2 # Last updated on $Date$
3 ####################################################################
4 ## This config file is divided into four sections. They are:
5 ## 1. Global Options (clients and servers)
6 ## 2. Client Options Only
7 ## 3. Server Options Only
8 ## 4. Directory Server Options (for running your own Tor network)
9 ## 5. Hidden Service Options (clients and servers)
11 ## The conventions used are:
12 ## double hash (##) is for summary text about the config option;
13 ## single hash (#) is for the config option; and,
14 ## the config option is always after the text.
15 ####################################################################
18 ## Section 1: Global Options (clients and servers)
20 ## A token bucket limits the average incoming bandwidth on this node
21 ## to the specified number of bytes per second. (Default: 2MB)
22 #BandwidthRate N bytes|KB|MB|GB|TB
24 ## Limit the maximum token bucket size (also known as the burst) to
25 ## the given number of bytes. (Default: 5 MB)
26 #BandwidthBurst N bytes|KB|MB|GB|TB
28 ## If set, we will not advertise more than this amount of bandwidth
29 ## for our BandwidthRate. Server operators who want to reduce the
30 ## number of clients who ask to build circuits through them (since
31 ## this is proportional to advertised bandwidth rate) can thus
32 ## reduce the CPU demands on their server without impacting
33 ## network performance.
34 #MaxAdvertisedBandwidth N bytes|KB|MB|GB|TB
36 ## If set, Tor will accept connections from the same machine
37 ## (localhost only) on this port, and allow those connections to
38 ## control the Tor process using the Tor Control Protocol
39 ## (described in control-spec.txt). Note: unless you also specify
40 ## one of HashedControlPassword or CookieAuthentication, setting
41 ## this option will cause Tor to allow any process on the local
42 ## host to control it.
45 ## Don’t allow any connections on the control port except when the
46 ## other process knows the password whose one-way hash is
47 ## hashed_password. You can compute the hash of a password by
48 ## running "tor --hash-password password".
49 #HashedControlPassword hashed_password
51 ## If this option is set to 1, don’t allow any connections on the
52 ## control port except when the connecting process knows the
53 ## contents of a file named "control_auth_cookie", which Tor will
54 ## create in its data directory. This authentication method
55 ## should only be used on systems with good filesystem security.
57 #CookieAuthentication 0|1
59 ## Store working data in DIR (Default: /usr/local/var/lib/tor)
62 ## Every time the specified period elapses, Tor downloads a direc-
63 ## tory. A directory contains a signed list of all known servers
64 ## as well as their current liveness status. A value of "0 sec-
65 ## onds" tells Tor to choose an appropriate default.
66 ## (Default: 1 hour for clients, 20 minutes for servers)
67 #DirFetchPeriod N seconds|minutes|hours|days|weeks
69 ## Tor only trusts directories signed with one of these keys, and
70 ## uses the given addresses to connect to the trusted directory
71 ## servers. If no DirServer lines are specified, Tor uses the built-in
72 ## defaults (moria1, moria2, tor26), so you can leave this alone unless
73 ## you need to change it.
75 ## WARNING! Changing these options will make your Tor behave
76 ## differently from everyone else's, and hurt your anonymity. Even
77 ## uncommenting these lines is a bad idea. They are the defaults now,
78 ## but the defaults may change in the future, leaving you behind.
80 #DirServer moria1 v1 18.244.0.188:9031 FFCB 46DB 1339 DA84 674C 70D7 CB58 6434 C437 0441
81 #DirServer moria2 v1 18.244.0.114:80 719B E45D E224 B607 C537 07D0 E214 3E2D 423E 74CF
82 #DirServer tor26 v1 86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D
84 ## On startup, setgid to this user.
87 ## Tor will make all its directory requests through this host:port
88 ## (or host:80 if port is not specified), rather than connecting
89 ## directly to any directory servers.
90 #HttpProxy host[:port]
92 ## If defined, Tor will use this username:password for Basic Http
93 ## proxy authentication, as in RFC 2617. This is currently the
94 ## only form of Http proxy authentication that Tor supports; feel
95 ## free to submit a patch if you want it to support others.
96 #HttpProxyAuthenticator username:password
98 ## Tor will make all its OR (SSL) connections through this
99 ## host:port (or host:443 if port is not specified), via HTTP CON-
100 ## NECT rather than connecting directly to servers. You may want
101 ## to set FascistFirewall to restrict the set of ports you might
102 ## try to connect to, if your Https proxy only allows connecting
104 #HttpsProxy host[:port]
106 ## If defined, Tor will use this username:password for Basic Https
107 ## proxy authentication, as in RFC 2617. This is currently the
108 ## only form of Https proxy authentication that Tor supports; feel
109 ## free to submit a patch if you want it to support others.
110 #HttpsProxyAuthenticator username:password
112 ## To keep firewalls from expiring connections, send a padding
113 ## keepalive cell every NUM seconds on open connections that are
114 ## in use. If the connection has no open circuits, it will instead
115 ## be closed after NUM seconds of idleness. (Default: 5 minutes)
118 ## Send all messages between minSeverity and maxSeverity to the
119 ## standard output stream, the standard error stream, or to the
120 ## system log. (The "syslog" value is only supported on Unix.)
121 ## Recognized severity levels are debug, info, notice, warn, and
122 ## err. If only one severity level is given, all messages of that
123 ## level or higher will be sent to the listed destination.
124 #Log minSeverity[-maxSeverity] stderr|stdout|syslog
126 ## As above, but send log messages to the listed filename. The
127 ## "Log" option may appear more than once in a configuration file.
128 ## Messages are sent to all the logs that match their severity
130 #Log minSeverity[-maxSeverity] file FILENAME
132 ## Maximum number of simultaneous sockets allowed. You probably
133 ## don’t need to adjust this. (Default: 1024)
136 ## Make all outbound connections originate from the IP address
137 ## specified. This is only useful when you have multiple network
138 ## interfaces, and you want all of Tor’s outgoing connections to
140 #OutboundBindAddress IP
142 ## On startup, write our PID to FILE. On clean shutdown, remove
146 ## If 1, Tor forks and daemonizes to the background. (Default: 0)
149 ## If 1, Tor replaces potentially sensitive strings in the logs
150 ## (e.g. addresses) with the string [scrubbed]. This way logs can
151 ## still be useful, but they don’t leave behind personally identi-
152 ## fying information about what sites a user might have visited.
156 ## Every time the specified period elapses, Tor downloads signed
157 ## status information about the current state of known servers. A
158 ## value of "0 seconds" tells Tor to choose an appropriate
159 ## default. (Default: 30 minutes for clients, 15 minutes for
161 #StatusFetchPeriod N seconds|minutes|hours|days|weeks
163 ## On startup, setuid to this user.
166 ## If non-zero, try to use crypto hardware acceleration when
167 ## available. (Default: 1)
171 ## Section 2: Client Options Only
173 ## Where on our circuits should we allow Tor servers that the
174 ## directory servers haven’t authenticated as "verified"?
175 ## (Default: middle,rendezvous)
176 #AllowUnverifiedNodes entry|exit|middle|introduction|rendezvous|...
178 ## If set to 1, Tor will under no circumstances run as a server.
179 ## The default is to run as a client unless ORPort is configured.
180 ## (Usually, you don’t need to set this; Tor is pretty smart at
181 ## figuring out whether you are reliable and high-bandwidth enough
182 ## to be a useful server.)
183 ## This option will likely be deprecated in the future; see the
184 ## NoPublish option below. (Default: 0)
187 ## A list of preferred nodes to use for the first hop in the
188 ## circuit, if possible.
189 #EntryNodes nickname,nickname,...
191 ## A list of preferred nodes to use for the last hop in the
192 ## circuit, if possible.
193 #ExitNodes nickname,nickname,...
195 ## A list of nodes to never use when building a circuit.
196 #ExcludeNodes nickname,nickname,...
198 ## If 1, Tor will never use any nodes besides those listed in
199 ## "exitnodes" for the last hop of a circuit.
202 ## If 1, Tor will never use any nodes besides those listed in
203 ## "entrynodes" for the first hop of a circuit.
204 #StrictEntryNodes 0|1
206 ## If 1, Tor will only create outgoing connections to ORs running
207 ## on ports that your firewall allows (defaults to 80 and 443; see
208 ## FirewallPorts). This will allow you to run Tor as a client
209 ## behind a firewall with restrictive policies, but will not allow
210 ## you to run as a server behind such a firewall.
213 ## A list of ports that your firewall allows you to connect to.
214 ## Only used when FascistFirewall is set. (Default: 80, 443)
217 ## A comma-separated list of IPs that your firewall allows you to
218 ## connect to. Only used when FascistFirewall is set. The format
219 ## is as for the addresses in ExitPolicy.
220 ## For example, ’FirewallIPs 99.0.0.0/8, *:80’ means that your
221 ## firewall allows connections to everything inside net 99, and
222 ## to port 80 outside.
223 #FirewallIPs ADDR[/MASK][:PORT]...
225 ## A list of ports for services that tend to have long-running
226 ## connections (e.g. chat and interactive shells). Circuits for
227 ## streams that use these ports will contain only high-uptime
228 ## nodes, to reduce the chance that a node will go down before the
229 ## stream is finished. (Default: 21, 22, 706, 1863, 5050, 5190,
230 ## 5222, 5223, 6667, 8300, 8888)
231 #LongLivedPorts PORTS
233 ## When a request for address arrives to Tor, it will rewrite it
234 ## to newaddress before processing it. For example, if you always
235 ## want connections to www.indymedia.org to exit via torserver
236 ## (where torserver is the nickname of the server),
237 ## use "MapAddress www.indymedia.org www.indymedia.org.torserver.exit".
238 #MapAddress address newaddress
240 ## Every NUM seconds consider whether to build a new circuit.
241 ## (Default: 30 seconds)
242 #NewCircuitPeriod NUM
244 ## Feel free to reuse a circuit that was first used at most NUM
245 ## seconds ago, but never attach a new stream to a circuit that is
246 ## too old. (Default: 10 minutes)
247 #MaxCircuitDirtiness NUM
249 ## The named Tor servers constitute a "family" of similar or co-
250 ## administered servers, so never use any two of them in the same
251 ## circuit. Defining a NodeFamily is only needed when a server
252 ## doesn’t list the family itself (with MyFamily). This option can
253 ## be used multiple times.
254 #NodeFamily nickname,nickname,...
256 ## A list of preferred nodes to use for the rendezvous point, if
258 #RendNodes nickname,nickname,...
260 ## A list of nodes to never use when choosing a rendezvous point.
261 #RendExcludeNodes nickname,nickname,...
263 ## Advertise this port to listen for connections from SOCKS-speak-
264 ## ing applications. Set this to 0 if you don’t want to allow
265 ## application connections. (Default: 9050)
268 ## Bind to this address to listen for connections from SOCKS-
269 ## speaking applications. (Default: 127.0.0.1) You can also spec-
270 ## ify a port (e.g. 192.168.0.1:9100). This directive can be spec-
271 ## ified multiple times to bind to multiple addresses/ports.
272 #SOCKSBindAddress IP[:PORT]
274 ## Set an entrance policy for this server, to limit who can con-
275 ## nect to the SOCKS ports. The policies have the same form as
276 ## exit policies below.
277 #SOCKSPolicy policy,policy,...
279 ## For each value in the comma separated list, Tor will track
280 ## recent connections to hosts that match this value and attempt
281 ## to reuse the same exit node for each. If the value is prepended
282 ## with a ’.’, it is treated as matching an entire domain. If one
283 ## of the values is just a ’.’, it means match everything. This
284 ## option is useful if you frequently connect to sites that will
285 ## expire all your authentication cookies (ie log you out) if your
286 ## IP address changes. Note that this option does have the disad-
287 ## vantage of making it more clear that a given history is associ-
288 ## ated with a single user. However, most people who would wish to
289 ## observe this will observe it through cookies or other protocol-
290 ## specific means anyhow.
291 #TrackHostExits host,.domain,...
293 ## Since exit servers go up and down, it is desirable to expire
294 ## the association between host and exit server after NUM seconds.
295 ## The default is 1800 seconds (30 minutes).
296 #TrackHostExitsExpire NUM
298 ## If this option is set to 1, we pick a few entry servers as our
299 ## "helpers", and try to use only those fixed entry servers. This
300 ## is desirable, because constantly changing servers increases the
301 ## odds that an adversary who owns some servers will observe a
302 ## fraction of your paths. (Defaults to 0; will eventually
306 ## If UseHelperNodes is set to 1, we will try to pick a total of
307 ## NUM helper nodes as entries for our circuits. (Defaults to 3.)
311 ## Section 3: Server Options Only
313 ## The IP or fqdn of this server (e.g. moria.mit.edu). You can
314 ## leave this unset, and Tor will guess your IP.
317 ## Administrative contact information for server.
318 #ContactInfo email_address
320 ## Set an exit policy for this server. Each policy is of the form
321 ## "accept|reject ADDR[/MASK][:PORT]". If /MASK is omitted then
322 ## this policy just applies to the host given. Instead of giving
323 ## a host or network you can also use "*" to denote the universe
324 ## (0.0.0.0/0). PORT can be a single port number, an interval of
325 ## ports "FROM_PORT-TO_PORT", or "*". If PORT is omitted, that
328 ## For example, "reject 127.0.0.1:*,reject 192.168.1.0/24:*,accept
329 ## *:*" would reject any traffic destined for localhost and any
330 ## 192.168.1.* address, but accept anything else.
332 ## This directive can be specified multiple times so you don’t
333 ## have to put it all on one line.
335 ## See RFC 3330 for more details about internal and reserved IP
336 ## address space. Policies are considered first to last, and the
337 ## first match wins. If you want to _replace_ the default exit
338 ## policy, end your exit policy with either a reject *:* or an
339 ## accept *:*. Otherwise, you’re _augmenting_ (prepending to) the
340 ## default exit policy. The default exit policy is:
342 ## reject 169.254.0.0/16
343 ## reject 127.0.0.0/8
344 ## reject 192.168.0.0/16
346 ## reject 172.16.0.0/12
352 ## reject *:4661-4666
353 ## reject *:6346-6429
355 ## reject *:6881-6999
357 #ExitPolicy policy,policy,...
359 ## If you have more than this number of onionskins queued for
360 ## decrypt, reject new ones. (Default: 100)
361 #MaxOnionsPending NUM
363 ## Declare that this Tor server is controlled or administered by a
364 ## group or organization identical or similar to that of the other
365 ## named servers. When two servers both declare that they are in
366 ## the same ’family’, Tor clients will not use them in the same
367 ## circuit. (Each server only needs to list the other servers in
368 ## its family; it doesn’t need to list itself, but it won’t hurt.)
369 #MyFamily nickname,nickname,...
371 ## Set the server’s nickname to ’name’.
374 ## If you set NoPublish 1, Tor will act as a server if you have an
375 ## ORPort defined, but it will not publish its descriptor to the
376 ## dirservers. This option is useful if you're testing out your
377 ## server, or if you're using alternate dirservers (e.g. for other
378 ## Tor networks such as Blossom). (Default: 0)
381 ## How many processes to use at once for decrypting onionskins.
385 ## Advertise this port to listen for connections from Tor clients
389 ## Bind to this IP address to listen for connections from Tor
390 ## clients and servers. If you specify a port, bind to this port
391 ## rather than the one specified in ORPort. (Default: 0.0.0.0)
392 #ORBindAddress IP[:PORT]
394 ## Whenever an outgoing connection tries to connect to one of a
395 ## given set of addresses, connect to target (an address:port
396 ## pair) instead. The address pattern is given in the same format
397 ## as for an exit policy. The address translation applies after
398 ## exit policies are applied. Multiple RedirectExit options can
399 ## be used: once any one has matched successfully, no subsequent
400 ## rules are considered. You can specify that no redirection is
401 ## to be performed on a given set of addresses by using the spe-
402 ## cial target string "pass", which prevents subsequent rules from
404 #RedirectExit pattern target
406 ## When we get a SIGINT and we're a server, we begin shutting
407 ## down: we close listeners and start refusing new circuits. After
408 ## NUM seconds, we exit. If we get a second SIGINT, we exit imme-
409 ## diately. (Default: 30 seconds)
410 #ShutdownWaitLengthNUM
412 ## Every time the specified period elapses, Tor uploads its server
413 ## descriptors to the directory servers. This information is also
414 ## uploaded whenever it changes. (Default: 20 minutes)
415 #DirPostPeriod N seconds|minutes|hours|days|weeks
417 ## A token bucket limits the average relayed bandwidth (server
418 ## traffic only, not client traffic) on this node to the specified
419 ## number of bytes per second.
420 #RelayBandwidthRate N bytes|KB|MB|GB|TB
422 ## Limit the maximum token bucket size (also known as the burst) for
423 ## relayed traffic (server traffic only, not client traffic) to the
424 ## given number of bytes.
425 #RelayBandwidthBurst N bytes|KB|MB|GB|TB
427 ## Never send more than the specified number of bytes in a given
428 ## accounting period, or receive more than that number in the
429 ## period. For example, with AccountingMax set to 1 GB, a server
430 ## could send 900 MB and receive 800 MB and continue running. It
431 ## will only hibernate once one of the two reaches 1 GB. When the
432 ## number of bytes is exhausted, Tor will hibernate until some
433 ## time in the next accounting period. To prevent all servers
434 ## from waking at the same time, Tor will also wait until a random
435 ## point in each period before waking up. If you have bandwidth
436 ## cost issues, enabling hibernation is preferable to setting a
437 ## low bandwidth, since it provides users with a collection of
438 ## fast servers that are up some of the time, which is more useful
439 ## than a set of slow servers that are always "available".
440 #AccountingMax N bytes|KB|MB|GB|TB
442 ## Specify how long accounting periods last. If month is given,
443 ## each accounting period runs from the time HH:MM on the dayth
444 ## day of one month to the same day and time of the next. (The
445 ## day must be between 1 and 28.) If week is given, each account-
446 ## ing period runs from the time HH:MM of the dayth day of one
447 ## week to the same day and time of the next week, with Monday as
448 ## day 1 and Sunday as day 7. If day is given, each accounting
449 ## period runs from the time HH:MM each day to the same time on
450 ## the next day. All times are local, and given in 24-hour time.
451 ## (Defaults to "month 1 0:00".)
452 #AccountingStart day|week|month [day] HH:MM
455 ## Section 4: Directory Server Options (for running your own Tor
458 ## When this option is set to 1, Tor operates as an authoritative
459 ## directory server. Instead of caching the directory, it gener-
460 ## ates its own list of good servers, signs it, and sends that to
461 ## the clients. Unless the clients already have you listed as a
462 ## trusted directory, you probably do not want to set this option.
463 ## Please coordinate with the other admins at
464 ## tor-ops@freehaven.net if you think you should be a directory.
465 #AuthoritativeDirectory 0|1
467 ## Advertise the directory service on this port.
470 ## Bind the directory service to this address. If you specify a
471 ## port, bind to this port rather than the one specified in DirPort.
472 ## (Default: 0.0.0.0)
473 #DirBindAddress IP[:PORT]
475 ## Set an entrance policy for this server, to limit who can con-
476 ## nect to the directory ports. The policies have the same form
477 ## as exit policies above.
478 #DirPolicy policy,policy,...
480 ## STRING is a command-separated list of Tor versions currently
481 ## believed to be safe. The list is included in each directory,
482 ## and nodes which pull down the directory learn whether they need
483 ## to upgrade. This option can appear multiple times: the values
484 ## from multiple lines are spliced together.
485 #RecommendedVersions STRING
488 ## If set to 1, Tor will accept router descriptors with arbitrary
489 ## "Address" elements. Otherwise, if the address is not an IP or
490 ## is a private IP, it will reject the router descriptor. Defaults
492 #DirAllowPrivateAddresses 0|1
494 ## If set to 1, Tor tries to build circuits through all of the
495 ## servers it knows about, so it can tell which are up and which
496 ## are down. This option is only useful for authoritative direc-
497 ## tories, so you probably don't want to use it.
500 ## Section 5: Hidden Service Options (clients and servers)
502 ## Store data files for a hidden service in DIRECTORY. Every hid-
503 ## den service must have a separate directory. You may use this
504 ## option multiple times to specify multiple services.
505 #HiddenServiceDir DIRECTORY
507 ## Configure a virtual port VIRTPORT for a hidden service. You
508 ## may use this option multiple times; each time applies to the
509 ## service using the most recent hiddenservicedir. By default,
510 ## this option maps the virtual port to the same port on
511 ## 127.0.0.1. You may override the target port, address, or both
512 ## by specifying a target of addr, port, or addr:port.
513 #HiddenServicePort VIRTPORT [TARGET]
515 ## If possible, use the specified nodes as introduction points for
516 ## the hidden service. If this is left unset, Tor will be smart
517 ## and pick some reasonable ones; most people can leave this unset.
518 #HiddenServiceNodes nickname,nickname,...
520 ## Do not use the specified nodes as introduction points for the
521 ## hidden service. In normal use there is no reason to set this.
522 #HiddenServiceExcludeNodes nickname,nickname,...
524 ## Publish the given rendezvous service descriptor versions for the
526 #HiddenServiceVersion 0,2
528 ## Every time the specified period elapses, Tor uploads any ren-
529 ## dezvous service descriptors to the directory servers. This
530 ## information is also uploaded whenever it changes.
531 ## (Default: 20 minutes)
532 #RendPostPeriod N seconds|minutes|hours|days|weeks