## standard output stream, the standard error stream, or to the ## system log. (The "syslog" value is only supported on Unix.) ## Recognized severity levels are debug, info, notice, warn, and ## err. If only one severity level is given, all messages of that ## level or higher will be sent to the listed destination. #Log minSeverity[-maxSeverity] stderr|stdout|syslog ## As above, but send log messages to the listed filename. The ## "Log" option may appear more than once in a configuration file. ## Messages are sent to all the logs that match their severity ## level. #Log minSeverity[-maxSeverity] file FILENAME ## Maximum number of simultaneous sockets allowed. You probably ## don’t need to adjust this. (Default: 1024) #MaxConn NUM ## Make all outbound connections originate from the IP address ## specified. This is only useful when you have multiple network ## interfaces, and you want all of Tor’s outgoing connections to ## use a single one. #OutboundBindAddress IP ## On startup, write our PID to FILE. On clean shutdown, remove ## FILE. #PIDFile FILE ## If 1, Tor forks and daemonizes to the background. (Default: 0) #RunAsDaemon 0|1 ## If 1, Tor replaces potentially sensitive strings in the logs ## (e.g. addresses) with the string [scrubbed]. This way logs can ## still be useful, but they don’t leave behind personally identi- ## fying information about what sites a user might have visited. ## (Default: 1) #SafeLogging 0|1 ## Every time the specified period elapses, Tor downloads signed ## status information about the current state of known servers. A ## value of "0 seconds" tells Tor to choose an appropriate ## default. (Default: 30 minutes for clients, 15 minutes for ## servers) #StatusFetchPeriod N seconds|minutes|hours|days|weeks ## On startup, setuid to this user. #User UID ## If non-zero, try to use crypto hardware acceleration when ## available. (Default: 1) #HardwareAccel 0|1 ## Section 2: Client Options Only ## Where on our circuits should we allow Tor servers that the ## directory servers haven’t authenticated as "verified"? ## (Default: middle,rendezvous) #AllowUnverifiedNodes entry|exit|middle|introduction|rendezvous|... ## If set to 1, Tor will under no circumstances run as a server. ## The default is to run as a client unless ORPort is configured. ## (Usually, you don’t need to set this; Tor is pretty smart at ## figuring out whether you are reliable and high-bandwidth enough ## to be a useful server.) ## This option will likely be deprecated in the future; see the ## NoPublish option below. (Default: 0) #ClientOnly 0|1 ## A list of preferred nodes to use for the first hop in the ## circuit, if possible. #EntryNodes nickname,nickname,... ## A list of preferred nodes to use for the last hop in the ## circuit, if possible. #ExitNodes nickname,nickname,... ## A list of nodes to never use when building a circuit. #ExcludeNodes nickname,nickname,... ## If 1, Tor will never use any nodes besides those listed in ## "exitnodes" for the last hop of a circuit. #StrictExitNodes 0|1 ## If 1, Tor will never use any nodes besides those listed in ## "entrynodes" for the first hop of a circuit. #StrictEntryNodes 0|1 ## If 1, Tor will only create outgoing connections to ORs running ## on ports that your firewall allows (defaults to 80 and 443; see ## FirewallPorts). This will allow you to run Tor as a client ## behind a firewall with restrictive policies, but will not allow ## you to run as a server behind such a firewall. #FascistFirewall 0|1 ## A list of ports that your firewall allows you to connect to. ## Only used when FascistFirewall is set. (Default: 80, 443) #FirewallPorts PORTS ## A comma-separated list of IPs that your firewall allows you to ## connect to. Only used when FascistFirewall is set. The format ## is as for the addresses in ExitPolicy. ## For example, ’FirewallIPs 99.0.0.0/8, *:80’ means that your ## firewall allows connections to everything inside net 99, and ## to port 80 outside. #FirewallIPs ADDR[/MASK][:PORT]... ## A list of ports for services that tend to have long-running ## connections (e.g. chat and interactive shells). Circuits for ## streams that use these ports will contain only high-uptime ## nodes, to reduce the chance that a node will go down before the ## stream is finished. (Default: 21, 22, 706, 1863, 5050, 5190, ## 5222, 5223, 6667, 8300, 8888) #LongLivedPorts PORTS ## When a request for address arrives to Tor, it will rewrite it ## to newaddress before processing it. For example, if you always ## want connections to www.indymedia.org to exit via torserver ## (where torserver is the nickname of the server), ## use "MapAddress www.indymedia.org www.indymedia.org.torserver.exit". #MapAddress address newaddress ## Every NUM seconds consider whether to build a new circuit. ## (Default: 30 seconds) #NewCircuitPeriod NUM ## Feel free to reuse a circuit that was first used at most NUM ## seconds ago, but never attach a new stream to a circuit that is ## too old. (Default: 10 minutes) #MaxCircuitDirtiness NUM ## The named Tor servers constitute a "family" of similar or co- ## administered servers, so never use any two of them in the same ## circuit. Defining a NodeFamily is only needed when a server ## doesn’t list the family itself (with MyFamily). This option can ## be used multiple times. #NodeFamily nickname,nickname,... ## A list of preferred nodes to use for the rendezvous point, if ## possible. #RendNodes nickname,nickname,... ## A list of nodes to never use when choosing a rendezvous point. #RendExcludeNodes nickname,nickname,... ## Advertise this port to listen for connections from SOCKS-speak- ## ing applications. Set this to 0 if you don’t want to allow ## application connections. (Default: 9050) #SOCKSPort PORT ## Bind to this address to listen for connections from SOCKS- ## speaking applications. (Default: 127.0.0.1) You can also spec- ## ify a port (e.g. 192.168.0.1:9100). This directive can be spec- ## ified multiple times to bind to multiple addresses/ports. #SOCKSBindAddress IP[:PORT] ## Set an entrance policy for this server, to limit who can con- ## nect to the SOCKS ports. The policies have the same form as ## exit policies below. #SOCKSPolicy policy,policy,... ## For each value in the comma separated list, Tor will track ## recent connections to hosts that match this value and attempt ## to reuse the same exit node for each. If the value is prepended ## with a ’.’, it is treated as matching an entire domain. If one ## of the values is just a ’.’, it means match everything. This ## option is useful if you frequently connect to sites that will ## expire all your authentication cookies (ie log you out) if your ## IP address changes. Note that this option does have the disad- ## vantage of making it more clear that a given history is associ- ## ated with a single user. However, most people who would wish to ## observe this will observe it through cookies or other protocol- ## specific means anyhow. #TrackHostExits host,.domain,... ## Since exit servers go up and down, it is desirable to expire ## the association between host and exit server after NUM seconds. ## The default is 1800 seconds (30 minutes). #TrackHostExitsExpire NUM ## If this option is set to 1, we pick a few entry servers as our ## "helpers", and try to use only those fixed entry servers. This ## is desirable, because constantly changing servers increases the ## odds that an adversary who owns some servers will observe a ## fraction of your paths. (Defaults to 0; will eventually ## default to 1.) #UseHelperNodes 0|1 ## If UseHelperNodes is set to 1, we will try to pick a total of ## NUM helper nodes as entries for our circuits. (Defaults to 3.) #NumHelperNodes NUM ## Section 3: Server Options Only ## The IP or fqdn of this server (e.g. moria.mit.edu). You can ## leave this unset, and Tor will guess your IP. #Address address ## Administrative contact information for server. #ContactInfo email_address ## Set an exit policy for this server. Each policy is of the form ## "accept|reject ADDR[/MASK][:PORT]". If /MASK is omitted then ## this policy just applies to the host given. Instead of giving ## a host or network you can also use "*" to denote the universe ## (0.0.0.0/0). PORT can be a single port number, an interval of ## ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that ## means "*". ## ## For example, "reject 127.0.0.1:*,reject 192.168.1.0/24:*,accept ## *:*" would reject any traffic destined for localhost and any ## 192.168.1.* address, but accept anything else. ## ## This directive can be specified multiple times so you don’t ## have to put it all on one line. ## ## See RFC 3330 for more details about internal and reserved IP ## address space. Policies are considered first to last, and the ## first match wins. If you want to _replace_ the default exit ## policy, end your exit policy with either a reject *:* or an ## accept *:*. Otherwise, you’re _augmenting_ (prepending to) the ## default exit policy. The default exit policy is: ## reject 0.0.0.0/8 ## reject 169.254.0.0/16 ## reject 127.0.0.0/8 ## reject 192.168.0.0/16 ## reject 10.0.0.0/8 ## reject 172.16.0.0/12 ## reject *:25 ## reject *:119 ## reject *:135-139 ## reject *:445 ## reject *:1214 ## reject *:4661-4666 ## reject *:6346-6429 ## reject *:6699 ## reject *:6881-6999 ## accept *:* #ExitPolicy policy,policy,... ## If you have more than this number of onionskins queued for ## decrypt, reject new ones. (Default: 100) #MaxOnionsPending NUM ## Declare that this Tor server is controlled or administered by a ## group or organization identical or similar to that of the other ## named servers. When two servers both declare that they are in ## the same ’family’, Tor clients will not use them in the same ## circuit. (Each server only needs to list the other servers in ## its family; it doesn’t need to list itself, but it won’t hurt.) #MyFamily nickname,nickname,... ## Set the server’s nickname to ’name’. #Nickname name ## If you set NoPublish 1, Tor will act as a server if you have an ## ORPort defined, but it will not publish its descriptor to the ## dirservers. This option is useful if you're testing out your ## server, or if you're using alternate dirservers (e.g. for other ## Tor networks such as Blossom). (Default: 0) #NoPublish 0|1 ## How many processes to use at once for decrypting onionskins. ## (Default: 1) #NumCPUs num ## Advertise this port to listen for connections from Tor clients ## and servers. #ORPort PORT ## Bind to this IP address to listen for connections from Tor ## clients and servers. If you specify a port, bind to this port ## rather than the one specified in ORPort. (Default: 0.0.0.0) #ORBindAddress IP[:PORT] ## Whenever an outgoing connection tries to connect to one of a ## given set of addresses, connect to target (an address:port ## pair) instead. The address pattern is given in the same format ## as for an exit policy. The address translation applies after ## exit policies are applied. Multiple RedirectExit options can ## be used: once any one has matched successfully, no subsequent ## rules are considered. You can specify that no redirection is ## to be performed on a given set of addresses by using the spe- ## cial target string "pass", which prevents subsequent rules from ## being considered. #RedirectExit pattern target ## When we get a SIGINT and we're a server, we begin shutting ## down: we close listeners and start refusing new circuits. After ## NUM seconds, we exit. If we get a second SIGINT, we exit imme- ## diately. (Default: 30 seconds) #ShutdownWaitLengthNUM ## Every time the specified period elapses, Tor uploads its server ## descriptors to the directory servers. This information is also ## uploaded whenever it changes. (Default: 20 minutes) #DirPostPeriod N seconds|minutes|hours|days|weeks ## A token bucket limits the average relayed bandwidth (server ## traffic only, not client traffic) on this node to the specified ## number of bytes per second. #RelayBandwidthRate N bytes|KB|MB|GB|TB ## Limit the maximum token bucket size (also known as the burst) for ## relayed traffic (server traffic only, not client traffic) to the ## given number of bytes. #RelayBandwidthBurst N bytes|KB|MB|GB|TB ## Never send more than the specified number of bytes in a given ## accounting period, or receive more than that number in the ## period. For example, with AccountingMax set to 1 GB, a server ## could send 900 MB and receive 800 MB and continue running. It ## will only hibernate once one of the two reaches 1 GB. When the ## number of bytes is exhausted, Tor will hibernate until some ## time in the next accounting period. To prevent all servers ## from waking at the same time, Tor will also wait until a random ## point in each period before waking up. If you have bandwidth ## cost issues, enabling hibernation is preferable to setting a ## low bandwidth, since it provides users with a collection of ## fast servers that are up some of the time, which is more useful ## than a set of slow servers that are always "available". #AccountingMax N bytes|KB|MB|GB|TB ## Specify how long accounting periods last. If month is given, ## each accounting period runs from the time HH:MM on the dayth ## day of one month to the same day and time of the next. (The ## day must be between 1 and 28.) If week is given, each account- ## ing period runs from the time HH:MM of the dayth day of one ## week to the same day and time of the next week, with Monday as ## day 1 and Sunday as day 7. If day is given, each accounting ## period runs from the time HH:MM each day to the same time on ## the next day. All times are local, and given in 24-hour time. ## (Defaults to "month 1 0:00".) #AccountingStart day|week|month [day] HH:MM ## Section 4: Directory Server Options (for running your own Tor ## network) ## When this option is set to 1, Tor operates as an authoritative ## directory server. Instead of caching the directory, it gener- ## ates its own list of good servers, signs it, and sends that to ## the clients. Unless the clients already have you listed as a ## trusted directory, you probably do not want to set this option. ## Please coordinate with the other admins at ## tor-ops@freehaven.net if you think you should be a directory. #AuthoritativeDirectory 0|1 ## Advertise the directory service on this port. #DirPort PORT ## Bind the directory service to this address. If you specify a ## port, bind to this port rather than the one specified in DirPort. ## (Default: 0.0.0.0) #DirBindAddress IP[:PORT] ## Set an entrance policy for this server, to limit who can con- ## nect to the directory ports. The policies have the same form ## as exit policies above. #DirPolicy policy,policy,... ## STRING is a command-separated list of Tor versions currently ## believed to be safe. The list is included in each directory, ## and nodes which pull down the directory learn whether they need ## to upgrade. This option can appear multiple times: the values ## from multiple lines are spliced together. #RecommendedVersions STRING ## If set to 1, Tor will accept router descriptors with arbitrary ## "Address" elements. Otherwise, if the address is not an IP or ## is a private IP, it will reject the router descriptor. Defaults ## to 0. #DirAllowPrivateAddresses 0|1 ## If set to 1, Tor tries to build circuits through all of the ## servers it knows about, so it can tell which are up and which ## are down. This option is only useful for authoritative direc- ## tories, so you probably don't want to use it. #RunTesting 0|1 ## Section 5: Hidden Service Options (clients and servers) ## Store data files for a hidden service in DIRECTORY. Every hid- ## den service must have a separate directory. You may use this ## option multiple times to specify multiple services. #HiddenServiceDir DIRECTORY ## Configure a virtual port VIRTPORT for a hidden service. You ## may use this option multiple times; each time applies to the ## service using the most recent hiddenservicedir. By default, ## this option maps the virtual port to the same port on ## 127.0.0.1. You may override the target port, address, or both ## by specifying a target of addr, port, or addr:port. #HiddenServicePort VIRTPORT [TARGET] ## If possible, use the specified nodes as introduction points for ## the hidden service. If this is left unset, Tor will be smart ## and pick some reasonable ones; most people can leave this unset. #HiddenServiceNodes nickname,nickname,... ## Do not use the specified nodes as introduction points for the ## hidden service. In normal use there is no reason to set this. #HiddenServiceExcludeNodes nickname,nickname,... ## Publish the given rendezvous service descriptor versions for the ## hidden service. #HiddenServiceVersion 0,2 ## Every time the specified period elapses, Tor uploads any ren- ## dezvous service descriptors to the directory servers. This ## information is also uploaded whenever it changes. ## (Default: 1 hour) #RendPostPeriod N seconds|minutes|hours|days|weeks #