diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2020-01-23 13:58:30 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2020-01-23 13:58:30 -0300 |
commit | 480055af9dc335fb1b290b8ffb3a3548f879f3f5 (patch) | |
tree | e0abe1068c58500716454652538041ecc765857f /share/provision/files/tor-transproxy/etc/tor | |
parent | 199f37487b76f209a19a4e7ea973a204f58e7369 (diff) | |
download | kvmx-480055af9dc335fb1b290b8ffb3a3548f879f3f5.tar.gz kvmx-480055af9dc335fb1b290b8ffb3a3548f879f3f5.tar.bz2 |
Feat: Provision: Tor Transproxy
Diffstat (limited to 'share/provision/files/tor-transproxy/etc/tor')
-rw-r--r-- | share/provision/files/tor-transproxy/etc/tor/torrc | 179 |
1 files changed, 179 insertions, 0 deletions
diff --git a/share/provision/files/tor-transproxy/etc/tor/torrc b/share/provision/files/tor-transproxy/etc/tor/torrc new file mode 100644 index 0000000..9e17ea9 --- /dev/null +++ b/share/provision/files/tor-transproxy/etc/tor/torrc @@ -0,0 +1,179 @@ +## Configuration file for a typical Tor user +## Last updated 22 December 2007 for Tor 0.2.0.14-alpha. +## (May or may not work for much older or much newer versions of Tor.) +## +## Lines that begin with "## " try to explain what's going on. Lines +## that begin with just "#" are disabled commands: you can enable them +## by removing the "#" symbol. +## +## See the man page, or https://www.torproject.org/tor-manual-dev.html, +## for more options you can use in this file. +## +## Tor will look for this file in various places based on your platform: +## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc + + +## Default SocksPort +SocksPort 127.0.0.1:9050 IsolateDestAddr IsolateDestPort +## SocksPort for Tails-specific applications +SocksPort 127.0.0.1:9062 IsolateDestAddr IsolateDestPort +## SocksPort for the default web browser +SocksPort 127.0.0.1:9150 IsolateSOCKSAuth KeepAliveIsolateSOCKSAuth + +## Entry policies to allow/deny SOCKS requests based on IP address. +## First entry that matches wins. If no SocksPolicy is set, we accept +## all (and only) requests from SocksListenAddress. +#SocksPolicy accept 192.168.0.0/16 +#SocksPolicy reject * + +## Logs go to stdout at level "notice" unless redirected by something +## else, like one of the below lines. You can have as many Log lines as +## you want. +## +## We advise using "notice" in most cases, since anything more verbose +## may provide sensitive information to an attacker who obtains the logs. +## +## Send all messages of level 'notice' or higher to /var/log/tor/notices.log +#Log notice file /var/log/tor/notices.log +## Send every possible message to /var/log/tor/debug.log +#Log debug file /var/log/tor/debug.log +## Use the system log instead of Tor's logfiles +#Log notice syslog +## To send all messages to stderr: +#Log debug stderr + +## Uncomment this to start the process in the background... or use +## --runasdaemon 1 on the command line. This is ignored on Windows; +## see the FAQ entry if you want Tor to run as an NT service. +#RunAsDaemon 1 + +## The directory for keeping all the keys/etc. By default, we store +## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. +#DataDirectory /var/lib/tor + +## The port on which Tor will listen for local connections from Tor +## controller applications, as documented in control-spec.txt. +ControlPort 9052 +ControlListenAddress 127.0.0.1 + +############### This section is just for location-hidden services ### + +## Once you have configured a hidden service, you can look at the +## contents of the file ".../hidden_service/hostname" for the address +## to tell people. +## +## HiddenServicePort x y:z says to redirect requests on port x to the +## address y:z. + +#HiddenServiceDir /var/lib/tor/hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 + +#HiddenServiceDir /var/lib/tor/other_hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 +#HiddenServicePort 22 127.0.0.1:22 + +################ This section is just for relays ##################### +# +## See https://www.torproject.org/docs/tor-doc-relay for details. + +## A unique handle for your server. +#Nickname ididnteditheconfig + +## The IP or FQDN for your server. Leave commented out and Tor will guess. +#Address noname.example.com + +## Define these to limit the bandwidth usage of relayed (server) +## traffic. Your own traffic is still unthrottled. +## Note that RelayBandwidthRate must be at least 20 KB. +#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps) +#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps) + +## Contact info to be published in the directory, so we can contact you +## if your server is misconfigured or something else goes wrong. +#ContactInfo Random Person <nobody AT example dot com> +## You might also include your PGP or GPG fingerprint if you have one: +#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com> + +## Required: what port to advertise for Tor connections. +#ORPort 9001 +## If you need to listen on a port other than the one advertised +## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the +## line below too. You'll need to do ipchains or other port forwarding +## yourself to make this work. +#ORListenAddress 0.0.0.0:9090 + +## Uncomment this to mirror directory information for others. Please do +## if you have enough bandwidth. +#DirPort 9030 # what port to advertise for directory connections +## If you need to listen on a port other than the one advertised +## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line +## below too. You'll need to do ipchains or other port forwarding yourself +## to make this work. +#DirListenAddress 0.0.0.0:9091 + +## Uncomment this if you run more than one Tor server, and add the +## nickname of each Tor server you control, even if they're on different +## networks. You declare it here so Tor clients can avoid using more than +## one of your servers in a single circuit. See +## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers +#MyFamily nickname1,nickname2,... + +## A comma-separated list of exit policies. They're considered first +## to last, and the first match wins. If you want to _replace_ +## the default exit policy, end this with either a reject *:* or an +## accept *:*. Otherwise, you're _augmenting_ (prepending to) the +## default exit policy. Leave commented to just use the default, which is +## available in the man page or at https://www.torproject.org/documentation.html +## +## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses +## for issues you might encounter if you use the default exit policy. +## +## If certain IPs and ports are blocked externally, e.g. by your firewall, +## you should update your exit policy to reflect this -- otherwise Tor +## users will be told that those destinations are down. +## +#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more +#ExitPolicy accept *:119 # accept nntp as well as default exit policy +#ExitPolicy reject *:* # no exits allowed +# +################ This section is just for bridge relays ############## +# +## Bridge relays (or "bridges" ) are Tor relays that aren't listed in the +## main directory. Since there is no complete public list of them, even if an +## ISP is filtering connections to all the known Tor relays, they probably +## won't be able to block all the bridges. Unlike running an exit relay, +## running a bridge relay just passes data to and from the Tor network -- +## so it shouldn't expose the operator to abuse complaints. + +#ORPort 443 +#BridgeRelay 1 +#RelayBandwidthRate 50KBytes +#ExitPolicy reject *:* + + +################ Local settings ######################################## + +## Torified DNS +DNSPort 5353 +AutomapHostsOnResolve 1 +AutomapHostsSuffixes .exit,.onion + +## Transparent proxy +TransPort 9040 +TransListenAddress 127.0.0.1 + +## Misc +AvoidDiskWrites 1 + +## We don't care if applications do their own DNS lookups since our Tor +## enforcement will handle it safely. +WarnUnsafeSocks 0 + +## Disable default warnings on StartTLS for email. Let's not train our +## users to click through security warnings. +WarnPlaintextPorts 23,109 + +## Tor 0.3.x logs to syslog by default, which we redirect to the Journal; +## but we have some code that reads Tor's logs and only supports plaintext +## log files at the moment, so let's keep logging to a file. +Log notice file /var/log/tor/log |