haveno/seednode/torrc
boldsuck d4a9838cd8
Some checks are pending
CI / build (macos-13) (push) Waiting to run
CI / build (ubuntu-latest) (push) Waiting to run
CI / build (windows-latest) (push) Waiting to run
Codacy Coverage Reporter / Publish coverage (push) Waiting to run
CodeQL / Analyze (java) (push) Waiting to run
update documentation and config for external tor w/ pow defense
Co-authored-by: shortwavesurfer2009 <116814522+shortwavesurfer2009@users.noreply.github.com>
Co-authored-by: fa2a5qj3 <174058787+fa2a5qj3@users.noreply.github.com>
Co-authored-by: preland <prelandofficialmusic@gmail.com>
2024-08-02 08:27:10 -04:00

155 lines
7.2 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

## Configuration file for Haveno Seednode
##
## To start/reload/etc this instance, run "systemctl start tor" (or reload, or..).
## This instance will run as user debian-tor; its data directory is /var/lib/tor.
##
## This file is configured via:
## /usr/share/tor/tor-service-defaults-torrc
##
## See 'man tor', for more options you can use in this file.
## Tor opens a socks proxy on port 9050 by default -- even if you don't
## configure one below. Set "SocksPort 0" if you plan to run Tor only
## as a relay, and not make any local application connections yourself.
#SocksPort 9050 # Default: Bind to localhost:9050 for local connections.
# ### SocksPort flag: OnionTrafficOnly ###
## Tell the tor client to only connect to .onion addresses in response to SOCKS5 requests on this connection.
## This is equivalent to NoDNSRequest, NoIPv4Traffic, NoIPv6Traffic.
# ### SocksPort flag: ExtendedErrors ###
## Return extended error code in the SOCKS reply. So far, the possible errors are:
# X'F0' Onion Service Descriptor Can Not be Found
# X'F1' Onion Service Descriptor Is Invalid
# X'F2' Onion Service Introduction Failed
# X'F3' Onion Service Rendezvous Failed
# X'F4' Onion Service Missing Client Authorization
# X'F5' Onion Service Wrong Client Authorization
# X'F6' Onion Service Invalid Address
# X'F7' Onion Service Introduction Timed Out
SocksPort 9050 OnionTrafficOnly ExtendedErrors
## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
## all (and only) requests that reach a SocksPort. Untrusted users who
## can access your SocksPort may be able to learn about the connections
## you make.
SocksPolicy accept 127.0.0.1
SocksPolicy accept6 [::1]
SocksPolicy reject *
## Tor will reject application connections that use unsafe variants of the socks protocol
##ones that only provide an IP address, meaning the application is doing a DNS resolve first.
## Specifically, these are socks4 and socks5 when not doing remote DNS. (Default: 0)
#SafeSocks 1
## Tor will make a notice-level log entry for each connection to the Socks port indicating
## whether the request used a safe socks protocol or an unsafe one (see above entry on SafeSocks).
## This helps to determine whether an application using Tor is possibly leaking DNS requests. (Default: 0)
TestSocks 1
## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
##
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
##
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
#Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
#Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles (This is default)
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr
# Try to write to disk less frequently than we would otherwise. This is useful when running on flash memory.
AvoidDiskWrites 1
## TODO: This option has no effect. Bisq/Haveno is tor client &/or hidden service. 'man torrc':
## Relays and bridges only. When this option is enabled, a Tor relay writes obfuscated statistics on its
## role as hidden-service directory, introduction point, or rendezvous point to disk every 24 hours.
## If ExtraInfoStatistics is enabled, it will be published as part of the extra-info document. (Default: 1)
HiddenServiceStatistics 0
## NOTE: In order to use the ControlPort, the <user> must belong to the tor group.
## sudo usermod -aG debian-tor <user>
##
## The port on which Tor will listen for local connections from Tor
## controller applications, as documented in control-spec.txt.
#ControlPort 9051
## If you enable the controlport, be sure to enable one of these
## authentication methods, to prevent attackers from accessing it.
##
## Compute the hash of a password with "tor --hash-password password".
#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
CookieAuthentication 0 # (Default: 1)
## MetricsPort provides an interface to the underlying Tor relay metrics.
## Exposing publicly is dangerous, set a very strict access policy.
## Retrieve the metrics with: curl http://127.0.0.1:9035/metrics
MetricsPort 127.0.0.1:9035
MetricsPortPolicy accept 127.0.0.1
MetricsPortPolicy accept [::1]
############### This section is just for location-hidden services ###
## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people. e.g.: 'sudo cat /var/lib/tor/haveno_seednode/hostname'
##
## HiddenServicePort x y:z says to redirect requests on port x to the
## address y:z.
##
## If you plan to keep your service available for a long time, you might want to make a backup copy
## of the private_key file or complete folder /var/lib/tor/hidden_service somewhere.
#### Haveno seednode incoming anonymity connections ###
HiddenServiceDir /var/lib/tor/haveno_seednode
HiddenServicePort 2002 127.0.0.1:2002
HiddenServicePort 2002 [::1]:2002
## NOTE: HiddenService options are per onion service
## https://community.torproject.org/onion-services/advanced/dos/
##
## Rate limiting at the Introduction Points
## Intropoint protections prevents onion service DoS from becoming a DoS for the entire machine and its guard.
HiddenServiceEnableIntroDoSDefense 1
#HiddenServiceEnableIntroDoSRatePerSec 25 # (Default: 25)
#HiddenServiceEnableIntroDoSBurstPerSec 200 # (Default: 200)
# Number of introduction points the hidden service will have. You cant have more than 20.
#HiddenServiceNumIntroductionPoints 3 # (Default: 3)
## https://tpo.pages.torproject.net/onion-services/ecosystem/technology/pow/#configuring-an-onion-service-with-the-pow-protection
## Proof of Work (PoW) before establishing Rendezvous Circuits
## The lower the queue and burst rates, the higher the puzzle effort tends to be for users.
HiddenServicePoWDefensesEnabled 1
HiddenServicePoWQueueRate 200 # (Default: 250)
HiddenServicePoWQueueBurst 1000 # (Default: 2500)
## Stream limits in the established Rendezvous Circuits
## The maximum number of simultaneous streams (connections) per rendezvous circuit. The max value allowed is 65535. (0 = unlimited)
HiddenServiceMaxStreams 25
#HiddenServiceMaxStreamsCloseCircuit 1
#### Haveno seednode2 incoming anonymity connections ###
HiddenServiceDir /var/lib/tor/haveno_seednode2
HiddenServicePort 2003 127.0.0.1:2003
HiddenServicePort 2003 [::1]:2003
HiddenServiceEnableIntroDoSDefense 1
#HiddenServiceEnableIntroDoSRatePerSec 25 # (Default: 25)
#HiddenServiceEnableIntroDoSBurstPerSec 200 # (Default: 200)
#HiddenServiceNumIntroductionPoints 3 # (Default: 3)
HiddenServicePoWDefensesEnabled 1
HiddenServicePoWQueueRate 200 # (Default: 250)
HiddenServicePoWQueueBurst 1000 # (Default: 2500)
HiddenServiceMaxStreams 25
#HiddenServiceMaxStreamsCloseCircuit 1
#####################################################################
LongLivedPorts 2002,2003
## Default: 21, 22, 706, 1863, 5050, 5190, 5222, 5223, 6523, 6667, 6697, 8300