doc/TorFAQ: tor.html

File tor.html, 107.6 KB (added by ohm_kaka2, 3 years ago)
Line 
1<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
2    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
3<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
4<head>
5<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
6<meta name="generator" content="AsciiDoc 8.4.5" />
7<title>TOR(1)</title>
8<style type="text/css">
9/* Debug borders */
10p, li, dt, dd, div, pre, h1, h2, h3, h4, h5, h6 {
11/*
12  border: 1px solid red;
13*/
14}
15
16body {
17  margin: 1em 5% 1em 5%;
18}
19
20a {
21  color: blue;
22  text-decoration: underline;
23}
24a:visited {
25  color: fuchsia;
26}
27
28em {
29  font-style: italic;
30  color: navy;
31}
32
33strong {
34  font-weight: bold;
35  color: #083194;
36}
37
38tt {
39  color: navy;
40}
41
42h1, h2, h3, h4, h5, h6 {
43  color: #527bbd;
44  font-family: sans-serif;
45  margin-top: 1.2em;
46  margin-bottom: 0.5em;
47  line-height: 1.3;
48}
49
50h1, h2, h3 {
51  border-bottom: 2px solid silver;
52}
53h2 {
54  padding-top: 0.5em;
55}
56h3 {
57  float: left;
58}
59h3 + * {
60  clear: left;
61}
62
63div.sectionbody {
64  font-family: serif;
65  margin-left: 0;
66}
67
68hr {
69  border: 1px solid silver;
70}
71
72p {
73  margin-top: 0.5em;
74  margin-bottom: 0.5em;
75}
76
77ul, ol, li > p {
78  margin-top: 0;
79}
80
81pre {
82  padding: 0;
83  margin: 0;
84}
85
86span#author {
87  color: #527bbd;
88  font-family: sans-serif;
89  font-weight: bold;
90  font-size: 1.1em;
91}
92span#email {
93}
94span#revnumber, span#revdate, span#revremark {
95  font-family: sans-serif;
96}
97
98div#footer {
99  font-family: sans-serif;
100  font-size: small;
101  border-top: 2px solid silver;
102  padding-top: 0.5em;
103  margin-top: 4.0em;
104}
105div#footer-text {
106  float: left;
107  padding-bottom: 0.5em;
108}
109div#footer-badges {
110  float: right;
111  padding-bottom: 0.5em;
112}
113
114div#preamble {
115  margin-top: 1.5em;
116  margin-bottom: 1.5em;
117}
118div.tableblock, div.imageblock, div.exampleblock, div.verseblock,
119div.quoteblock, div.literalblock, div.listingblock, div.sidebarblock,
120div.admonitionblock {
121  margin-top: 1.5em;
122  margin-bottom: 1.5em;
123}
124div.admonitionblock {
125  margin-top: 2.5em;
126  margin-bottom: 2.5em;
127}
128
129div.content { /* Block element content. */
130  padding: 0;
131}
132
133/* Block element titles. */
134div.title, caption.title {
135  color: #527bbd;
136  font-family: sans-serif;
137  font-weight: bold;
138  text-align: left;
139  margin-top: 1.0em;
140  margin-bottom: 0.5em;
141}
142div.title + * {
143  margin-top: 0;
144}
145
146td div.title:first-child {
147  margin-top: 0.0em;
148}
149div.content div.title:first-child {
150  margin-top: 0.0em;
151}
152div.content + div.title {
153  margin-top: 0.0em;
154}
155
156div.sidebarblock > div.content {
157  background: #ffffee;
158  border: 1px solid silver;
159  padding: 0.5em;
160}
161
162div.listingblock > div.content {
163  border: 1px solid silver;
164  background: #f4f4f4;
165  padding: 0.5em;
166}
167
168div.quoteblock {
169  padding-left: 2.0em;
170  margin-right: 10%;
171}
172div.quoteblock > div.attribution {
173  padding-top: 0.5em;
174  text-align: right;
175}
176
177div.verseblock {
178  padding-left: 2.0em;
179  margin-right: 10%;
180}
181div.verseblock > div.content {
182  white-space: pre;
183}
184div.verseblock > div.attribution {
185  padding-top: 0.75em;
186  text-align: left;
187}
188/* DEPRECATED: Pre version 8.2.7 verse style literal block. */
189div.verseblock + div.attribution {
190  text-align: left;
191}
192
193div.admonitionblock .icon {
194  vertical-align: top;
195  font-size: 1.1em;
196  font-weight: bold;
197  text-decoration: underline;
198  color: #527bbd;
199  padding-right: 0.5em;
200}
201div.admonitionblock td.content {
202  padding-left: 0.5em;
203  border-left: 2px solid silver;
204}
205
206div.exampleblock > div.content {
207  border-left: 2px solid silver;
208  padding: 0.5em;
209}
210
211div.imageblock div.content { padding-left: 0; }
212span.image img { border-style: none; }
213a.image:visited { color: white; }
214
215dl {
216  margin-top: 0.8em;
217  margin-bottom: 0.8em;
218}
219dt {
220  margin-top: 0.5em;
221  margin-bottom: 0;
222  font-style: normal;
223  color: navy;
224}
225dd > *:first-child {
226  margin-top: 0.1em;
227}
228
229ul, ol {
230    list-style-position: outside;
231}
232ol.arabic {
233  list-style-type: decimal;
234}
235ol.loweralpha {
236  list-style-type: lower-alpha;
237}
238ol.upperalpha {
239  list-style-type: upper-alpha;
240}
241ol.lowerroman {
242  list-style-type: lower-roman;
243}
244ol.upperroman {
245  list-style-type: upper-roman;
246}
247
248div.compact ul, div.compact ol,
249div.compact p, div.compact p,
250div.compact div, div.compact div {
251  margin-top: 0.1em;
252  margin-bottom: 0.1em;
253}
254
255div.tableblock > table {
256  border: 3px solid #527bbd;
257}
258thead {
259  font-family: sans-serif;
260  font-weight: bold;
261}
262tfoot {
263  font-weight: bold;
264}
265td > div.verse {
266  white-space: pre;
267}
268p.table {
269  margin-top: 0;
270}
271/* Because the table frame attribute is overriden by CSS in most browsers. */
272div.tableblock > table[frame="void"] {
273  border-style: none;
274}
275div.tableblock > table[frame="hsides"] {
276  border-left-style: none;
277  border-right-style: none;
278}
279div.tableblock > table[frame="vsides"] {
280  border-top-style: none;
281  border-bottom-style: none;
282}
283
284
285div.hdlist {
286  margin-top: 0.8em;
287  margin-bottom: 0.8em;
288}
289div.hdlist tr {
290  padding-bottom: 15px;
291}
292dt.hdlist1.strong, td.hdlist1.strong {
293  font-weight: bold;
294}
295td.hdlist1 {
296  vertical-align: top;
297  font-style: normal;
298  padding-right: 0.8em;
299  color: navy;
300}
301td.hdlist2 {
302  vertical-align: top;
303}
304div.hdlist.compact tr {
305  margin: 0;
306  padding-bottom: 0;
307}
308
309.comment {
310  background: yellow;
311}
312
313@media print {
314  div#footer-badges { display: none; }
315}
316
317div#toctitle {
318  color: #527bbd;
319  font-family: sans-serif;
320  font-size: 1.1em;
321  font-weight: bold;
322  margin-top: 1.0em;
323  margin-bottom: 0.1em;
324}
325
326div.toclevel1, div.toclevel2, div.toclevel3, div.toclevel4 {
327  margin-top: 0;
328  margin-bottom: 0;
329}
330div.toclevel2 {
331  margin-left: 2em;
332  font-size: 0.9em;
333}
334div.toclevel3 {
335  margin-left: 4em;
336  font-size: 0.9em;
337}
338div.toclevel4 {
339  margin-left: 6em;
340  font-size: 0.9em;
341}
342/* Overrides for manpage documents */
343h1 {
344  padding-top: 0.5em;
345  padding-bottom: 0.5em;
346  border-top: 2px solid silver;
347  border-bottom: 2px solid silver;
348}
349h2 {
350  border-style: none;
351}
352div.sectionbody {
353  margin-left: 5%;
354}
355
356@media print {
357  div#toc { display: none; }
358}
359
360/* Workarounds for IE6's broken and incomplete CSS2. */
361
362div.sidebar-content {
363  background: #ffffee;
364  border: 1px solid silver;
365  padding: 0.5em;
366}
367div.sidebar-title, div.image-title {
368  color: #527bbd;
369  font-family: sans-serif;
370  font-weight: bold;
371  margin-top: 0.0em;
372  margin-bottom: 0.5em;
373}
374
375div.listingblock div.content {
376  border: 1px solid silver;
377  background: #f4f4f4;
378  padding: 0.5em;
379}
380
381div.quoteblock-attribution {
382  padding-top: 0.5em;
383  text-align: right;
384}
385
386div.verseblock-content {
387  white-space: pre;
388}
389div.verseblock-attribution {
390  padding-top: 0.75em;
391  text-align: left;
392}
393
394div.exampleblock-content {
395  border-left: 2px solid silver;
396  padding-left: 0.5em;
397}
398
399/* IE6 sets dynamically generated links as visited. */
400div#toc a:visited { color: blue; }
401</style>
402</head>
403<body>
404<div id="header">
405<h1>
406TOR(1) Manual Page
407</h1>
408<h2>NAME</h2>
409<div class="sectionbody">
410<p>tor -
411   The second-generation onion router
412</p>
413</div>
414</div>
415<h2 id="_synopsis">SYNOPSIS</h2>
416<div class="sectionbody">
417<div class="paragraph"><p><strong>tor</strong> [<em>OPTION</em> <em>value</em>]&#8230;</p></div>
418</div>
419<h2 id="_description">DESCRIPTION</h2>
420<div class="sectionbody">
421<div class="paragraph"><p><em>tor</em> is a connection-oriented anonymizing communication
422service. Users choose a source-routed path through a set of nodes, and
423negotiate a "virtual circuit" through the network, in which each node
424knows its predecessor and successor, but no others. Traffic flowing down
425the circuit is unwrapped by a symmetric key at each node, which reveals
426the downstream node.<br /></p></div>
427<div class="paragraph"><p>Basically <em>tor</em> provides a distributed network of servers ("onion routers").
428Users bounce their TCP streams&#8201;&#8212;&#8201;web traffic, ftp, ssh, etc&#8201;&#8212;&#8201;around the
429routers, and recipients, observers, and even the routers themselves have
430difficulty tracking the source of the stream.</p></div>
431</div>
432<h2 id="_options">OPTIONS</h2>
433<div class="sectionbody">
434<div class="dlist"><dl>
435<dt class="hdlist1">
436<strong>-h</strong>, <strong>-help</strong>
437</dt>
438<dd>
439<p>
440    Display a short help message and exit.
441</p>
442</dd>
443<dt class="hdlist1">
444<strong>-f</strong> <em>FILE</em>
445</dt>
446<dd>
447<p>
448    FILE contains further "option value" pairs. (Default: /c/Users/erinn/build-scripts.git/osx-bundles/build-alpha/etc/tor/torrc)
449</p>
450</dd>
451<dt class="hdlist1">
452<strong>--hash-password</strong>
453</dt>
454<dd>
455<p>
456    Generates a hashed password for control port access.
457</p>
458</dd>
459<dt class="hdlist1">
460<strong>--list-fingerprint</strong>
461</dt>
462<dd>
463<p>
464    Generate your keys and output your nickname and fingerprint.
465</p>
466</dd>
467<dt class="hdlist1">
468<strong>--verify-config</strong>
469</dt>
470<dd>
471<p>
472    Verify the configuration file is valid.
473</p>
474</dd>
475<dt class="hdlist1">
476<strong>--nt-service</strong>
477</dt>
478<dd>
479<p>
480    <strong>--service [install|remove|start|stop]</strong> Manage the Tor Windows
481    NT/2000/XP service. Current instructions can be found at
482    <a href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#WinNTService">https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#WinNTService</a>
483</p>
484</dd>
485<dt class="hdlist1">
486<strong>--list-torrc-options</strong>
487</dt>
488<dd>
489<p>
490    List all valid options.
491</p>
492</dd>
493<dt class="hdlist1">
494<strong>--version</strong>
495</dt>
496<dd>
497<p>
498    Display Tor version and exit.
499</p>
500</dd>
501<dt class="hdlist1">
502<strong>--quiet</strong>
503</dt>
504<dd>
505<p>
506    Do not start Tor with a console log unless explicitly requested to do so.
507    (By default, Tor starts out logging messages at level "notice" or higher to
508    the console, until it has parsed its configuration.)
509</p>
510</dd>
511</dl></div>
512<div class="paragraph"><p>Other options can be specified either on the command-line (--option
513    value), or in the configuration file (option value or option "value").
514    Options are case-insensitive. C-style escaped characters are allowed inside
515    quoted values.   Options on the command line take precedence over
516    options found in the configuration file, except indicated otherwise.  To
517    split one configuration entry into multiple lines, use a single \ before
518    the end of the line.  Comments can be used in such multiline entries, but
519    they must start at the beginning of a line.</p></div>
520<div class="dlist"><dl>
521<dt class="hdlist1">
522<strong>BandwidthRate</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
523</dt>
524<dd>
525<p>
526    A token bucket limits the average incoming bandwidth usage on this node to
527    the specified number of bytes per second, and the average outgoing
528    bandwidth usage to that same value.  If you want to run a relay in the
529    public network, this needs to be <em>at the very least</em> 20 KB (that is,
530    20480 bytes). (Default: 5 MB)
531</p>
532</dd>
533<dt class="hdlist1">
534<strong>BandwidthBurst</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
535</dt>
536<dd>
537<p>
538    Limit the maximum token bucket size (also known as the burst) to the given
539    number of bytes in each direction. (Default: 10 MB)
540</p>
541</dd>
542<dt class="hdlist1">
543<strong>MaxAdvertisedBandwidth</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
544</dt>
545<dd>
546<p>
547    If set, we will not advertise more than this amount of bandwidth for our
548    BandwidthRate. Server operators who want to reduce the number of clients
549    who ask to build circuits through them (since this is proportional to
550    advertised bandwidth rate) can thus reduce the CPU demands on their server
551    without impacting network performance.
552</p>
553</dd>
554<dt class="hdlist1">
555<strong>RelayBandwidthRate</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
556</dt>
557<dd>
558<p>
559    If not 0, a separate token bucket limits the average incoming bandwidth
560    usage for _relayed traffic_ on this node to the specified number of bytes
561    per second, and the average outgoing bandwidth usage to that same value.
562    Relayed traffic currently is calculated to include answers to directory
563    requests, but that may change in future versions. (Default: 0)
564</p>
565</dd>
566<dt class="hdlist1">
567<strong>RelayBandwidthBurst</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
568</dt>
569<dd>
570<p>
571    If not 0, limit the maximum token bucket size (also known as the burst) for
572    _relayed traffic_ to the given number of bytes in each direction.
573    (Default: 0)
574</p>
575</dd>
576<dt class="hdlist1">
577<strong>PerConnBWRate</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
578</dt>
579<dd>
580<p>
581    If set, do separate rate limiting for each connection from a non-relay.
582    You should never need to change this value, since a network-wide value is
583    published in the consensus and your relay will use that value. (Default: 0)
584</p>
585</dd>
586<dt class="hdlist1">
587<strong>PerConnBWBurst</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
588</dt>
589<dd>
590<p>
591    If set, do separate rate limiting for each connection from a non-relay.
592    You should never need to change this value, since a network-wide value is
593    published in the consensus and your relay will use that value. (Default: 0)
594</p>
595</dd>
596<dt class="hdlist1">
597<strong>ConnLimit</strong> <em>NUM</em>
598</dt>
599<dd>
600<p>
601    The minimum number of file descriptors that must be available to the Tor
602    process before it will start. Tor will ask the OS for as many file
603    descriptors as the OS will allow (you can find this by "ulimit -H -n").
604    If this number is less than ConnLimit, then Tor will refuse to start.<br />
605<br />
606    You probably don&#8217;t need to adjust this. It has no effect on Windows
607    since that platform lacks getrlimit(). (Default: 1000)
608</p>
609</dd>
610<dt class="hdlist1">
611<strong>ConstrainedSockets</strong> <strong>0</strong>|<strong>1</strong>
612</dt>
613<dd>
614<p>
615    If set, Tor will tell the kernel to attempt to shrink the buffers for all
616    sockets to the size specified in <strong>ConstrainedSockSize</strong>. This is useful for
617    virtual servers and other environments where system level TCP buffers may
618    be limited. If you&#8217;re on a virtual server, and you encounter the "Error
619    creating network socket: No buffer space available" message, you are
620    likely experiencing this problem.<br />
621<br />
622    The preferred solution is to have the admin increase the buffer pool for
623    the host itself via /proc/sys/net/ipv4/tcp_mem or equivalent facility;
624    this configuration option is a second-resort.<br />
625<br />
626    The DirPort option should also not be used if TCP buffers are scarce. The
627    cached directory requests consume additional sockets which exacerbates
628    the problem.<br />
629<br />
630    You should <strong>not</strong> enable this feature unless you encounter the "no buffer
631    space available" issue. Reducing the TCP buffers affects window size for
632    the TCP stream and will reduce throughput in proportion to round trip
633    time on long paths. (Default: 0.)
634</p>
635</dd>
636<dt class="hdlist1">
637<strong>ConstrainedSockSize</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>
638</dt>
639<dd>
640<p>
641    When <strong>ConstrainedSockets</strong> is enabled the receive and transmit buffers for
642    all sockets will be set to this limit. Must be a value between 2048 and
643    262144, in 1024 byte increments. Default of 8192 is recommended.
644</p>
645</dd>
646<dt class="hdlist1">
647<strong>ControlPort</strong> <em>PORT</em>|<strong>auto</strong>
648</dt>
649<dd>
650<p>
651    If set, Tor will accept connections on this port and allow those
652    connections to control the Tor process using the Tor Control Protocol
653    (described in control-spec.txt). Note: unless you also specify one or
654    more of <strong>HashedControlPassword</strong> or <strong>CookieAuthentication</strong>,
655    setting this option will cause Tor to allow any process on the local
656    host to control it. (Setting both authentication methods means either
657    method is sufficient to authenticate to Tor.) This
658    option is required for many Tor controllers; most use the value of 9051.
659    Set it to "auto" to have Tor pick a port for you. (Default: 0).
660</p>
661</dd>
662<dt class="hdlist1">
663<strong>ControlListenAddress</strong> <em>IP</em>[:<em>PORT</em>]
664</dt>
665<dd>
666<p>
667    Bind the controller listener to this address. If you specify a port, bind
668    to this port rather than the one specified in ControlPort. We strongly
669    recommend that you leave this alone unless you know what you&#8217;re doing,
670    since giving attackers access to your control listener is really
671    dangerous. (Default: 127.0.0.1) This directive can be specified multiple
672    times to bind to multiple addresses/ports.
673</p>
674</dd>
675<dt class="hdlist1">
676<strong>ControlSocket</strong> <em>Path</em>
677</dt>
678<dd>
679<p>
680    Like ControlPort, but listens on a Unix domain socket, rather than a TCP
681    socket. (Unix and Unix-like systems only.)
682</p>
683</dd>
684<dt class="hdlist1">
685<strong>ControlSocketsGroupWritable</strong> <strong>0</strong>|<strong>1</strong>
686</dt>
687<dd>
688<p>
689    If this option is set to 0, don&#8217;t allow the filesystem group to read and
690    write unix sockets (e.g. ControlSocket). If the option is set to 1, make
691    the control socket readable and writable by the default GID. (Default: 0)
692</p>
693</dd>
694<dt class="hdlist1">
695<strong>HashedControlPassword</strong> <em>hashed_password</em>
696</dt>
697<dd>
698<p>
699    Allow connections on the control port if they present
700    the password whose one-way hash is <em>hashed_password</em>. You
701    can compute the hash of a password by running "tor --hash-password
702    <em>password</em>". You can provide several acceptable passwords by using more
703    than one HashedControlPassword line.
704</p>
705</dd>
706<dt class="hdlist1">
707<strong>CookieAuthentication</strong> <strong>0</strong>|<strong>1</strong>
708</dt>
709<dd>
710<p>
711    If this option is set to 1, allow connections on the control port
712    when the connecting process knows the contents of a file named
713    "control_auth_cookie", which Tor will create in its data directory. This
714    authentication method should only be used on systems with good filesystem
715    security. (Default: 0)
716</p>
717</dd>
718<dt class="hdlist1">
719<strong>CookieAuthFile</strong> <em>Path</em>
720</dt>
721<dd>
722<p>
723    If set, this option overrides the default location and file name
724    for Tor&#8217;s cookie file. (See CookieAuthentication above.)
725</p>
726</dd>
727<dt class="hdlist1">
728<strong>CookieAuthFileGroupReadable</strong> <strong>0</strong>|<strong>1</strong>|<em>Groupname</em>
729</dt>
730<dd>
731<p>
732    If this option is set to 0, don&#8217;t allow the filesystem group to read the
733    cookie file. If the option is set to 1, make the cookie file readable by
734    the default GID. [Making the file readable by other groups is not yet
735    implemented; let us know if you need this for some reason.] (Default: 0).
736</p>
737</dd>
738<dt class="hdlist1">
739<strong>ControlPortWriteToFile</strong> <em>Path</em>
740</dt>
741<dd>
742<p>
743    If set, Tor writes the address and port of any control port it opens to
744    this address.  Usable by controllers to learn the actual control port
745    when ControlPort is set to "auto".
746</p>
747</dd>
748<dt class="hdlist1">
749<strong>ControlPortFileGroupReadable</strong> <strong>0</strong>|<strong>1</strong>
750</dt>
751<dd>
752<p>
753    If this option is set to 0, don&#8217;t allow the filesystem group to read the
754    control port file. If the option is set to 1, make the control port
755    file readable by the default GID. (Default: 0).
756</p>
757</dd>
758<dt class="hdlist1">
759<strong>DataDirectory</strong> <em>DIR</em>
760</dt>
761<dd>
762<p>
763    Store working data in DIR (Default: /c/Users/erinn/build-scripts.git/osx-bundles/build-alpha/var/lib/tor)
764</p>
765</dd>
766<dt class="hdlist1">
767<strong>DirServer</strong> [<em>nickname</em>] [<strong>flags</strong>] <em>address</em>:<em>port</em> <em>fingerprint</em>
768</dt>
769<dd>
770<p>
771    Use a nonstandard authoritative directory server at the provided address
772    and port, with the specified key fingerprint. This option can be repeated
773    many times, for multiple authoritative directory servers. Flags are
774    separated by spaces, and determine what kind of an authority this directory
775    is. By default, every authority is authoritative for current ("v2")-style
776    directories, unless the "no-v2" flag is given. If the "v1" flags is
777    provided, Tor will use this server as an authority for old-style (v1)
778    directories as well. (Only directory mirrors care about this.) Tor will
779    use this server as an authority for hidden service information if the "hs"
780    flag is set, or if the "v1" flag is set and the "no-hs" flag is <strong>not</strong> set.
781    Tor will use this authority as a bridge authoritative directory if the
782    "bridge" flag is set. If a flag "orport=<strong>port</strong>" is given, Tor will use the
783    given port when opening encrypted tunnels to the dirserver. Lastly, if a
784    flag "v3ident=<strong>fp</strong>" is given, the dirserver is a v3 directory authority
785    whose v3 long-term signing key has the fingerprint <strong>fp</strong>.<br />
786<br />
787    If no <strong>dirserver</strong> line is given, Tor will use the default directory
788    servers. NOTE: this option is intended for setting up a private Tor
789    network with its own directory authorities. If you use it, you will be
790    distinguishable from other users, because you won&#8217;t believe the same
791    authorities they do.
792</p>
793</dd>
794</dl></div>
795<div class="paragraph"><p><strong>AlternateDirAuthority</strong> [<em>nickname</em>] [<strong>flags</strong>] <em>address</em>:<em>port</em> <em>fingerprint</em><br /></p></div>
796<div class="paragraph"><p><strong>AlternateHSAuthority</strong> [<em>nickname</em>] [<strong>flags</strong>] <em>address</em>:<em>port</em> <em>fingerprint</em><br /></p></div>
797<div class="dlist"><dl>
798<dt class="hdlist1">
799<strong>AlternateBridgeAuthority</strong> [<em>nickname</em>] [<strong>flags</strong>] <em>address</em>:<em>port</em> <em> fingerprint</em>
800</dt>
801<dd>
802<p>
803    As DirServer, but replaces less of the default directory authorities. Using
804    AlternateDirAuthority replaces the default Tor directory authorities, but
805    leaves the hidden service authorities and bridge authorities in place.
806    Similarly, Using AlternateHSAuthority replaces the default hidden service
807    authorities, but not the directory or bridge authorities.
808</p>
809</dd>
810<dt class="hdlist1">
811<strong>DisableAllSwap</strong> <strong>0</strong>|<strong>1</strong>
812</dt>
813<dd>
814<p>
815    If set to 1, Tor will attempt to lock all current and future memory pages,
816    so that memory cannot be paged out. Windows, OS X and Solaris are currently
817    not supported. We believe that this feature works on modern Gnu/Linux
818    distributions, and that it should work on *BSD systems (untested). This
819    option requires that you start your Tor as root, and you should use the
820    <strong>User</strong> option to properly reduce Tor&#8217;s privileges. (Default: 0)
821</p>
822</dd>
823<dt class="hdlist1">
824<strong>FetchDirInfoEarly</strong> <strong>0</strong>|<strong>1</strong>
825</dt>
826<dd>
827<p>
828    If set to 1, Tor will always fetch directory information like other
829    directory caches, even if you don&#8217;t meet the normal criteria for fetching
830    early. Normal users should leave it off. (Default: 0)
831</p>
832</dd>
833<dt class="hdlist1">
834<strong>FetchDirInfoExtraEarly</strong> <strong>0</strong>|<strong>1</strong>
835</dt>
836<dd>
837<p>
838    If set to 1, Tor will fetch directory information before other directory
839    caches. It will attempt to download directory information closer to the
840    start of the consensus period. Normal users should leave it off.
841    (Default: 0)
842</p>
843</dd>
844<dt class="hdlist1">
845<strong>FetchHidServDescriptors</strong> <strong>0</strong>|<strong>1</strong>
846</dt>
847<dd>
848<p>
849    If set to 0, Tor will never fetch any hidden service descriptors from the
850    rendezvous directories. This option is only useful if you&#8217;re using a Tor
851    controller that handles hidden service fetches for you. (Default: 1)
852</p>
853</dd>
854<dt class="hdlist1">
855<strong>FetchServerDescriptors</strong> <strong>0</strong>|<strong>1</strong>
856</dt>
857<dd>
858<p>
859    If set to 0, Tor will never fetch any network status summaries or server
860    descriptors from the directory servers. This option is only useful if
861    you&#8217;re using a Tor controller that handles directory fetches for you.
862    (Default: 1)
863</p>
864</dd>
865<dt class="hdlist1">
866<strong>FetchUselessDescriptors</strong> <strong>0</strong>|<strong>1</strong>
867</dt>
868<dd>
869<p>
870    If set to 1, Tor will fetch every non-obsolete descriptor from the
871    authorities that it hears about. Otherwise, it will avoid fetching useless
872    descriptors, for example for routers that are not running. This option is
873    useful if you&#8217;re using the contributed "exitlist" script to enumerate Tor
874    nodes that exit to certain addresses. (Default: 0)
875</p>
876</dd>
877<dt class="hdlist1">
878<strong>HTTPProxy</strong> <em>host</em>[:<em>port</em>]
879</dt>
880<dd>
881<p>
882    Tor will make all its directory requests through this host:port (or host:80
883    if port is not specified), rather than connecting directly to any directory
884    servers.
885</p>
886</dd>
887<dt class="hdlist1">
888<strong>HTTPProxyAuthenticator</strong> <em>username:password</em>
889</dt>
890<dd>
891<p>
892    If defined, Tor will use this username:password for Basic HTTP proxy
893    authentication, as in RFC 2617. This is currently the only form of HTTP
894    proxy authentication that Tor supports; feel free to submit a patch if you
895    want it to support others.
896</p>
897</dd>
898<dt class="hdlist1">
899<strong>HTTPSProxy</strong> <em>host</em>[:<em>port</em>]
900</dt>
901<dd>
902<p>
903    Tor will make all its OR (SSL) connections through this host:port (or
904    host:443 if port is not specified), via HTTP CONNECT rather than connecting
905    directly to servers. You may want to set <strong>FascistFirewall</strong> to restrict
906    the set of ports you might try to connect to, if your HTTPS proxy only
907    allows connecting to certain ports.
908</p>
909</dd>
910<dt class="hdlist1">
911<strong>HTTPSProxyAuthenticator</strong> <em>username:password</em>
912</dt>
913<dd>
914<p>
915    If defined, Tor will use this username:password for Basic HTTPS proxy
916    authentication, as in RFC 2617. This is currently the only form of HTTPS
917    proxy authentication that Tor supports; feel free to submit a patch if you
918    want it to support others.
919</p>
920</dd>
921<dt class="hdlist1">
922<strong>Socks4Proxy</strong> <em>host</em>[:<em>port</em>]
923</dt>
924<dd>
925<p>
926    Tor will make all OR connections through the SOCKS 4 proxy at host:port
927    (or host:1080 if port is not specified).
928</p>
929</dd>
930<dt class="hdlist1">
931<strong>Socks5Proxy</strong> <em>host</em>[:<em>port</em>]
932</dt>
933<dd>
934<p>
935    Tor will make all OR connections through the SOCKS 5 proxy at host:port
936    (or host:1080 if port is not specified).
937</p>
938</dd>
939</dl></div>
940<div class="paragraph"><p><strong>Socks5ProxyUsername</strong> <em>username</em><br /></p></div>
941<div class="dlist"><dl>
942<dt class="hdlist1">
943<strong>Socks5ProxyPassword</strong> <em>password</em>
944</dt>
945<dd>
946<p>
947    If defined, authenticate to the SOCKS 5 server using username and password
948    in accordance to RFC 1929. Both username and password must be between 1 and
949    255 characters.
950</p>
951</dd>
952<dt class="hdlist1">
953<strong>KeepalivePeriod</strong> <em>NUM</em>
954</dt>
955<dd>
956<p>
957    To keep firewalls from expiring connections, send a padding keepalive cell
958    every NUM seconds on open connections that are in use. If the connection
959    has no open circuits, it will instead be closed after NUM seconds of
960    idleness. (Default: 5 minutes)
961</p>
962</dd>
963<dt class="hdlist1">
964<strong>Log</strong> <em>minSeverity</em>[-<em>maxSeverity</em>] <strong>stderr</strong>|<strong>stdout</strong>|<strong>syslog</strong>
965</dt>
966<dd>
967<p>
968    Send all messages between <em>minSeverity</em> and <em>maxSeverity</em> to the standard
969    output stream, the standard error stream, or to the system log. (The
970    "syslog" value is only supported on Unix.) Recognized severity levels are
971    debug, info, notice, warn, and err. We advise using "notice" in most cases,
972    since anything more verbose may provide sensitive information to an
973    attacker who obtains the logs. If only one severity level is given, all
974    messages of that level or higher will be sent to the listed destination.
975</p>
976</dd>
977<dt class="hdlist1">
978<strong>Log</strong> <em>minSeverity</em>[-<em>maxSeverity</em>] <strong>file</strong> <em>FILENAME</em>
979</dt>
980<dd>
981<p>
982    As above, but send log messages to the listed filename. The
983    "Log" option may appear more than once in a configuration file.
984    Messages are sent to all the logs that match their severity
985    level.
986</p>
987</dd>
988</dl></div>
989<div class="paragraph"><p><strong>Log</strong> <strong>[</strong><em>domain</em>,&#8230;<strong>]</strong><em>minSeverity</em>[-<em>maxSeverity</em>] &#8230; <strong>file</strong> <em>FILENAME</em><br /></p></div>
990<div class="dlist"><dl>
991<dt class="hdlist1">
992<strong>Log</strong> <strong>[</strong><em>domain</em>,&#8230;<strong>]</strong><em>minSeverity</em>[-<em>maxSeverity</em>] &#8230; <strong>stderr</strong>|<strong>stdout</strong>|<strong>syslog</strong>
993</dt>
994<dd>
995<p>
996    As above, but select messages by range of log severity <em>and</em> by a
997    set of "logging domains".  Each logging domain corresponds to an area of
998    functionality inside Tor.  You can specify any number of severity ranges
999    for a single log statement, each of them prefixed by a comma-separated
1000    list of logging domains.  You can prefix a domain with ~ to indicate
1001    negation, and use * to indicate "all domains".  If you specify a severity
1002    range without a list of domains, it matches all domains.<br />
1003<br />
1004    This is an advanced feature which is most useful for debugging one or two
1005    of Tor&#8217;s subsystems at a time.<br />
1006<br />
1007    The currently recognized domains are: general, crypto, net, config, fs,
1008    protocol, mm, http, app, control, circ, rend, bug, dir, dirserv, or, edge,
1009    acct, hist, and handshake.  Domain names are case-insensitive.<br />
1010<br />
1011    For example, "<tt>Log [handshake]debug [~net,~mm]info notice stdout</tt>" sends
1012    to stdout: all handshake messages of any severity, all info-and-higher
1013    messages from domains other than networking and memory management, and all
1014    messages of severity notice or higher.
1015</p>
1016</dd>
1017<dt class="hdlist1">
1018<strong>LogMessageDomains</strong> <strong>0</strong>|<strong>1</strong>
1019</dt>
1020<dd>
1021<p>
1022    If 1, Tor includes message domains with each log message.  Every log
1023    message currently has at least one domain; most currently have exactly
1024    one.  This doesn&#8217;t affect controller log messages. (Default: 0)
1025</p>
1026</dd>
1027<dt class="hdlist1">
1028<strong>OutboundBindAddress</strong> <em>IP</em>
1029</dt>
1030<dd>
1031<p>
1032    Make all outbound connections originate from the IP address specified. This
1033    is only useful when you have multiple network interfaces, and you want all
1034    of Tor&#8217;s outgoing connections to use a single one.  This setting will be
1035    ignored for connections to the loopback addresses (127.0.0.0/8 and ::1).
1036</p>
1037</dd>
1038<dt class="hdlist1">
1039<strong>PidFile</strong> <em>FILE</em>
1040</dt>
1041<dd>
1042<p>
1043    On startup, write our PID to FILE. On clean shutdown, remove
1044    FILE.
1045</p>
1046</dd>
1047<dt class="hdlist1">
1048<strong>ProtocolWarnings</strong> <strong>0</strong>|<strong>1</strong>
1049</dt>
1050<dd>
1051<p>
1052    If 1, Tor will log with severity 'warn' various cases of other parties not
1053    following the Tor specification. Otherwise, they are logged with severity
1054    'info'. (Default: 0)
1055</p>
1056</dd>
1057<dt class="hdlist1">
1058<strong>RunAsDaemon</strong> <strong>0</strong>|<strong>1</strong>
1059</dt>
1060<dd>
1061<p>
1062    If 1, Tor forks and daemonizes to the background. This option has no effect
1063    on Windows; instead you should use the --service command-line option.
1064    (Default: 0)
1065</p>
1066</dd>
1067<dt class="hdlist1">
1068<strong>SafeLogging</strong> <strong>0</strong>|<strong>1</strong>|<strong>relay</strong>
1069</dt>
1070<dd>
1071<p>
1072    Tor can scrub potentially sensitive strings from log messages (e.g.
1073    addresses) by replacing them with the string [scrubbed]. This way logs can
1074    still be useful, but they don&#8217;t leave behind personally identifying
1075    information about what sites a user might have visited.<br />
1076<br />
1077    If this option is set to 0, Tor will not perform any scrubbing, if it is
1078    set to 1, all potentially sensitive strings are replaced. If it is set to
1079    relay, all log messages generated when acting as a relay are sanitized, but
1080    all messages generated when acting as a client are not. (Default: 1)
1081</p>
1082</dd>
1083<dt class="hdlist1">
1084<strong>User</strong> <em>UID</em>
1085</dt>
1086<dd>
1087<p>
1088    On startup, setuid to this user and setgid to their primary group.
1089</p>
1090</dd>
1091<dt class="hdlist1">
1092<strong>HardwareAccel</strong> <strong>0</strong>|<strong>1</strong>
1093</dt>
1094<dd>
1095<p>
1096    If non-zero, try to use built-in (static) crypto hardware acceleration when
1097    available. (Default: 0)
1098</p>
1099</dd>
1100<dt class="hdlist1">
1101<strong>AccelName</strong> <em>NAME</em>
1102</dt>
1103<dd>
1104<p>
1105    When using OpenSSL hardware crypto acceleration attempt to load the dynamic
1106    engine of this name. This must be used for any dynamic hardware engine.
1107    Names can be verified with the openssl engine command.
1108</p>
1109</dd>
1110<dt class="hdlist1">
1111<strong>AccelDir</strong> <em>DIR</em>
1112</dt>
1113<dd>
1114<p>
1115    Specify this option if using dynamic hardware acceleration and the engine
1116    implementation library resides somewhere other than the OpenSSL default.
1117</p>
1118</dd>
1119<dt class="hdlist1">
1120<strong>AvoidDiskWrites</strong> <strong>0</strong>|<strong>1</strong>
1121</dt>
1122<dd>
1123<p>
1124    If non-zero, try to write to disk less frequently than we would otherwise.
1125    This is useful when running on flash memory or other media that support
1126    only a limited number of writes. (Default: 0)
1127</p>
1128</dd>
1129<dt class="hdlist1">
1130<strong>TunnelDirConns</strong> <strong>0</strong>|<strong>1</strong>
1131</dt>
1132<dd>
1133<p>
1134    If non-zero, when a directory server we contact supports it, we will build
1135    a one-hop circuit and make an encrypted connection via its ORPort.
1136    (Default: 1)
1137</p>
1138</dd>
1139<dt class="hdlist1">
1140<strong>PreferTunneledDirConns</strong> <strong>0</strong>|<strong>1</strong>
1141</dt>
1142<dd>
1143<p>
1144    If non-zero, we will avoid directory servers that don&#8217;t support tunneled
1145    directory connections, when possible. (Default: 1)
1146</p>
1147</dd>
1148<dt class="hdlist1">
1149<strong>CircuitPriorityHalflife</strong> <em>NUM1</em>
1150</dt>
1151<dd>
1152<p>
1153    If this value is set, we override the default algorithm for choosing which
1154    circuit&#8217;s cell to deliver or relay next. When the value is 0, we
1155    round-robin between the active circuits on a connection, delivering one
1156    cell from each in turn. When the value is positive, we prefer delivering
1157    cells from whichever connection has the lowest weighted cell count, where
1158    cells are weighted exponentially according to the supplied
1159    CircuitPriorityHalflife value (in seconds). If this option is not set at
1160    all, we use the behavior recommended in the current consensus
1161    networkstatus. This is an advanced option; you generally shouldn&#8217;t have
1162    to mess with it. (Default: not set.)
1163</p>
1164</dd>
1165</dl></div>
1166</div>
1167<h2 id="_client_options">CLIENT OPTIONS</h2>
1168<div class="sectionbody">
1169<div class="paragraph"><p>The following options are useful only for clients (that is, if
1170<strong>SocksPort</strong> is non-zero):</p></div>
1171<div class="dlist"><dl>
1172<dt class="hdlist1">
1173<strong>AllowInvalidNodes</strong> <strong>entry</strong>|<strong>exit</strong>|<strong>middle</strong>|<strong>introduction</strong>|<strong>rendezvous</strong>|<strong>&#8230;</strong>
1174</dt>
1175<dd>
1176<p>
1177    If some Tor servers are obviously not working right, the directory
1178    authorities can manually mark them as invalid, meaning that it&#8217;s not
1179    recommended you use them for entry or exit positions in your circuits. You
1180    can opt to use them in some circuit positions, though. The default is
1181    "middle,rendezvous", and other choices are not advised.
1182</p>
1183</dd>
1184<dt class="hdlist1">
1185<strong>ExcludeSingleHopRelays</strong> <strong>0</strong>|<strong>1</strong>
1186</dt>
1187<dd>
1188<p>
1189    This option controls whether circuits built by Tor will include relays with
1190    the AllowSingleHopExits flag set to true. If ExcludeSingleHopRelays is set
1191    to 0, these relays will be included. Note that these relays might be at
1192    higher risk of being seized or observed, so they are not normally
1193    included.  Also note that relatively few clients turn off this option,
1194    so using these relays might make your client stand out.
1195    (Default: 1)
1196</p>
1197</dd>
1198<dt class="hdlist1">
1199<strong>Bridge</strong> <em>IP</em>:<em>ORPort</em> [fingerprint]
1200</dt>
1201<dd>
1202<p>
1203    When set along with UseBridges, instructs Tor to use the relay at
1204    "IP:ORPort" as a "bridge" relaying into the Tor network. If "fingerprint"
1205    is provided (using the same format as for DirServer), we will verify that
1206    the relay running at that location has the right fingerprint. We also use
1207    fingerprint to look up the bridge descriptor at the bridge authority, if
1208    it&#8217;s provided and if UpdateBridgesFromAuthority is set too.
1209</p>
1210</dd>
1211<dt class="hdlist1">
1212<strong>LearnCircuitBuildTimeout</strong> <strong>0</strong>|<strong>1</strong>
1213</dt>
1214<dd>
1215<p>
1216    If 0, CircuitBuildTimeout adaptive learning is disabled. (Default: 1)
1217</p>
1218</dd>
1219<dt class="hdlist1">
1220<strong>CircuitBuildTimeout</strong> <em>NUM</em>
1221</dt>
1222<dd>
1223<p>
1224    Try for at most NUM seconds when building circuits. If the circuit isn&#8217;t
1225    open in that time, give up on it. If LearnCircuitBuildTimeout is 1, this
1226    value serves as the initial value to use before a timeout is learned. If
1227    LearnCircuitBuildTimeout is 0, this value is the only value used.
1228    (Default: 60 seconds.)
1229</p>
1230</dd>
1231<dt class="hdlist1">
1232<strong>CircuitIdleTimeout</strong> <em>NUM</em>
1233</dt>
1234<dd>
1235<p>
1236    If we have kept a clean (never used) circuit around for NUM seconds, then
1237    close it. This way when the Tor client is entirely idle, it can expire all
1238    of its circuits, and then expire its TLS connections. Also, if we end up
1239    making a circuit that is not useful for exiting any of the requests we&#8217;re
1240    receiving, it won&#8217;t forever take up a slot in the circuit list. (Default: 1
1241    hour.)
1242</p>
1243</dd>
1244<dt class="hdlist1">
1245<strong>CircuitStreamTimeout</strong> <em>NUM</em>
1246</dt>
1247<dd>
1248<p>
1249    If non-zero, this option overrides our internal timeout schedule for how
1250    many seconds until we detach a stream from a circuit and try a new circuit.
1251    If your network is particularly slow, you might want to set this to a
1252    number like 60. (Default: 0)
1253</p>
1254</dd>
1255<dt class="hdlist1">
1256<strong>ClientOnly</strong> <strong>0</strong>|<strong>1</strong>
1257</dt>
1258<dd>
1259<p>
1260    If set to 1, Tor will under no circumstances run as a server or serve
1261    directory requests. The default is to run as a client unless ORPort is
1262    configured. (Usually, you don&#8217;t need to set this; Tor is pretty smart at
1263    figuring out whether you are reliable and high-bandwidth enough to be a
1264    useful server.) (Default: 0)
1265</p>
1266</dd>
1267<dt class="hdlist1">
1268<strong>ExcludeNodes</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
1269</dt>
1270<dd>
1271<p>
1272    A list of identity fingerprints, nicknames, country codes and address
1273    patterns of nodes to avoid when building a circuit.
1274    (Example:
1275    ExcludeNodes SlowServer, ABCD1234CDEF5678ABCD1234CDEF5678ABCD1234, {cc}, 255.254.0.0/8)<br />
1276<br />
1277    By default, this option is treated as a preference that Tor is allowed
1278    to override in order to keep working.
1279    For example, if you try to connect to a hidden service,
1280    but you have excluded all of the hidden service&#8217;s introduction points,
1281    Tor will connect to one of them anyway.  If you do not want this
1282    behavior, set the StrictNodes option (documented below). <br />
1283<br />
1284    Note also that if you are a relay, this (and the other node selection
1285    options below) only affects your own circuits that Tor builds for you.
1286    Clients can still build circuits through you to any node.  Controllers
1287    can tell Tor to build circuits through any node.
1288</p>
1289</dd>
1290<dt class="hdlist1">
1291<strong>ExcludeExitNodes</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
1292</dt>
1293<dd>
1294<p>
1295    A list of identity fingerprints, nicknames, country codes and address
1296    patterns of nodes to never use when picking an exit node---that is, a
1297    node that delivers traffic for you outside the Tor network.   Note that any
1298    node listed in ExcludeNodes is automatically considered to be part of this
1299    list too.  See also the caveats on the "ExitNodes" option below.
1300</p>
1301</dd>
1302<dt class="hdlist1">
1303<strong>ExitNodes</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
1304</dt>
1305<dd>
1306<p>
1307    A list of identity fingerprints, nicknames, country codes and address
1308    patterns of nodes to use as exit node---that is, a
1309    node that delivers traffic for you outside the Tor network.<br />
1310<br />
1311    Note that if you list too few nodes here, or if you exclude too many exit
1312    nodes with ExcludeExitNodes, you can degrade functionality.  For example,
1313    if none of the exits you list allows traffic on port 80 or 443, you won&#8217;t
1314    be able to browse the web.<br />
1315<br />
1316    Note also that not every circuit is used to deliver traffic outside of
1317    the Tor network.  It is normal to see non-exit circuits (such as those
1318    used to connect to hidden services, those that do directory fetches,
1319    those used for relay reachability self-tests, and so on) that end
1320    at a non-exit node.  To
1321    keep a node from being used entirely, see ExcludeNodes and StrictNodes.<br />
1322<br />
1323    The ExcludeNodes option overrides this option: any node listed in both
1324    ExitNodes and ExcludeNodes is treated as excluded.<br />
1325<br />
1326    The .exit address notation, if enabled via AllowDotExit, overrides
1327    this option.
1328</p>
1329</dd>
1330<dt class="hdlist1">
1331<strong>EntryNodes</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
1332</dt>
1333<dd>
1334<p>
1335    A list of identity fingerprints and nicknames of nodes
1336    to use for the first hop in your normal circuits.  (Country codes and
1337    address patterns are not yet supported.)  Normal circuits include all
1338    circuits except for direct connections to directory servers.  The Bridge
1339    option overrides this option; if you have configured bridges and
1340    UseBridges is 1, the Bridges are used as your entry nodes.<br />
1341<br />
1342    The ExcludeNodes option overrides this option: any node listed in both
1343    EntryNodes and ExcludeNodes is treated as excluded.
1344</p>
1345</dd>
1346<dt class="hdlist1">
1347<strong>StrictNodes</strong> <strong>0</strong>|<strong>1</strong>
1348</dt>
1349<dd>
1350<p>
1351    If StrictNodes is set to 1, Tor will treat the ExcludeNodes option as a
1352    requirement to follow for all the circuits you generate, even if doing so
1353    will break functionality for you.  If StrictNodes is set to 0, Tor will
1354    still try to avoid nodes in the ExcludeNodes list, but it will err on the
1355    side of avoiding unexpected errors.  Specifically, StrictNodes 0 tells
1356    Tor that it is okay to use an excluded node when it is <strong>necessary</strong> to
1357    perform relay reachability self-tests, connect to
1358    a hidden service, provide a hidden service to a client, fulfill a .exit
1359    request, upload directory information, or download directory information.
1360    (Default: 0)
1361</p>
1362</dd>
1363<dt class="hdlist1">
1364<strong>FascistFirewall</strong> <strong>0</strong>|<strong>1</strong>
1365</dt>
1366<dd>
1367<p>
1368    If 1, Tor will only create outgoing connections to ORs running on ports
1369    that your firewall allows (defaults to 80 and 443; see <strong>FirewallPorts</strong>).
1370    This will allow you to run Tor as a client behind a firewall with
1371    restrictive policies, but will not allow you to run as a server behind such
1372    a firewall. If you prefer more fine-grained control, use
1373    ReachableAddresses instead.
1374</p>
1375</dd>
1376<dt class="hdlist1">
1377<strong>FirewallPorts</strong> <em>PORTS</em>
1378</dt>
1379<dd>
1380<p>
1381    A list of ports that your firewall allows you to connect to. Only used when
1382    <strong>FascistFirewall</strong> is set. This option is deprecated; use ReachableAddresses
1383    instead. (Default: 80, 443)
1384</p>
1385</dd>
1386<dt class="hdlist1">
1387<strong>HidServAuth</strong> <em>onion-address</em> <em>auth-cookie</em> [<em>service-name</em>]
1388</dt>
1389<dd>
1390<p>
1391    Client authorization for a hidden service. Valid onion addresses contain 16
1392    characters in a-z2-7 plus ".onion", and valid auth cookies contain 22
1393    characters in A-Za-z0-9+/. The service name is only used for internal
1394    purposes, e.g., for Tor controllers. This option may be used multiple times
1395    for different hidden services. If a hidden service uses authorization and
1396    this option is not set, the hidden service is not accessible. Hidden
1397    services can be configured to require authorization using the
1398    <strong>HiddenServiceAuthorizeClient</strong> option.
1399</p>
1400</dd>
1401<dt class="hdlist1">
1402<strong>ReachableAddresses</strong> <em>ADDR</em>[/<em>MASK</em>][:<em>PORT</em>]&#8230;
1403</dt>
1404<dd>
1405<p>
1406    A comma-separated list of IP addresses and ports that your firewall allows
1407    you to connect to. The format is as for the addresses in ExitPolicy, except
1408    that "accept" is understood unless "reject" is explicitly provided. For
1409    example, 'ReachableAddresses 99.0.0.0/8, reject 18.0.0.0/8:80, accept
1410    *:80' means that your firewall allows connections to everything inside net
1411    99, rejects port 80 connections to net 18, and accepts connections to port
1412    80 otherwise. (Default: 'accept *:*'.)
1413</p>
1414</dd>
1415<dt class="hdlist1">
1416<strong>ReachableDirAddresses</strong> <em>ADDR</em>[/<em>MASK</em>][:<em>PORT</em>]&#8230;
1417</dt>
1418<dd>
1419<p>
1420    Like <strong>ReachableAddresses</strong>, a list of addresses and ports. Tor will obey
1421    these restrictions when fetching directory information, using standard HTTP
1422    GET requests. If not set explicitly then the value of
1423    <strong>ReachableAddresses</strong> is used. If <strong>HTTPProxy</strong> is set then these
1424    connections will go through that proxy.
1425</p>
1426</dd>
1427<dt class="hdlist1">
1428<strong>ReachableORAddresses</strong> <em>ADDR</em>[/<em>MASK</em>][:<em>PORT</em>]&#8230;
1429</dt>
1430<dd>
1431<p>
1432    Like <strong>ReachableAddresses</strong>, a list of addresses and ports. Tor will obey
1433    these restrictions when connecting to Onion Routers, using TLS/SSL. If not
1434    set explicitly then the value of <strong>ReachableAddresses</strong> is used. If
1435    <strong>HTTPSProxy</strong> is set then these connections will go through that proxy.<br />
1436<br />
1437    The separation between <strong>ReachableORAddresses</strong> and
1438    <strong>ReachableDirAddresses</strong> is only interesting when you are connecting
1439    through proxies (see <strong>HTTPProxy</strong> and <strong>HTTPSProxy</strong>). Most proxies limit
1440    TLS connections (which Tor uses to connect to Onion Routers) to port 443,
1441    and some limit HTTP GET requests (which Tor uses for fetching directory
1442    information) to port 80.
1443</p>
1444</dd>
1445<dt class="hdlist1">
1446<strong>LongLivedPorts</strong> <em>PORTS</em>
1447</dt>
1448<dd>
1449<p>
1450    A list of ports for services that tend to have long-running connections
1451    (e.g. chat and interactive shells). Circuits for streams that use these
1452    ports will contain only high-uptime nodes, to reduce the chance that a node
1453    will go down before the stream is finished. (Default: 21, 22, 706, 1863,
1454    5050, 5190, 5222, 5223, 6667, 6697, 8300)
1455</p>
1456</dd>
1457<dt class="hdlist1">
1458<strong>MapAddress</strong> <em>address</em> <em>newaddress</em>
1459</dt>
1460<dd>
1461<p>
1462    When a request for address arrives to Tor, it will rewrite it to newaddress
1463    before processing it. For example, if you always want connections to
1464    www.indymedia.org to exit via <em>torserver</em> (where <em>torserver</em> is the
1465    nickname of the server), use "MapAddress www.indymedia.org
1466    www.indymedia.org.torserver.exit".
1467</p>
1468</dd>
1469<dt class="hdlist1">
1470<strong>NewCircuitPeriod</strong> <em>NUM</em>
1471</dt>
1472<dd>
1473<p>
1474    Every NUM seconds consider whether to build a new circuit. (Default: 30
1475    seconds)
1476</p>
1477</dd>
1478<dt class="hdlist1">
1479<strong>MaxCircuitDirtiness</strong> <em>NUM</em>
1480</dt>
1481<dd>
1482<p>
1483    Feel free to reuse a circuit that was first used at most NUM seconds ago,
1484    but never attach a new stream to a circuit that is too old. (Default: 10
1485    minutes)
1486</p>
1487</dd>
1488<dt class="hdlist1">
1489<strong>NodeFamily</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
1490</dt>
1491<dd>
1492<p>
1493    The Tor servers, defined by their identity fingerprints or nicknames,
1494    constitute a "family" of similar or co-administered servers, so never use
1495    any two of them in the same circuit. Defining a NodeFamily is only needed
1496    when a server doesn&#8217;t list the family itself (with MyFamily). This option
1497    can be used multiple times.
1498</p>
1499</dd>
1500<dt class="hdlist1">
1501<strong>EnforceDistinctSubnets</strong> <strong>0</strong>|<strong>1</strong>
1502</dt>
1503<dd>
1504<p>
1505    If 1, Tor will not put two servers whose IP addresses are "too close" on
1506    the same circuit. Currently, two addresses are "too close" if they lie in
1507    the same /16 range. (Default: 1)
1508</p>
1509</dd>
1510<dt class="hdlist1">
1511<strong>SocksPort</strong> <em>PORT</em>|<strong>auto</strong>
1512</dt>
1513<dd>
1514<p>
1515    Advertise this port to listen for connections from Socks-speaking
1516    applications. Set this to 0 if you don&#8217;t want to allow application
1517    connections via SOCKS. Set it to "auto" to have Tor pick a port for
1518    you. (Default: 9050)
1519</p>
1520</dd>
1521<dt class="hdlist1">
1522<strong>SocksListenAddress</strong> <em>IP</em>[:<em>PORT</em>]
1523</dt>
1524<dd>
1525<p>
1526    Bind to this address to listen for connections from Socks-speaking
1527    applications. (Default: 127.0.0.1) You can also specify a port (e.g.
1528    192.168.0.1:9100). This directive can be specified multiple times to bind
1529    to multiple addresses/ports.
1530</p>
1531</dd>
1532<dt class="hdlist1">
1533<strong>SocksPolicy</strong> <em>policy</em>,<em>policy</em>,<em>&#8230;</em>
1534</dt>
1535<dd>
1536<p>
1537    Set an entrance policy for this server, to limit who can connect to the
1538    SocksPort and DNSPort ports. The policies have the same form as exit
1539    policies below.
1540</p>
1541</dd>
1542<dt class="hdlist1">
1543<strong>SocksTimeout</strong> <em>NUM</em>
1544</dt>
1545<dd>
1546<p>
1547    Let a socks connection wait NUM seconds handshaking, and NUM seconds
1548    unattached waiting for an appropriate circuit, before we fail it. (Default:
1549    2 minutes.)
1550</p>
1551</dd>
1552<dt class="hdlist1">
1553<strong>TrackHostExits</strong> <em>host</em>,<em>.domain</em>,<em>&#8230;</em>
1554</dt>
1555<dd>
1556<p>
1557    For each value in the comma separated list, Tor will track recent
1558    connections to hosts that match this value and attempt to reuse the same
1559    exit node for each. If the value is prepended with a '.', it is treated as
1560    matching an entire domain. If one of the values is just a '.', it means
1561    match everything. This option is useful if you frequently connect to sites
1562    that will expire all your authentication cookies (i.e. log you out) if
1563    your IP address changes. Note that this option does have the disadvantage
1564    of making it more clear that a given history is associated with a single
1565    user. However, most people who would wish to observe this will observe it
1566    through cookies or other protocol-specific means anyhow.
1567</p>
1568</dd>
1569<dt class="hdlist1">
1570<strong>TrackHostExitsExpire</strong> <em>NUM</em>
1571</dt>
1572<dd>
1573<p>
1574    Since exit servers go up and down, it is desirable to expire the
1575    association between host and exit server after NUM seconds. The default is
1576    1800 seconds (30 minutes).
1577</p>
1578</dd>
1579<dt class="hdlist1">
1580<strong>UpdateBridgesFromAuthority</strong> <strong>0</strong>|<strong>1</strong>
1581</dt>
1582<dd>
1583<p>
1584    When set (along with UseBridges), Tor will try to fetch bridge descriptors
1585    from the configured bridge authorities when feasible. It will fall back to
1586    a direct request if the authority responds with a 404. (Default: 0)
1587</p>
1588</dd>
1589<dt class="hdlist1">
1590<strong>UseBridges</strong> <strong>0</strong>|<strong>1</strong>
1591</dt>
1592<dd>
1593<p>
1594    When set, Tor will fetch descriptors for each bridge listed in the "Bridge"
1595    config lines, and use these relays as both entry guards and directory
1596    guards. (Default: 0)
1597</p>
1598</dd>
1599<dt class="hdlist1">
1600<strong>UseEntryGuards</strong> <strong>0</strong>|<strong>1</strong>
1601</dt>
1602<dd>
1603<p>
1604    If this option is set to 1, we pick a few long-term entry servers, and try
1605    to stick with them. This is desirable because constantly changing servers
1606    increases the odds that an adversary who owns some servers will observe a
1607    fraction of your paths. (Defaults to 1.)
1608</p>
1609</dd>
1610<dt class="hdlist1">
1611<strong>NumEntryGuards</strong> <em>NUM</em>
1612</dt>
1613<dd>
1614<p>
1615    If UseEntryGuards is set to 1, we will try to pick a total of NUM routers
1616    as long-term entries for our circuits. (Defaults to 3.)
1617</p>
1618</dd>
1619<dt class="hdlist1">
1620<strong>SafeSocks</strong> <strong>0</strong>|<strong>1</strong>
1621</dt>
1622<dd>
1623<p>
1624    When this option is enabled, Tor will reject application connections that
1625    use unsafe variants of the socks protocol&#8201;&#8212;&#8201;ones that only provide an IP
1626    address, meaning the application is doing a DNS resolve first.
1627    Specifically, these are socks4 and socks5 when not doing remote DNS.
1628    (Defaults to 0.)
1629</p>
1630</dd>
1631<dt class="hdlist1">
1632<strong>TestSocks</strong> <strong>0</strong>|<strong>1</strong>
1633</dt>
1634<dd>
1635<p>
1636    When this option is enabled, Tor will make a notice-level log entry for
1637    each connection to the Socks port indicating whether the request used a
1638    safe socks protocol or an unsafe one (see above entry on SafeSocks). This
1639    helps to determine whether an application using Tor is possibly leaking
1640    DNS requests. (Default: 0)
1641</p>
1642</dd>
1643<dt class="hdlist1">
1644<strong>WarnUnsafeSocks</strong> <strong>0</strong>|<strong>1</strong>
1645</dt>
1646<dd>
1647<p>
1648    When this option is enabled, Tor will warn whenever a request is
1649    received that only contains an IP address instead of a hostname. Allowing
1650    applications to do DNS resolves themselves is usually a bad idea and
1651    can leak your location to attackers. (Default: 1)
1652</p>
1653</dd>
1654<dt class="hdlist1">
1655<strong>VirtualAddrNetwork</strong> <em>Address</em>/<em>bits</em>
1656</dt>
1657<dd>
1658<p>
1659    When Tor needs to assign a virtual (unused) address because of a MAPADDRESS
1660    command from the controller or the AutomapHostsOnResolve feature, Tor
1661    picks an unassigned address from this range. (Default:
1662    127.192.0.0/10)<br />
1663<br />
1664    When providing proxy server service to a network of computers using a tool
1665    like dns-proxy-tor, change this address to "10.192.0.0/10" or
1666    "172.16.0.0/12". The default <strong>VirtualAddrNetwork</strong> address range on a
1667    properly configured machine will route to the loopback interface. For
1668    local use, no change to the default VirtualAddrNetwork setting is needed.
1669</p>
1670</dd>
1671<dt class="hdlist1">
1672<strong>AllowNonRFC953Hostnames</strong> <strong>0</strong>|<strong>1</strong>
1673</dt>
1674<dd>
1675<p>
1676    When this option is disabled, Tor blocks hostnames containing illegal
1677    characters (like @ and :) rather than sending them to an exit node to be
1678    resolved. This helps trap accidental attempts to resolve URLs and so on.
1679    (Default: 0)
1680</p>
1681</dd>
1682<dt class="hdlist1">
1683<strong>AllowDotExit</strong> <strong>0</strong>|<strong>1</strong>
1684</dt>
1685<dd>
1686<p>
1687    If enabled, we convert "www.google.com.foo.exit" addresses on the
1688    SocksPort/TransPort/NATDPort into "www.google.com" addresses that exit from
1689    the node "foo". Disabled by default since attacking websites and exit
1690    relays can use it to manipulate your path selection. (Default: 0)
1691</p>
1692</dd>
1693<dt class="hdlist1">
1694<strong>FastFirstHopPK</strong> <strong>0</strong>|<strong>1</strong>
1695</dt>
1696<dd>
1697<p>
1698    When this option is disabled, Tor uses the public key step for the first
1699    hop of creating circuits. Skipping it is generally safe since we have
1700    already used TLS to authenticate the relay and to establish forward-secure
1701    keys. Turning this option off makes circuit building slower.<br />
1702<br />
1703    Note that Tor will always use the public key step for the first hop if it&#8217;s
1704    operating as a relay, and it will never use the public key step if it
1705    doesn&#8217;t yet know the onion key of the first hop. (Default: 1)
1706</p>
1707</dd>
1708<dt class="hdlist1">
1709<strong>TransPort</strong> <em>PORT</em>|<strong>auto</strong>
1710</dt>
1711<dd>
1712<p>
1713    If non-zero, enables transparent proxy support on <em>PORT</em> (by convention,
1714    9040). Requires OS support for transparent proxies, such as BSDs' pf or
1715    Linux&#8217;s IPTables. If you&#8217;re planning to use Tor as a transparent proxy for
1716    a network, you&#8217;ll want to examine and change VirtualAddrNetwork from the
1717    default setting. You&#8217;ll also want to set the TransListenAddress option for
1718    the network you&#8217;d like to proxy.  Set it to "auto" to have Tor pick a
1719    port for you.  (Default: 0).
1720</p>
1721</dd>
1722<dt class="hdlist1">
1723<strong>TransListenAddress</strong> <em>IP</em>[:<em>PORT</em>]
1724</dt>
1725<dd>
1726<p>
1727    Bind to this address to listen for transparent proxy connections. (Default:
1728    127.0.0.1). This is useful for exporting a transparent proxy server to an
1729    entire network.
1730</p>
1731</dd>
1732<dt class="hdlist1">
1733<strong>NATDPort</strong> <em>PORT</em>|<strong>auto</strong>
1734</dt>
1735<dd>
1736<p>
1737    Allow old versions of ipfw (as included in old versions of FreeBSD, etc.)
1738    to send connections through Tor using the NATD protocol. This option is
1739    only for people who cannot use TransPort.  Set it to "auto" to have Tor
1740    pick a port for you. (Default: 0)
1741</p>
1742</dd>
1743<dt class="hdlist1">
1744<strong>NATDListenAddress</strong> <em>IP</em>[:<em>PORT</em>]
1745</dt>
1746<dd>
1747<p>
1748    Bind to this address to listen for NATD connections. (Default: 127.0.0.1).
1749</p>
1750</dd>
1751<dt class="hdlist1">
1752<strong>AutomapHostsOnResolve</strong> <strong>0</strong>|<strong>1</strong>
1753</dt>
1754<dd>
1755<p>
1756    When this option is enabled, and we get a request to resolve an address
1757    that ends with one of the suffixes in <strong>AutomapHostsSuffixes</strong>, we map an
1758    unused virtual address to that address, and return the new virtual address.
1759    This is handy for making ".onion" addresses work with applications that
1760    resolve an address and then connect to it. (Default: 0).
1761</p>
1762</dd>
1763<dt class="hdlist1">
1764<strong>AutomapHostsSuffixes</strong> <em>SUFFIX</em>,<em>SUFFIX</em>,<em>&#8230;</em>
1765</dt>
1766<dd>
1767<p>
1768    A comma-separated list of suffixes to use with <strong>AutomapHostsOnResolve</strong>.
1769    The "." suffix is equivalent to "all addresses." (Default: .exit,.onion).
1770</p>
1771</dd>
1772<dt class="hdlist1">
1773<strong>DNSPort</strong> <em>PORT</em>|<strong>auto</strong>
1774</dt>
1775<dd>
1776<p>
1777    If non-zero, Tor listens for UDP DNS requests on this port and resolves
1778    them anonymously.  Set it to "auto" to have Tor pick a port for
1779    you. (Default: 0).
1780</p>
1781</dd>
1782<dt class="hdlist1">
1783<strong>DNSListenAddress</strong> <em>IP</em>[:<em>PORT</em>]
1784</dt>
1785<dd>
1786<p>
1787    Bind to this address to listen for DNS connections. (Default: 127.0.0.1).
1788</p>
1789</dd>
1790<dt class="hdlist1">
1791<strong>ClientDNSRejectInternalAddresses</strong> <strong>0</strong>|<strong>1</strong>
1792</dt>
1793<dd>
1794<p>
1795    If true, Tor does not believe any anonymously retrieved DNS answer that
1796    tells it that an address resolves to an internal address (like 127.0.0.1 or
1797    192.168.0.1). This option prevents certain browser-based attacks; don&#8217;t
1798    turn it off unless you know what you&#8217;re doing. (Default: 1).
1799</p>
1800</dd>
1801<dt class="hdlist1">
1802<strong>ClientRejectInternalAddresses</strong> <strong>0</strong>|<strong>1</strong>
1803</dt>
1804<dd>
1805<p>
1806    If true, Tor does not try to fulfill requests to connect to an internal
1807    address (like 127.0.0.1 or 192.168.0.1) <em>unless a exit node is
1808    specifically requested</em> (for example, via a .exit hostname, or a
1809    controller request).  (Default: 1).
1810</p>
1811</dd>
1812<dt class="hdlist1">
1813<strong>DownloadExtraInfo</strong> <strong>0</strong>|<strong>1</strong>
1814</dt>
1815<dd>
1816<p>
1817    If true, Tor downloads and caches "extra-info" documents. These documents
1818    contain information about servers other than the information in their
1819    regular router descriptors. Tor does not use this information for anything
1820    itself; to save bandwidth, leave this option turned off. (Default: 0).
1821</p>
1822</dd>
1823<dt class="hdlist1">
1824<strong>FallbackNetworkstatusFile</strong> <em>FILENAME</em>
1825</dt>
1826<dd>
1827<p>
1828    If Tor doesn&#8217;t have a cached networkstatus file, it starts out using this
1829    one instead. Even if this file is out of date, Tor can still use it to
1830    learn about directory mirrors, so it doesn&#8217;t need to put load on the
1831    authorities. (Default: None).
1832</p>
1833</dd>
1834<dt class="hdlist1">
1835<strong>WarnPlaintextPorts</strong> <em>port</em>,<em>port</em>,<em>&#8230;</em>
1836</dt>
1837<dd>
1838<p>
1839    Tells Tor to issue a warnings whenever the user tries to make an anonymous
1840    connection to one of these ports. This option is designed to alert users
1841    to services that risk sending passwords in the clear. (Default:
1842    23,109,110,143).
1843</p>
1844</dd>
1845<dt class="hdlist1">
1846<strong>RejectPlaintextPorts</strong> <em>port</em>,<em>port</em>,<em>&#8230;</em>
1847</dt>
1848<dd>
1849<p>
1850    Like WarnPlaintextPorts, but instead of warning about risky port uses, Tor
1851    will instead refuse to make the connection. (Default: None).
1852</p>
1853</dd>
1854<dt class="hdlist1">
1855<strong>AllowSingleHopCircuits</strong> <strong>0</strong>|<strong>1</strong>
1856</dt>
1857<dd>
1858<p>
1859    When this option is set, the attached Tor controller can use relays
1860    that have the <strong>AllowSingleHopExits</strong> option turned on to build
1861    one-hop Tor connections.  (Default: 0)
1862</p>
1863</dd>
1864</dl></div>
1865</div>
1866<h2 id="_server_options">SERVER OPTIONS</h2>
1867<div class="sectionbody">
1868<div class="paragraph"><p>The following options are useful only for servers (that is, if ORPort
1869is non-zero):</p></div>
1870<div class="dlist"><dl>
1871<dt class="hdlist1">
1872<strong>Address</strong> <em>address</em>
1873</dt>
1874<dd>
1875<p>
1876    The IP address or fully qualified domain name of this server (e.g.
1877    moria.mit.edu). You can leave this unset, and Tor will guess your IP
1878    address.  This IP address is the one used to tell clients and other
1879    servers where to find your Tor server; it doesn&#8217;t affect the IP that your
1880    Tor client binds to.  To bind to a different address, use the
1881    *ListenAddress and OutboundBindAddress options.
1882</p>
1883</dd>
1884<dt class="hdlist1">
1885<strong>AllowSingleHopExits</strong> <strong>0</strong>|<strong>1</strong>
1886</dt>
1887<dd>
1888<p>
1889    This option controls whether clients can use this server as a single hop
1890    proxy. If set to 1, clients can use this server as an exit even if it is
1891    the only hop in the circuit.  Note that most clients will refuse to use
1892    servers that set this option, since most clients have
1893    ExcludeSingleHopRelays set.  (Default: 0)
1894</p>
1895</dd>
1896<dt class="hdlist1">
1897<strong>AssumeReachable</strong> <strong>0</strong>|<strong>1</strong>
1898</dt>
1899<dd>
1900<p>
1901    This option is used when bootstrapping a new Tor network. If set to 1,
1902    don&#8217;t do self-reachability testing; just upload your server descriptor
1903    immediately. If <strong>AuthoritativeDirectory</strong> is also set, this option
1904    instructs the dirserver to bypass remote reachability testing too and list
1905    all connected servers as running.
1906</p>
1907</dd>
1908<dt class="hdlist1">
1909<strong>BridgeRelay</strong> <strong>0</strong>|<strong>1</strong>
1910</dt>
1911<dd>
1912<p>
1913    Sets the relay to act as a "bridge" with respect to relaying connections
1914    from bridge users to the Tor network. It mainly causes Tor to publish a
1915    server descriptor to the bridge database, rather than publishing a relay
1916    descriptor to the public directory authorities.
1917</p>
1918</dd>
1919<dt class="hdlist1">
1920<strong>ContactInfo</strong> <em>email_address</em>
1921</dt>
1922<dd>
1923<p>
1924    Administrative contact information for server. This line might get picked
1925    up by spam harvesters, so you may want to obscure the fact that it&#8217;s an
1926    email address.
1927</p>
1928</dd>
1929<dt class="hdlist1">
1930<strong>ExitPolicy</strong> <em>policy</em>,<em>policy</em>,<em>&#8230;</em>
1931</dt>
1932<dd>
1933<p>
1934    Set an exit policy for this server. Each policy is of the form
1935    "<strong>accept</strong>|<strong>reject</strong> <em>ADDR</em>[/<em>MASK</em>][:<em>PORT</em>]". If /<em>MASK</em> is
1936    omitted then this policy just applies to the host given. Instead of giving
1937    a host or network you can also use "*" to denote the universe (0.0.0.0/0).
1938    <em>PORT</em> can be a single port number, an interval of ports
1939    "<em>FROM_PORT</em>-<em>TO_PORT</em>", or "*". If <em>PORT</em> is omitted, that means
1940    "*".<br />
1941<br />
1942    For example, "accept 18.7.22.69:*,reject 18.0.0.0/8:*,accept *:*" would
1943    reject any traffic destined for MIT except for web.mit.edu, and accept
1944    anything else.<br />
1945<br />
1946    To specify all internal and link-local networks (including 0.0.0.0/8,
1947    169.254.0.0/16,    127.0.0.0/8,    192.168.0.0/16, 10.0.0.0/8, and
1948    172.16.0.0/12), you can use the "private" alias instead of an address.
1949    These addresses are rejected by default (at the beginning of your exit
1950    policy), along with your public IP address, unless you set the
1951    ExitPolicyRejectPrivate config option to 0. For example, once you&#8217;ve done
1952    that, you could allow HTTP to 127.0.0.1 and block all other connections to
1953    internal networks with "accept 127.0.0.1:80,reject private:*", though that
1954    may also allow connections to your own computer that are addressed to its
1955    public (external) IP address. See RFC 1918 and RFC 3330 for more details
1956    about internal and reserved IP address space.<br />
1957<br />
1958    This directive can be specified multiple times so you don&#8217;t have to put it
1959    all on one line.<br />
1960<br />
1961    Policies are considered first to last, and the first match wins. If you
1962    want to _replace_ the default exit policy, end your exit policy with
1963    either a reject *:* or an accept *:*. Otherwise, you&#8217;re _augmenting_
1964    (prepending to) the default exit policy. The default exit policy is:<br />
1965</p>
1966<div class="literalblock">
1967<div class="content">
1968<pre><tt>reject *:25
1969reject *:119
1970reject *:135-139
1971reject *:445
1972reject *:563
1973reject *:1214
1974reject *:4661-4666
1975reject *:6346-6429
1976reject *:6699
1977reject *:6881-6999
1978accept *:*</tt></pre>
1979</div></div>
1980</dd>
1981<dt class="hdlist1">
1982<strong>ExitPolicyRejectPrivate</strong> <strong>0</strong>|<strong>1</strong>
1983</dt>
1984<dd>
1985<p>
1986    Reject all private (local) networks, along with your own public IP address,
1987    at the beginning of your exit policy. See above entry on ExitPolicy.
1988    (Default: 1)
1989</p>
1990</dd>
1991<dt class="hdlist1">
1992<strong>MaxOnionsPending</strong> <em>NUM</em>
1993</dt>
1994<dd>
1995<p>
1996    If you have more than this number of onionskins queued for decrypt, reject
1997    new ones. (Default: 100)
1998</p>
1999</dd>
2000<dt class="hdlist1">
2001<strong>MyFamily</strong> <em>node</em>,<em>node</em>,<em>&#8230;</em>
2002</dt>
2003<dd>
2004<p>
2005    Declare that this Tor server is controlled or administered by a group or
2006    organization identical or similar to that of the other servers, defined by
2007    their identity fingerprints or nicknames. When two servers both declare
2008    that they are in the same 'family', Tor clients will not use them in the
2009    same circuit. (Each server only needs to list the other servers in its
2010    family; it doesn&#8217;t need to list itself, but it won&#8217;t hurt.)
2011</p>
2012</dd>
2013<dt class="hdlist1">
2014<strong>Nickname</strong> <em>name</em>
2015</dt>
2016<dd>
2017<p>
2018    Set the server&#8217;s nickname to 'name'. Nicknames must be between 1 and 19
2019    characters inclusive, and must contain only the characters [a-zA-Z0-9].
2020</p>
2021</dd>
2022<dt class="hdlist1">
2023<strong>NumCPUs</strong> <em>num</em>
2024</dt>
2025<dd>
2026<p>
2027    How many processes to use at once for decrypting onionskins. (Default: 1)
2028</p>
2029</dd>
2030<dt class="hdlist1">
2031<strong>ORPort</strong> <em>PORT</em>|<strong>auto</strong>
2032</dt>
2033<dd>
2034<p>
2035    Advertise this port to listen for connections from Tor clients and
2036    servers.  This option is required to be a Tor server.
2037    Set it to "auto" to have Tor pick a port for you. (Default: 0).
2038</p>
2039</dd>
2040<dt class="hdlist1">
2041<strong>ORListenAddress</strong> <em>IP</em>[:<em>PORT</em>]
2042</dt>
2043<dd>
2044<p>
2045    Bind to this IP address to listen for connections from Tor clients and
2046    servers. If you specify a port, bind to this port rather than the one
2047    specified in ORPort. (Default: 0.0.0.0) This directive can be specified
2048    multiple times to bind to multiple addresses/ports.
2049</p>
2050</dd>
2051<dt class="hdlist1">
2052<strong>PublishServerDescriptor</strong> <strong>0</strong>|<strong>1</strong>|<strong>v1</strong>|<strong>v2</strong>|<strong>v3</strong>|<strong>bridge</strong>,<strong>&#8230;</strong>
2053</dt>
2054<dd>
2055<p>
2056    This option specifies which descriptors Tor will publish when acting as
2057    a relay. You can
2058    choose multiple arguments, separated by commas.
2059<br />
2060    If this option is set to 0, Tor will not publish its
2061    descriptors to any directories. (This is useful if you&#8217;re testing
2062    out your server, or if you&#8217;re using a Tor controller that handles directory
2063    publishing for you.) Otherwise, Tor will publish its descriptors of all
2064    type(s) specified. The default is "1",
2065    which means "if running as a server, publish the
2066    appropriate descriptors to the authorities".
2067</p>
2068</dd>
2069<dt class="hdlist1">
2070<strong>ShutdownWaitLength</strong> <em>NUM</em>
2071</dt>
2072<dd>
2073<p>
2074    When we get a SIGINT and we&#8217;re a server, we begin shutting down:
2075    we close listeners and start refusing new circuits. After <strong>NUM</strong>
2076    seconds, we exit. If we get a second SIGINT, we exit immedi-
2077    ately. (Default: 30 seconds)
2078</p>
2079</dd>
2080<dt class="hdlist1">
2081<strong>AccountingMax</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>|<strong>TB</strong>
2082</dt>
2083<dd>
2084<p>
2085    Never send more than the specified number of bytes in a given accounting
2086    period, or receive more than that number in the period. For example, with
2087    AccountingMax set to 1 GB, a server could send 900 MB and receive 800 MB
2088    and continue running. It will only hibernate once one of the two reaches 1
2089    GB. When the number of bytes gets low, Tor will stop accepting new
2090    connections and circuits.  When the number of bytes
2091    is exhausted, Tor will hibernate until some
2092    time in the next accounting period. To prevent all servers from waking at
2093    the same time, Tor will also wait until a random point in each period
2094    before waking up. If you have bandwidth cost issues, enabling hibernation
2095    is preferable to setting a low bandwidth, since it provides users with a
2096    collection of fast servers that are up some of the time, which is more
2097    useful than a set of slow servers that are always "available".
2098</p>
2099</dd>
2100<dt class="hdlist1">
2101<strong>AccountingStart</strong> <strong>day</strong>|<strong>week</strong>|<strong>month</strong> [<em>day</em>] <em>HH:MM</em>
2102</dt>
2103<dd>
2104<p>
2105    Specify how long accounting periods last. If <strong>month</strong> is given, each
2106    accounting period runs from the time <em>HH:MM</em> on the <em>dayth</em> day of one
2107    month to the same day and time of the next. (The day must be between 1 and
2108    28.) If <strong>week</strong> is given, each accounting period runs from the time <em>HH:MM</em>
2109    of the <em>dayth</em> day of one week to the same day and time of the next week,
2110    with Monday as day 1 and Sunday as day 7. If <strong>day</strong> is given, each
2111    accounting period runs from the time <em>HH:MM</em> each day to the same time on
2112    the next day. All times are local, and given in 24-hour time. (Defaults to
2113    "month 1 0:00".)
2114</p>
2115</dd>
2116<dt class="hdlist1">
2117<strong>RefuseUnknownExits</strong> <strong>0</strong>|<strong>1</strong>|<strong>auto</strong>
2118</dt>
2119<dd>
2120<p>
2121    Prevent nodes that don&#8217;t appear in the consensus from exiting using this
2122    relay.  If the option is 1, we always block exit attempts from such
2123    nodes; if it&#8217;s 0, we never do, and if the option is "auto", then we do
2124    whatever the authorities suggest in the consensus. (Defaults to auto.)
2125</p>
2126</dd>
2127<dt class="hdlist1">
2128<strong>ServerDNSResolvConfFile</strong> <em>filename</em>
2129</dt>
2130<dd>
2131<p>
2132    Overrides the default DNS configuration with the configuration in
2133    <em>filename</em>. The file format is the same as the standard Unix
2134    "<strong>resolv.conf</strong>" file (7). This option, like all other ServerDNS options,
2135    only affects name lookups that your server does on behalf of clients.
2136    (Defaults to use the system DNS configuration.)
2137</p>
2138</dd>
2139<dt class="hdlist1">
2140<strong>ServerDNSAllowBrokenConfig</strong> <strong>0</strong>|<strong>1</strong>
2141</dt>
2142<dd>
2143<p>
2144    If this option is false, Tor exits immediately if there are problems
2145    parsing the system DNS configuration or connecting to nameservers.
2146    Otherwise, Tor continues to periodically retry the system nameservers until
2147    it eventually succeeds. (Defaults to "1".)
2148</p>
2149</dd>
2150<dt class="hdlist1">
2151<strong>ServerDNSSearchDomains</strong> <strong>0</strong>|<strong>1</strong>
2152</dt>
2153<dd>
2154<p>
2155    If set to 1, then we will search for addresses in the local search domain.
2156    For example, if this system is configured to believe it is in
2157    "example.com", and a client tries to connect to "www", the client will be
2158    connected to "www.example.com". This option only affects name lookups that
2159    your server does on behalf of clients. (Defaults to "0".)
2160</p>
2161</dd>
2162<dt class="hdlist1">
2163<strong>ServerDNSDetectHijacking</strong> <strong>0</strong>|<strong>1</strong>
2164</dt>
2165<dd>
2166<p>
2167    When this option is set to 1, we will test periodically to determine
2168    whether our local nameservers have been configured to hijack failing DNS
2169    requests (usually to an advertising site). If they are, we will attempt to
2170    correct this. This option only affects name lookups that your server does
2171    on behalf of clients. (Defaults to "1".)
2172</p>
2173</dd>
2174<dt class="hdlist1">
2175<strong>ServerDNSTestAddresses</strong> <em>address</em>,<em>address</em>,<em>&#8230;</em>
2176</dt>
2177<dd>
2178<p>
2179    When we&#8217;re detecting DNS hijacking, make sure that these <em>valid</em> addresses
2180    aren&#8217;t getting redirected. If they are, then our DNS is completely useless,
2181    and we&#8217;ll reset our exit policy to "reject <strong>:</strong>". This option only affects
2182    name lookups that your server does on behalf of clients. (Defaults to
2183    "www.google.com, www.mit.edu, www.yahoo.com, www.slashdot.org".)
2184</p>
2185</dd>
2186<dt class="hdlist1">
2187<strong>ServerDNSAllowNonRFC953Hostnames</strong> <strong>0</strong>|<strong>1</strong>
2188</dt>
2189<dd>
2190<p>
2191    When this option is disabled, Tor does not try to resolve hostnames
2192    containing illegal characters (like @ and :) rather than sending them to an
2193    exit node to be resolved. This helps trap accidental attempts to resolve
2194    URLs and so on. This option only affects name lookups that your server does
2195    on behalf of clients. (Default: 0)
2196</p>
2197</dd>
2198<dt class="hdlist1">
2199<strong>BridgeRecordUsageByCountry</strong> <strong>0</strong>|<strong>1</strong>
2200</dt>
2201<dd>
2202<p>
2203    When this option is enabled and BridgeRelay is also enabled, and we have
2204    GeoIP data, Tor keeps a keep a per-country count of how many client
2205    addresses have contacted it so that it can help the bridge authority guess
2206    which countries have blocked access to it. (Default: 1)
2207</p>
2208</dd>
2209<dt class="hdlist1">
2210<strong>ServerDNSRandomizeCase</strong> <strong>0</strong>|<strong>1</strong>
2211</dt>
2212<dd>
2213<p>
2214    When this option is set, Tor sets the case of each character randomly in
2215    outgoing DNS requests, and makes sure that the case matches in DNS replies.
2216    This so-called "0x20 hack" helps resist some types of DNS poisoning attack.
2217    For more information, see "Increased DNS Forgery Resistance through
2218    0x20-Bit Encoding". This option only affects name lookups that your server
2219    does on behalf of clients. (Default: 1)
2220</p>
2221</dd>
2222<dt class="hdlist1">
2223<strong>GeoIPFile</strong> <em>filename</em>
2224</dt>
2225<dd>
2226<p>
2227    A filename containing GeoIP data, for use with BridgeRecordUsageByCountry.
2228</p>
2229</dd>
2230<dt class="hdlist1">
2231<strong>CellStatistics</strong> <strong>0</strong>|<strong>1</strong>
2232</dt>
2233<dd>
2234<p>
2235    When this option is enabled, Tor writes statistics on the mean time that
2236    cells spend in circuit queues to disk every 24 hours. (Default: 0)
2237</p>
2238</dd>
2239<dt class="hdlist1">
2240<strong>DirReqStatistics</strong> <strong>0</strong>|<strong>1</strong>
2241</dt>
2242<dd>
2243<p>
2244    When this option is enabled, Tor writes statistics on the number and
2245    response time of network status requests to disk every 24 hours.
2246    (Default: 0)
2247</p>
2248</dd>
2249<dt class="hdlist1">
2250<strong>EntryStatistics</strong> <strong>0</strong>|<strong>1</strong>
2251</dt>
2252<dd>
2253<p>
2254    When this option is enabled, Tor writes statistics on the number of
2255    directly connecting clients to disk every 24 hours. (Default: 0)
2256</p>
2257</dd>
2258<dt class="hdlist1">
2259<strong>ExitPortStatistics</strong> <strong>0</strong>|<strong>1</strong>
2260</dt>
2261<dd>
2262<p>
2263    When this option is enabled, Tor writes statistics on the number of relayed
2264    bytes and opened stream per exit port to disk every 24 hours. (Default: 0)
2265</p>
2266</dd>
2267<dt class="hdlist1">
2268<strong>ExtraInfoStatistics</strong> <strong>0</strong>|<strong>1</strong>
2269</dt>
2270<dd>
2271<p>
2272    When this option is enabled, Tor includes previously gathered statistics in
2273    its extra-info documents that it uploads to the directory authorities.
2274    (Default: 0)
2275</p>
2276</dd>
2277</dl></div>
2278</div>
2279<h2 id="_directory_server_options">DIRECTORY SERVER OPTIONS</h2>
2280<div class="sectionbody">
2281<div class="paragraph"><p>The following options are useful only for directory servers (that is,
2282if DirPort is non-zero):</p></div>
2283<div class="dlist"><dl>
2284<dt class="hdlist1">
2285<strong>AuthoritativeDirectory</strong> <strong>0</strong>|<strong>1</strong>
2286</dt>
2287<dd>
2288<p>
2289    When this option is set to 1, Tor operates as an authoritative directory
2290    server. Instead of caching the directory, it generates its own list of
2291    good servers, signs it, and sends that to the clients. Unless the clients
2292    already have you listed as a trusted directory, you probably do not want
2293    to set this option. Please coordinate with the other admins at
2294    <a href="mailto:tor-ops@torproject.org">tor-ops@torproject.org</a> if you think you should be a directory.
2295</p>
2296</dd>
2297<dt class="hdlist1">
2298<strong>DirPortFrontPage</strong> <em>FILENAME</em>
2299</dt>
2300<dd>
2301<p>
2302    When this option is set, it takes an HTML file and publishes it as "/" on
2303    the DirPort. Now relay operators can provide a disclaimer without needing
2304    to set up a separate webserver. There&#8217;s a sample disclaimer in
2305    contrib/tor-exit-notice.html.
2306</p>
2307</dd>
2308<dt class="hdlist1">
2309<strong>V1AuthoritativeDirectory</strong> <strong>0</strong>|<strong>1</strong>
2310</dt>
2311<dd>
2312<p>
2313    When this option is set in addition to <strong>AuthoritativeDirectory</strong>, Tor
2314    generates version 1 directory and running-routers documents (for legacy
2315    Tor clients up to 0.1.0.x).
2316</p>
2317</dd>
2318<dt class="hdlist1">
2319<strong>V2AuthoritativeDirectory</strong> <strong>0</strong>|<strong>1</strong>
2320</dt>
2321<dd>
2322<p>
2323    When this option is set in addition to <strong>AuthoritativeDirectory</strong>, Tor
2324    generates version 2 network statuses and serves descriptors, etc as
2325    described in doc/spec/dir-spec-v2.txt (for Tor clients and servers running
2326    0.1.1.x and 0.1.2.x).
2327</p>
2328</dd>
2329<dt class="hdlist1">
2330<strong>V3AuthoritativeDirectory</strong> <strong>0</strong>|<strong>1</strong>
2331</dt>
2332<dd>
2333<p>
2334    When this option is set in addition to <strong>AuthoritativeDirectory</strong>, Tor
2335    generates version 3 network statuses and serves descriptors, etc as
2336    described in doc/spec/dir-spec.txt (for Tor clients and servers running at
2337    least 0.2.0.x).
2338</p>
2339</dd>
2340<dt class="hdlist1">
2341<strong>VersioningAuthoritativeDirectory</strong> <strong>0</strong>|<strong>1</strong>
2342</dt>
2343<dd>
2344<p>
2345    When this option is set to 1, Tor adds information on which versions of
2346    Tor are still believed safe for use to the published directory. Each
2347    version 1 authority is automatically a versioning authority; version 2
2348    authorities provide this service optionally. See <strong>RecommendedVersions</strong>,
2349    <strong>RecommendedClientVersions</strong>, and <strong>RecommendedServerVersions</strong>.
2350</p>
2351</dd>
2352<dt class="hdlist1">
2353<strong>NamingAuthoritativeDirectory</strong> <strong>0</strong>|<strong>1</strong>
2354</dt>
2355<dd>
2356<p>
2357    When this option is set to 1, then the server advertises that it has
2358    opinions about nickname-to-fingerprint bindings. It will include these
2359    opinions in its published network-status pages, by listing servers with
2360    the flag "Named" if a correct binding between that nickname and fingerprint
2361    has been registered with the dirserver. Naming dirservers will refuse to
2362    accept or publish descriptors that contradict a registered binding. See
2363    <strong>approved-routers</strong> in the <strong>FILES</strong> section below.
2364</p>
2365</dd>
2366<dt class="hdlist1">
2367<strong>HSAuthoritativeDir</strong> <strong>0</strong>|<strong>1</strong>
2368</dt>
2369<dd>
2370<p>
2371    When this option is set in addition to <strong>AuthoritativeDirectory</strong>, Tor also
2372    accepts and serves v0 hidden service descriptors,
2373    which are produced and used by Tor 0.2.1.x and older. (Default: 0)
2374</p>
2375</dd>
2376<dt class="hdlist1">
2377<strong>HidServDirectoryV2</strong> <strong>0</strong>|<strong>1</strong>
2378</dt>
2379<dd>
2380<p>
2381    When this option is set, Tor accepts and serves v2 hidden service
2382    descriptors. Setting DirPort is not required for this, because clients
2383    connect via the ORPort by default. (Default: 1)
2384</p>
2385</dd>
2386<dt class="hdlist1">
2387<strong>BridgeAuthoritativeDir</strong> <strong>0</strong>|<strong>1</strong>
2388</dt>
2389<dd>
2390<p>
2391    When this option is set in addition to <strong>AuthoritativeDirectory</strong>, Tor
2392    accepts and serves router descriptors, but it caches and serves the main
2393    networkstatus documents rather than generating its own. (Default: 0)
2394</p>
2395</dd>
2396<dt class="hdlist1">
2397<strong>MinUptimeHidServDirectoryV2</strong> <em>N</em> <strong>seconds</strong>|<strong>minutes</strong>|<strong>hours</strong>|<strong>days</strong>|<strong>weeks</strong>
2398</dt>
2399<dd>
2400<p>
2401    Minimum uptime of a v2 hidden service directory to be accepted as such by
2402    authoritative directories. (Default: 25 hours)
2403</p>
2404</dd>
2405<dt class="hdlist1">
2406<strong>DirPort</strong> <em>PORT</em>|<strong>auto</strong>
2407</dt>
2408<dd>
2409<p>
2410    If this option is nonzero, advertise the directory service on this port.
2411    Set it to "auto" to have Tor pick a port for you.  (Default: 0)
2412</p>
2413</dd>
2414<dt class="hdlist1">
2415<strong>DirListenAddress</strong> <em>IP</em>[:<em>PORT</em>]
2416</dt>
2417<dd>
2418<p>
2419    Bind the directory service to this address. If you specify a port, bind to
2420    this port rather than the one specified in DirPort.  (Default: 0.0.0.0)
2421    This directive can be specified multiple times  to bind to multiple
2422    addresses/ports.
2423</p>
2424</dd>
2425<dt class="hdlist1">
2426<strong>DirPolicy</strong> <em>policy</em>,<em>policy</em>,<em>&#8230;</em>
2427</dt>
2428<dd>
2429<p>
2430    Set an entrance policy for this server, to limit who can connect to the
2431    directory ports. The policies have the same form as exit policies above.
2432</p>
2433</dd>
2434<dt class="hdlist1">
2435<strong>FetchV2Networkstatus</strong> <strong>0</strong>|<strong>1</strong>
2436</dt>
2437<dd>
2438<p>
2439    If set, we try to fetch the (obsolete, unused) version 2 network status
2440    consensus documents from the directory authorities. No currently
2441    supported Tor version uses them.  (Default: 0.)
2442</p>
2443</dd>
2444</dl></div>
2445</div>
2446<h2 id="_directory_authority_server_options">DIRECTORY AUTHORITY SERVER OPTIONS</h2>
2447<div class="sectionbody">
2448<div class="dlist"><dl>
2449<dt class="hdlist1">
2450<strong>RecommendedVersions</strong> <em>STRING</em>
2451</dt>
2452<dd>
2453<p>
2454    STRING is a comma-separated list of Tor versions currently believed to be
2455    safe. The list is included in each directory, and nodes which pull down the
2456    directory learn whether they need to upgrade. This option can appear
2457    multiple times: the values from multiple lines are spliced together. When
2458    this is set then <strong>VersioningAuthoritativeDirectory</strong> should be set too.
2459</p>
2460</dd>
2461<dt class="hdlist1">
2462<strong>RecommendedClientVersions</strong> <em>STRING</em>
2463</dt>
2464<dd>
2465<p>
2466    STRING is a comma-separated list of Tor versions currently believed to be
2467    safe for clients to use. This information is included in version 2
2468    directories. If this is not set then the value of <strong>RecommendedVersions</strong>
2469    is used. When this is set then <strong>VersioningAuthoritativeDirectory</strong> should
2470    be set too.
2471</p>
2472</dd>
2473<dt class="hdlist1">
2474<strong>RecommendedServerVersions</strong> <em>STRING</em>
2475</dt>
2476<dd>
2477<p>
2478    STRING is a comma-separated list of Tor versions currently believed to be
2479    safe for servers to use. This information is included in version 2
2480    directories. If this is not set then the value of <strong>RecommendedVersions</strong>
2481    is used. When this is set then <strong>VersioningAuthoritativeDirectory</strong> should
2482    be set too.
2483</p>
2484</dd>
2485<dt class="hdlist1">
2486<strong>ConsensusParams</strong> <em>STRING</em>
2487</dt>
2488<dd>
2489<p>
2490    STRING is a space-separated list of key=value pairs that Tor will include
2491    in the "params" line of its networkstatus vote.
2492</p>
2493</dd>
2494<dt class="hdlist1">
2495<strong>DirAllowPrivateAddresses</strong> <strong>0</strong>|<strong>1</strong>
2496</dt>
2497<dd>
2498<p>
2499    If set to 1, Tor will accept router descriptors with arbitrary "Address"
2500    elements. Otherwise, if the address is not an IP address or is a private IP
2501    address, it will reject the router descriptor. Defaults to 0.
2502</p>
2503</dd>
2504<dt class="hdlist1">
2505<strong>AuthDirBadDir</strong> <em>AddressPattern&#8230;</em>
2506</dt>
2507<dd>
2508<p>
2509    Authoritative directories only. A set of address patterns for servers that
2510    will be listed as bad directories in any network status document this
2511    authority publishes, if <strong>AuthDirListBadDirs</strong> is set.
2512</p>
2513</dd>
2514<dt class="hdlist1">
2515<strong>AuthDirBadExit</strong> <em>AddressPattern&#8230;</em>
2516</dt>
2517<dd>
2518<p>
2519    Authoritative directories only. A set of address patterns for servers that
2520    will be listed as bad exits in any network status document this authority
2521    publishes, if <strong>AuthDirListBadExits</strong> is set.
2522</p>
2523</dd>
2524<dt class="hdlist1">
2525<strong>AuthDirInvalid</strong> <em>AddressPattern&#8230;</em>
2526</dt>
2527<dd>
2528<p>
2529    Authoritative directories only. A set of address patterns for servers that
2530    will never be listed as "valid" in any network status document that this
2531    authority publishes.
2532</p>
2533</dd>
2534<dt class="hdlist1">
2535<strong>AuthDirReject</strong> <em>AddressPattern</em>&#8230;
2536</dt>
2537<dd>
2538<p>
2539    Authoritative directories only. A set of address patterns for servers that
2540    will never be listed at all in any network status document that this
2541    authority publishes, or accepted as an OR address in any descriptor
2542    submitted for publication by this authority.
2543</p>
2544</dd>
2545<dt class="hdlist1">
2546<strong>AuthDirListBadDirs</strong> <strong>0</strong>|<strong>1</strong>
2547</dt>
2548<dd>
2549<p>
2550    Authoritative directories only. If set to 1, this directory has some
2551    opinion about which nodes are unsuitable as directory caches. (Do not set
2552    this to 1 unless you plan to list non-functioning directories as bad;
2553    otherwise, you are effectively voting in favor  of every declared
2554    directory.)
2555</p>
2556</dd>
2557<dt class="hdlist1">
2558<strong>AuthDirListBadExits</strong> <strong>0</strong>|<strong>1</strong>
2559</dt>
2560<dd>
2561<p>
2562    Authoritative directories only. If set to 1, this directory has some
2563    opinion about which nodes are unsuitable as exit nodes. (Do not set this to
2564    1 unless you plan to list non-functioning exits as bad; otherwise, you are
2565    effectively voting in favor of every declared exit as an exit.)
2566</p>
2567</dd>
2568<dt class="hdlist1">
2569<strong>AuthDirRejectUnlisted</strong> <strong>0</strong>|<strong>1</strong>
2570</dt>
2571<dd>
2572<p>
2573    Authoritative directories only. If set to 1, the directory server rejects
2574    all uploaded server descriptors that aren&#8217;t explicitly listed in the
2575    fingerprints file. This acts as a "panic button" if we get hit with a Sybil
2576    attack. (Default: 0)
2577</p>
2578</dd>
2579<dt class="hdlist1">
2580<strong>AuthDirMaxServersPerAddr</strong> <em>NUM</em>
2581</dt>
2582<dd>
2583<p>
2584    Authoritative directories only. The maximum number of servers that we will
2585    list as acceptable on a single IP address. Set this to "0" for "no limit".
2586    (Default: 2)
2587</p>
2588</dd>
2589<dt class="hdlist1">
2590<strong>AuthDirMaxServersPerAuthAddr</strong> <em>NUM</em>
2591</dt>
2592<dd>
2593<p>
2594    Authoritative directories only. Like AuthDirMaxServersPerAddr, but applies
2595    to addresses shared with directory authorities. (Default: 5)
2596</p>
2597</dd>
2598<dt class="hdlist1">
2599<strong>AuthDirFastGuarantee</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
2600</dt>
2601<dd>
2602<p>
2603    Authoritative directories only. If non-zero, always vote the
2604    Fast flag for any relay advertising this amount of capacity or
2605    more. (Default: 20 KB)
2606</p>
2607</dd>
2608<dt class="hdlist1">
2609<strong>AuthDirGuardBWGuarantee</strong> <em>N</em> <strong>bytes</strong>|<strong>KB</strong>|<strong>MB</strong>|<strong>GB</strong>
2610</dt>
2611<dd>
2612<p>
2613    Authoritative directories only. If non-zero, this advertised capacity
2614    or more is always sufficient to satisfy the bandwidth requirement
2615    for the Guard flag. (Default: 250 KB)
2616</p>
2617</dd>
2618<dt class="hdlist1">
2619<strong>BridgePassword</strong> <em>Password</em>
2620</dt>
2621<dd>
2622<p>
2623    If set, contains an HTTP authenticator that tells a bridge authority to
2624    serve all requested bridge information.  Used for debugging.  (Default:
2625    not set.)
2626</p>
2627</dd>
2628<dt class="hdlist1">
2629<strong>V3AuthVotingInterval</strong> <em>N</em> <strong>minutes</strong>|<strong>hours</strong>
2630</dt>
2631<dd>
2632<p>
2633    V3 authoritative directories only. Configures the server&#8217;s preferred voting
2634    interval. Note that voting will <em>actually</em> happen at an interval chosen
2635    by consensus from all the authorities' preferred intervals. This time
2636    SHOULD divide evenly into a day. (Default: 1 hour)
2637</p>
2638</dd>
2639<dt class="hdlist1">
2640<strong>V3AuthVoteDelay</strong> <em>N</em> <strong>minutes</strong>|<strong>hours</strong>
2641</dt>
2642<dd>
2643<p>
2644    V3 authoritative directories only. Configures the server&#8217;s preferred delay
2645    between publishing its vote and assuming it has all the votes from all the
2646    other authorities. Note that the actual time used is not the server&#8217;s
2647    preferred time, but the consensus of all preferences. (Default: 5 minutes.)
2648</p>
2649</dd>
2650<dt class="hdlist1">
2651<strong>V3AuthDistDelay</strong> <em>N</em> <strong>minutes</strong>|<strong>hours</strong>
2652</dt>
2653<dd>
2654<p>
2655    V3 authoritative directories only. Configures the server&#8217;s preferred  delay
2656    between publishing its consensus and signature and assuming  it has all the
2657    signatures from all the other authorities. Note that the actual time used
2658    is not the server&#8217;s preferred time,  but the consensus of all preferences.
2659    (Default: 5 minutes.)
2660</p>
2661</dd>
2662<dt class="hdlist1">
2663<strong>V3AuthNIntervalsValid</strong> <em>NUM</em>
2664</dt>
2665<dd>
2666<p>
2667    V3 authoritative directories only. Configures the number of VotingIntervals
2668    for which each consensus should be valid for. Choosing high numbers
2669    increases network partitioning risks; choosing low numbers increases
2670    directory traffic. Note that the actual number of intervals used is not the
2671    server&#8217;s preferred number, but the consensus of all preferences. Must be at
2672    least 2. (Default: 3.)
2673</p>
2674</dd>
2675<dt class="hdlist1">
2676<strong>V3BandwidthsFile</strong> <em>FILENAME</em>
2677</dt>
2678<dd>
2679<p>
2680    V3 authoritative directories only. Configures the location of the
2681    bandiwdth-authority generated file storing information on relays' measured
2682    bandwidth capacities. (Default: unset.)
2683</p>
2684</dd>
2685<dt class="hdlist1">
2686<strong>V3AuthUseLegacyKey</strong> <strong>0</strong>|<strong>1</strong>
2687</dt>
2688<dd>
2689<p>
2690    If set, the directory authority will sign consensuses not only with its
2691    own signing key, but also with a "legacy" key and certificate with a
2692    different identity.  This feature is used to migrate directory authority
2693    keys in the event of a compromise.  (Default: 0.)
2694</p>
2695</dd>
2696<dt class="hdlist1">
2697<strong>RephistTrackTime</strong> <em>N</em> <strong>seconds</strong>|<strong>minutes</strong>|<strong>hours</strong>|<strong>days</strong>|<strong>weeks</strong>
2698</dt>
2699<dd>
2700<p>
2701    Tells an authority, or other node tracking node reliability and history,
2702    that fine-grained information about nodes can be discarded when it hasn&#8217;t
2703    changed for a given amount of time.  (Default: 24 hours)
2704</p>
2705</dd>
2706<dt class="hdlist1">
2707<strong>VoteOnHidServDirectoriesV2</strong> <strong>0</strong>|<strong>1</strong>
2708</dt>
2709<dd>
2710<p>
2711    When this option is set in addition to <strong>AuthoritativeDirectory</strong>, Tor
2712    votes on whether to accept relays as hidden service directories.
2713    (Default: 1)
2714</p>
2715</dd>
2716</dl></div>
2717</div>
2718<h2 id="_hidden_service_options">HIDDEN SERVICE OPTIONS</h2>
2719<div class="sectionbody">
2720<div class="paragraph"><p>The following options are used to configure a hidden service.</p></div>
2721<div class="dlist"><dl>
2722<dt class="hdlist1">
2723<strong>HiddenServiceDir</strong> <em>DIRECTORY</em>
2724</dt>
2725<dd>
2726<p>
2727    Store data files for a hidden service in DIRECTORY. Every hidden service
2728    must have a separate directory. You may use this option  multiple times to
2729    specify multiple services. DIRECTORY must be an existing directory.
2730</p>
2731</dd>
2732<dt class="hdlist1">
2733<strong>HiddenServicePort</strong> <em>VIRTPORT</em> [<em>TARGET</em>]
2734</dt>
2735<dd>
2736<p>
2737    Configure a virtual port VIRTPORT for a hidden service. You may use this
2738    option multiple times; each time applies to the service using the most
2739    recent hiddenservicedir. By default, this option maps the virtual port to
2740    the same port on 127.0.0.1. You may override the target port, address, or
2741    both by specifying a target of addr, port, or addr:port. You may also have
2742    multiple lines with  the same VIRTPORT: when a user connects to that
2743    VIRTPORT, one of the TARGETs from those lines will be chosen at random.
2744</p>
2745</dd>
2746<dt class="hdlist1">
2747<strong>PublishHidServDescriptors</strong> <strong>0</strong>|<strong>1</strong>
2748</dt>
2749<dd>
2750<p>
2751    If set to 0, Tor will run any hidden services you configure, but it won&#8217;t
2752    advertise them to the rendezvous directory. This option is only useful if
2753    you&#8217;re using a Tor controller that handles hidserv publishing for you.
2754    (Default: 1)
2755</p>
2756</dd>
2757<dt class="hdlist1">
2758<strong>HiddenServiceVersion</strong> <em>version</em>,<em>version</em>,<em>&#8230;</em>
2759</dt>
2760<dd>
2761<p>
2762    A list of rendezvous service descriptor versions to publish for the hidden
2763    service. Currently, only version 2 is supported. (Default: 2)
2764</p>
2765</dd>
2766<dt class="hdlist1">
2767<strong>HiddenServiceAuthorizeClient</strong> <em>auth-type</em> <em>client-name</em>,<em>client-name</em>,<em>&#8230;</em>
2768</dt>
2769<dd>
2770<p>
2771    If configured, the hidden service is accessible for authorized clients
2772    only. The auth-type can either be 'basic' for a general-purpose
2773    authorization protocol or 'stealth' for a less scalable protocol that also
2774    hides service activity from unauthorized clients. Only clients that are
2775    listed here are authorized to access the hidden service. Valid client names
2776    are 1 to 19 characters  long and only use characters in A-Za-z0-9+-_ (no
2777    spaces). If this option is set, the hidden service is not accessible for
2778    clients without authorization any more. Generated authorization data can be
2779    found in the hostname file. Clients need to put this authorization data in
2780    their configuration file using <strong>HidServAuth</strong>.
2781</p>
2782</dd>
2783<dt class="hdlist1">
2784<strong>RendPostPeriod</strong> <em>N</em> <strong>seconds</strong>|<strong>minutes</strong>|<strong>hours</strong>|<strong>days</strong>|<strong>weeks</strong>
2785</dt>
2786<dd>
2787<p>
2788    Every time the specified period elapses, Tor uploads any rendezvous
2789    service descriptors to the directory servers. This information  is also
2790    uploaded whenever it changes. (Default: 1 hour)
2791</p>
2792</dd>
2793</dl></div>
2794</div>
2795<h2 id="_testing_network_options">TESTING NETWORK OPTIONS</h2>
2796<div class="sectionbody">
2797<div class="paragraph"><p>The following options are used for running a testing Tor network.</p></div>
2798<div class="dlist"><dl>
2799<dt class="hdlist1">
2800<strong>TestingTorNetwork</strong> <strong>0</strong>|<strong>1</strong>
2801</dt>
2802<dd>
2803<p>
2804    If set to 1, Tor adjusts default values of the configuration options below,
2805    so that it is easier to set up a testing Tor network. May only be set if
2806    non-default set of DirServers is set. Cannot be unset while Tor is running.
2807    (Default: 0)<br />
2808</p>
2809<div class="literalblock">
2810<div class="content">
2811<pre><tt>ServerDNSAllowBrokenConfig 1
2812DirAllowPrivateAddresses 1
2813EnforceDistinctSubnets 0
2814AssumeReachable 1
2815AuthDirMaxServersPerAddr 0
2816AuthDirMaxServersPerAuthAddr 0
2817ClientDNSRejectInternalAddresses 0
2818ClientRejectInternalAddresses 0
2819ExitPolicyRejectPrivate 0
2820V3AuthVotingInterval 5 minutes
2821V3AuthVoteDelay 20 seconds
2822V3AuthDistDelay 20 seconds
2823MinUptimeHidServDirectoryV2 0 seconds
2824TestingV3AuthInitialVotingInterval 5 minutes
2825TestingV3AuthInitialVoteDelay 20 seconds
2826TestingV3AuthInitialDistDelay 20 seconds
2827TestingAuthDirTimeToLearnReachability 0 minutes
2828TestingEstimatedDescriptorPropagationTime 0 minutes</tt></pre>
2829</div></div>
2830</dd>
2831<dt class="hdlist1">
2832<strong>TestingV3AuthInitialVotingInterval</strong> <em>N</em> <strong>minutes</strong>|<strong>hours</strong>
2833</dt>
2834<dd>
2835<p>
2836    Like V3AuthVotingInterval, but for initial voting interval before the first
2837    consensus has been created. Changing this requires that
2838    <strong>TestingTorNetwork</strong> is set. (Default: 30 minutes)
2839</p>
2840</dd>
2841<dt class="hdlist1">
2842<strong>TestingV3AuthInitialVoteDelay</strong> <em>N</em> <strong>minutes</strong>|<strong>hours</strong>
2843</dt>
2844<dd>
2845<p>
2846    Like TestingV3AuthInitialVoteDelay, but for initial voting interval before
2847    the first consensus has been created. Changing this requires that
2848    <strong>TestingTorNetwork</strong> is set. (Default: 5 minutes)
2849</p>
2850</dd>
2851<dt class="hdlist1">
2852<strong>TestingV3AuthInitialDistDelay</strong> <em>N</em> <strong>minutes</strong>|<strong>hours</strong>
2853</dt>
2854<dd>
2855<p>
2856    Like TestingV3AuthInitialDistDelay, but for initial voting interval before
2857    the first consensus has been created. Changing this requires that
2858    <strong>TestingTorNetwork</strong> is set. (Default: 5 minutes)
2859</p>
2860</dd>
2861<dt class="hdlist1">
2862<strong>TestingAuthDirTimeToLearnReachability</strong> <em>N</em> <strong>minutes</strong>|<strong>hours</strong>
2863</dt>
2864<dd>
2865<p>
2866    After starting as an authority, do not make claims about whether routers
2867    are Running until this much time has passed. Changing this requires
2868    that <strong>TestingTorNetwork</strong> is set.  (Default: 30 minutes)
2869</p>
2870</dd>
2871<dt class="hdlist1">
2872<strong>TestingEstimatedDescriptorPropagationTime</strong> <em>N</em> <strong>minutes</strong>|<strong>hours</strong>
2873</dt>
2874<dd>
2875<p>
2876    Clients try downloading router descriptors from directory caches after this
2877    time. Changing this requires that <strong>TestingTorNetwork</strong> is set. (Default:
2878    10 minutes)
2879</p>
2880</dd>
2881</dl></div>
2882</div>
2883<h2 id="_signals">SIGNALS</h2>
2884<div class="sectionbody">
2885<div class="paragraph"><p>Tor catches the following signals:</p></div>
2886<div class="dlist"><dl>
2887<dt class="hdlist1">
2888<strong>SIGTERM</strong>
2889</dt>
2890<dd>
2891<p>
2892    Tor will catch this, clean up and sync to disk if necessary, and exit.
2893</p>
2894</dd>
2895<dt class="hdlist1">
2896<strong>SIGINT</strong>
2897</dt>
2898<dd>
2899<p>
2900    Tor clients behave as with SIGTERM; but Tor servers will do a controlled
2901    slow shutdown, closing listeners and waiting 30 seconds before exiting.
2902    (The delay can be configured with the ShutdownWaitLength config option.)
2903</p>
2904</dd>
2905<dt class="hdlist1">
2906<strong>SIGHUP</strong>
2907</dt>
2908<dd>
2909<p>
2910    The signal instructs Tor to reload its configuration (including closing and
2911    reopening logs), and kill and restart its helper processes if applicable.
2912</p>
2913</dd>
2914<dt class="hdlist1">
2915<strong>SIGUSR1</strong>
2916</dt>
2917<dd>
2918<p>
2919    Log statistics about current connections, past connections, and throughput.
2920</p>
2921</dd>
2922<dt class="hdlist1">
2923<strong>SIGUSR2</strong>
2924</dt>
2925<dd>
2926<p>
2927    Switch all logs to loglevel debug. You can go back to the old loglevels by
2928    sending a SIGHUP.
2929</p>
2930</dd>
2931<dt class="hdlist1">
2932<strong>SIGCHLD</strong>
2933</dt>
2934<dd>
2935<p>
2936    Tor receives this signal when one of its helper processes has exited, so it
2937    can clean up.
2938</p>
2939</dd>
2940<dt class="hdlist1">
2941<strong>SIGPIPE</strong>
2942</dt>
2943<dd>
2944<p>
2945    Tor catches this signal and ignores it.
2946</p>
2947</dd>
2948<dt class="hdlist1">
2949<strong>SIGXFSZ</strong>
2950</dt>
2951<dd>
2952<p>
2953    If this signal exists on your platform, Tor catches and ignores it.
2954</p>
2955</dd>
2956</dl></div>
2957</div>
2958<h2 id="_files">FILES</h2>
2959<div class="sectionbody">
2960<div class="dlist"><dl>
2961<dt class="hdlist1">
2962<strong>/c/Users/erinn/build-scripts.git/osx-bundles/build-alpha/etc/tor/torrc</strong>
2963</dt>
2964<dd>
2965<p>
2966    The configuration file, which contains "option value" pairs.
2967</p>
2968</dd>
2969<dt class="hdlist1">
2970<strong>/c/Users/erinn/build-scripts.git/osx-bundles/build-alpha/var/lib/tor/</strong>
2971</dt>
2972<dd>
2973<p>
2974    The tor process stores keys and other data here.
2975</p>
2976</dd>
2977<dt class="hdlist1">
2978<em>DataDirectory</em><strong>/cached-status/</strong>
2979</dt>
2980<dd>
2981<p>
2982    The most recently downloaded network status document for each authority.
2983    Each file holds one such document; the filenames are the hexadecimal
2984    identity key fingerprints of the directory authorities.
2985</p>
2986</dd>
2987<dt class="hdlist1">
2988<em>DataDirectory</em><strong>/cached-descriptors</strong> and <strong>cached-descriptors.new</strong>
2989</dt>
2990<dd>
2991<p>
2992    These files hold downloaded router statuses. Some routers may appear more
2993    than once; if so, the most recently published descriptor is used. Lines
2994    beginning with @-signs are annotations that contain more information about
2995    a given router. The ".new" file is an append-only journal; when it gets
2996    too large, all entries are merged into a new cached-descriptors file.
2997</p>
2998</dd>
2999<dt class="hdlist1">
3000<em>DataDirectory</em><strong>/cached-routers</strong> and <strong>cached-routers.new</strong>
3001</dt>
3002<dd>
3003<p>
3004    Obsolete versions of cached-descriptors and cached-descriptors.new. When
3005    Tor can&#8217;t find the newer files, it looks here instead.
3006</p>
3007</dd>
3008<dt class="hdlist1">
3009<em>DataDirectory</em><strong>/state</strong>
3010</dt>
3011<dd>
3012<p>
3013    A set of persistent key-value mappings. These are documented in
3014    the file. These include:
3015</p>
3016<div class="ulist"><ul>
3017<li>
3018<p>
3019The current entry guards and their status.
3020</p>
3021</li>
3022<li>
3023<p>
3024The current bandwidth accounting values (unused so far; see
3025            below).
3026</p>
3027</li>
3028<li>
3029<p>
3030When the file was last written
3031</p>
3032</li>
3033<li>
3034<p>
3035What version of Tor generated the state file
3036</p>
3037</li>
3038<li>
3039<p>
3040A short history of bandwidth usage, as produced in the router
3041            descriptors.
3042</p>
3043</li>
3044</ul></div>
3045</dd>
3046<dt class="hdlist1">
3047<em>DataDirectory</em><strong>/bw_accounting</strong>
3048</dt>
3049<dd>
3050<p>
3051    Used to track bandwidth accounting values (when the current period starts
3052    and ends; how much has been read and written so far this period). This file
3053    is obsolete, and the data is now stored in the 'state' file as well. Only
3054    used when bandwidth accounting is enabled.
3055</p>
3056</dd>
3057<dt class="hdlist1">
3058<em>DataDirectory</em><strong>/control_auth_cookie</strong>
3059</dt>
3060<dd>
3061<p>
3062    Used for cookie authentication with the controller. Location can be
3063    overridden by the CookieAuthFile config option. Regenerated on startup. See
3064    control-spec.txt for details. Only used when cookie authentication is
3065    enabled.
3066</p>
3067</dd>
3068<dt class="hdlist1">
3069<em>DataDirectory</em><strong>/keys/</strong>*
3070</dt>
3071<dd>
3072<p>
3073    Only used by servers. Holds identity keys and onion keys.
3074</p>
3075</dd>
3076<dt class="hdlist1">
3077<em>DataDirectory</em><strong>/fingerprint</strong>
3078</dt>
3079<dd>
3080<p>
3081    Only used by servers. Holds the fingerprint of the server&#8217;s identity key.
3082</p>
3083</dd>
3084<dt class="hdlist1">
3085<em>DataDirectory</em><strong>/approved-routers</strong>
3086</dt>
3087<dd>
3088<p>
3089    Only for naming authoritative directory servers (see
3090    <strong>NamingAuthoritativeDirectory</strong>). This file lists nickname to identity
3091    bindings. Each line lists a nickname and a fingerprint separated by
3092    whitespace. See your <strong>fingerprint</strong> file in the <em>DataDirectory</em> for an
3093    example line. If the nickname is <strong>!reject</strong> then descriptors from the
3094    given identity (fingerprint) are rejected by this server. If it is
3095    <strong>!invalid</strong> then descriptors are accepted but marked in the directory as
3096    not valid, that is, not recommended.
3097</p>
3098</dd>
3099<dt class="hdlist1">
3100<em>DataDirectory</em><strong>/router-stability</strong>
3101</dt>
3102<dd>
3103<p>
3104    Only used by authoritative directory servers. Tracks measurements for
3105    router mean-time-between-failures so that authorities have a good idea of
3106    how to set their Stable flags.
3107</p>
3108</dd>
3109<dt class="hdlist1">
3110<em>HiddenServiceDirectory</em><strong>/hostname</strong>
3111</dt>
3112<dd>
3113<p>
3114    The &lt;base32-encoded-fingerprint&gt;.onion domain name for this hidden service.
3115    If the hidden service is restricted to authorized clients only, this file
3116    also contains authorization data for all clients.
3117</p>
3118</dd>
3119<dt class="hdlist1">
3120<em>HiddenServiceDirectory</em><strong>/private_key</strong>
3121</dt>
3122<dd>
3123<p>
3124    The private key for this hidden service.
3125</p>
3126</dd>
3127<dt class="hdlist1">
3128<em>HiddenServiceDirectory</em><strong>/client_keys</strong>
3129</dt>
3130<dd>
3131<p>
3132    Authorization data for a hidden service that is only accessible by
3133    authorized clients.
3134</p>
3135</dd>
3136</dl></div>
3137</div>
3138<h2 id="_see_also">SEE ALSO</h2>
3139<div class="sectionbody">
3140<div class="paragraph"><p><strong>privoxy</strong>(1), <strong>tsocks</strong>(1), <strong>torify</strong>(1)<br /></p></div>
3141<div class="paragraph"><p><strong>https://www.torproject.org/</strong></p></div>
3142</div>
3143<h2 id="_bugs">BUGS</h2>
3144<div class="sectionbody">
3145<div class="paragraph"><p>Plenty, probably. Tor is still in development. Please report them.</p></div>
3146</div>
3147<h2 id="_authors">AUTHORS</h2>
3148<div class="sectionbody">
3149<div class="paragraph"><p>Roger Dingledine [arma at mit.edu], Nick Mathewson [nickm at alum.mit.edu].</p></div>
3150</div>
3151<div id="footer">
3152<div id="footer-text">
3153Last updated 2011-12-15 11:28:37 EDT
3154</div>
3155</div>
3156</body>
3157</html>