aboutsummaryrefslogtreecommitdiff
path: root/doc/man/tor.1.txt
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/tor.1.txt')
-rw-r--r--doc/man/tor.1.txt378
1 files changed, 248 insertions, 130 deletions
diff --git a/doc/man/tor.1.txt b/doc/man/tor.1.txt
index 7c0071500e..3672444c5d 100644
--- a/doc/man/tor.1.txt
+++ b/doc/man/tor.1.txt
@@ -67,11 +67,11 @@ The following options in this section are only recognized on the
[[opt-h]] **`-h`**, **`--help`**::
Display a short help message and exit.
-[[opt-f]] **`-f`** __FILE__::
+[[opt-f]] **`-f`**, **`--torrc-file`** __FILE__::
Specify a new configuration file to contain further Tor configuration
options, or pass *-* to make Tor read its configuration from standard
input. (Default: **`@CONFDIR@/torrc`**, or **`$HOME/.torrc`** if
- that file is not found)
+ that file is not found.)
[[opt-allow-missing-torrc]] **`--allow-missing-torrc`**::
Allow the configuration file specified by **`-f`** to be missing,
@@ -91,8 +91,9 @@ The following options in this section are only recognized on the
[[opt-hash-password]] **`--hash-password`** __PASSWORD__::
Generate a hashed password for control port access.
-[[opt-list-fingerprint]] **`--list-fingerprint`**::
- Generate your keys and output your nickname and fingerprint.
+[[opt-list-fingerprint]] **`--list-fingerprint`** [__key type__]::
+ Generate your keys and output your nickname and fingerprint. Optionally,
+ you can specify the key type as `rsa` (default) or `ed25519`.
[[opt-verify-config]] **`--verify-config`**::
Verify whether the configuration file is valid.
@@ -100,7 +101,7 @@ The following options in this section are only recognized on the
[[opt-dump-config]] **`--dump-config`** **`short`**|**`full`**::
Write a list of Tor's configured options to standard output.
When the `short` flag is selected, only write the options that
- are different from their default values
+ are different from their default values.
When `full` is selected, write every option.
[[opt-serviceinstall]] **`--service install`** [**`--options`** __command-line options__]::
@@ -965,23 +966,6 @@ forward slash (/) in the configuration file and on the command line.
If KIST is used in Schedulers, this is a multiplier of the per-socket
limit calculation of the KIST algorithm. (Default: 1.0)
-
-[[ServerTransportListenAddr]] **ServerTransportListenAddr** __transport__ __IP__:__PORT__::
- When this option is set, Tor will suggest __IP__:__PORT__ as the
- listening address of any pluggable transport proxy that tries to
- launch __transport__. (IPv4 addresses should written as-is; IPv6
- addresses should be wrapped in square brackets.) (Default: none)
-
-[[ServerTransportOptions]] **ServerTransportOptions** __transport__ __k=v__ __k=v__ ...::
- When this option is set, Tor will pass the __k=v__ parameters to
- any pluggable transport proxy that tries to launch __transport__. +
- (Example: ServerTransportOptions obfs45 shared-secret=bridgepasswd cache=/var/lib/tor/cache) (Default: none)
-
-[[ServerTransportPlugin]] **ServerTransportPlugin** __transport__ exec __path-to-binary__ [options]::
- The Tor relay launches the pluggable transport proxy in __path-to-binary__
- using __options__ as its command-line options, and expects to receive
- proxied client traffic from it. (Default: none)
-
[[Socks4Proxy]] **Socks4Proxy** __host__[:__port__]::
Tor will make all OR connections through the SOCKS 4 proxy at host:port
(or host:1080 if port is not specified).
@@ -1004,20 +988,20 @@ forward slash (/) in the configuration file and on the command line.
running. (Default: none)
[[TCPProxy]] **TCPProxy** __protocol__ __host__:__port__::
- Tor will use the given protocol to make all its OR (SSL) connections through
- a TCP proxy on host:port, rather than connecting directly to servers. You may
- want to set **FascistFirewall** to restrict the set of ports you might try to
- connect to, if your proxy only allows connecting to certain ports. There is no
- equivalent option for directory connections, because all Tor client versions
- that support this option download directory documents via OR connections. +
+ Tor will use the given protocol to make all its OR (SSL) connections through
+ a TCP proxy on host:port, rather than connecting directly to servers. You may
+ want to set **FascistFirewall** to restrict the set of ports you might try to
+ connect to, if your proxy only allows connecting to certain ports. There is no
+ equivalent option for directory connections, because all Tor client versions
+ that support this option download directory documents via OR connections. +
+
- The only protocol supported right now 'haproxy'. This option is only for
- clients. (Default: none) +
+ The only protocol supported right now 'haproxy'. This option is only for
+ clients. (Default: none) +
+
- The HAProxy version 1 proxy protocol is described in detail at
- https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt +
+ The HAProxy version 1 proxy protocol is described in detail at
+ https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt +
+
- Both source IP address and source port will be set to zero.
+ Both source IP address and source port will be set to zero.
[[TruncateLogFile]] **TruncateLogFile** **0**|**1**::
If 1, Tor will overwrite logs at startup and in response to a HUP signal,
@@ -1240,16 +1224,6 @@ The following options are useful only for clients (that is, if
**FascistFirewall** is set. This option is deprecated; use ReachableAddresses
instead. (Default: 80, 443)
-[[HidServAuth]] **HidServAuth** __onion-address__ __auth-cookie__ [__service-name__]::
- Client authorization for a v2 hidden service. Valid onion addresses contain 16
- characters in a-z2-7 plus ".onion", and valid auth cookies contain 22
- characters in A-Za-z0-9+/. The service name is only used for internal
- purposes, e.g., for Tor controllers. This option may be used multiple times
- for different hidden services. If a hidden service uses authorization and
- this option is not set, the hidden service is not accessible. Hidden
- services can be configured to require authorization using the
- **HiddenServiceAuthorizeClient** option.
-
[[HTTPTunnelPort]] **HTTPTunnelPort** ['address'**:**]{empty}__port__|**auto** [_isolation flags_]::
Open this port to listen for proxy connections using the "HTTP CONNECT"
protocol instead of SOCKS. Set this to
@@ -1775,6 +1749,13 @@ The following options are useful only for clients (that is, if
the guard-n-primary-guards consensus parameter, and default to 3 if the
consensus parameter isn't set. (Default: 0)
+[[VanguardsLiteEnabled]] **VanguardsLiteEnabled** **0**|**1**|**auto**::
+ This option specifies whether clients should use the vanguards-lite
+ subsystem to protect against guard discovery attacks. If it's set to
+ 'auto', clients will do what the vanguards-lite-enabled consensus parameter
+ tells them to do, and will default to enable the subsystem if the consensus
+ parameter isn't set. (Default: auto)
+
[[UseMicrodescriptors]] **UseMicrodescriptors** **0**|**1**|**auto**::
Microdescriptors are a smaller version of the information that Tor needs
in order to build its circuits. Using microdescriptors makes Tor clients
@@ -1888,6 +1869,12 @@ The following options control when Tor enters and leaves dormant mode:
counts as client activity for the purpose of DormantClientTimeout.
If false, then only network activity counts. (Default: 1)
+[[DormantTimeoutEnabled]] **DormantTimeoutEnabled** **0**|**1**::
+ If false, then no amount of time without activity is sufficient to
+ make Tor go dormant. Setting this option to zero is only recommended for
+ special-purpose applications that need to use the Tor binary for
+ something other than sending or receiving Tor traffic. (Default: 1)
+
== NODE SELECTION OPTIONS
// These options are in alphabetical order, with exceptions as noted.
@@ -2206,13 +2193,14 @@ is non-zero):
(Default: "month 1 0:00")
[[Address]] **Address** __address__::
- The IPv4 address of this server, or a fully qualified domain name of
- this server that resolves to an IPv4 address. You can leave this
- unset, and Tor will try to guess your IPv4 address. This IPv4
- address is the one used to tell clients and other servers where to
- find your Tor server; it doesn't affect the address that your server
- binds to. To bind to a different address, use the ORPort and
- OutboundBindAddress options.
+ The address of this server, or a fully qualified domain name of this server
+ that resolves to an address. You can leave this unset, and Tor will try to
+ guess your address. If a domain name is provided, Tor will attempt to
+ resolve it and use the underlying IPv4/IPv6 address as its publish address
+ (taking precedence over the ORPort configuration). The publish address is
+ the one used to tell clients and other servers where to find your Tor
+ server; it doesn't affect the address that your server binds to. To bind
+ to a different address, use the ORPort and OutboundBindAddress options.
[[AddressDisableIPv6]] **AddressDisableIPv6** **0**|**1**::
By default, Tor will attempt to find the IPv6 of the relay if there is no
@@ -2241,21 +2229,13 @@ is non-zero):
relay is configured in bridge mode.
//Out of order because it logically belongs after BridgeRelay.
-[[BridgeRecordUsageByCountry]] **BridgeRecordUsageByCountry** **0**|**1**::
- When this option is enabled and BridgeRelay is also enabled, and we have
- GeoIP data, Tor keeps a per-country count of how many client
- addresses have contacted it so that it can help the bridge authority guess
- which countries have blocked access to it. If ExtraInfoStatistics is
- enabled, it will be published as part of the extra-info document.
- (Default: 1)
-
-//Out of order because it logically belongs after BridgeRelay.
[[BridgeDistribution]] **BridgeDistribution** __string__::
If set along with BridgeRelay, Tor will include a new line in its
bridge descriptor which indicates to the BridgeDB service how it
would like its bridge address to be given out. Set it to "none" if
you want BridgeDB to avoid distributing your bridge address, or "any" to
- let BridgeDB decide. (Default: any)
+ let BridgeDB decide. See https://bridges.torproject.org/info for a more
+ up-to-date list of options. (Default: any)
[[ContactInfo]] **ContactInfo** __email_address__::
Administrative contact information for this relay or bridge. This line
@@ -2678,6 +2658,22 @@ is non-zero):
name lookups that your server does on behalf of clients. (Default:
"www.google.com, www.mit.edu, www.yahoo.com, www.slashdot.org")
+[[ServerTransportListenAddr]] **ServerTransportListenAddr** __transport__ __IP__:__PORT__::
+ When this option is set, Tor will suggest __IP__:__PORT__ as the
+ listening address of any pluggable transport proxy that tries to
+ launch __transport__. (IPv4 addresses should written as-is; IPv6
+ addresses should be wrapped in square brackets.) (Default: none)
+
+[[ServerTransportOptions]] **ServerTransportOptions** __transport__ __k=v__ __k=v__ ...::
+ When this option is set, Tor will pass the __k=v__ parameters to
+ any pluggable transport proxy that tries to launch __transport__. +
+ (Example: ServerTransportOptions obfs45 shared-secret=bridgepasswd cache=/var/lib/tor/cache) (Default: none)
+
+[[ServerTransportPlugin]] **ServerTransportPlugin** __transport__ exec __path-to-binary__ [options]::
+ The Tor relay launches the pluggable transport proxy in __path-to-binary__
+ using __options__ as its command-line options, and expects to receive
+ proxied client traffic from it. (Default: none)
+
[[ShutdownWaitLength]] **ShutdownWaitLength** __NUM__::
When we get a SIGINT and we're a server, we begin shutting down:
we close listeners and start refusing new circuits. After **NUM**
@@ -2705,6 +2701,14 @@ Relays publish most statistics in a document called the
extra-info document. The following options affect the different
types of statistics that Tor relays collect and publish:
+[[BridgeRecordUsageByCountry]] **BridgeRecordUsageByCountry** **0**|**1**::
+ When this option is enabled and BridgeRelay is also enabled, and we have
+ GeoIP data, Tor keeps a per-country count of how many client
+ addresses have contacted it so that it can help the bridge authority guess
+ which countries have blocked access to it. If ExtraInfoStatistics is
+ enabled, it will be published as part of the extra-info document.
+ (Default: 1)
+
[[CellStatistics]] **CellStatistics** **0**|**1**::
Relays only.
When this option is enabled, Tor collects statistics about cell
@@ -2761,13 +2765,33 @@ types of statistics that Tor relays collect and publish:
(Default: 1)
[[HiddenServiceStatistics]] **HiddenServiceStatistics** **0**|**1**::
- Relays only.
+ Relays and bridges only.
When this option is enabled, a Tor relay writes obfuscated
statistics on its role as hidden-service directory, introduction
point, or rendezvous point to disk every 24 hours. If ExtraInfoStatistics
is enabled, it will be published as part of the extra-info document.
(Default: 1)
+[[OverloadStatistics]] **OverloadStatistics** *0**|**1**::
+ Relays and bridges only.
+ When this option is enabled, a Tor relay will write an overload general
+ line in the server descriptor if the relay is considered overloaded.
+ (Default: 1)
+ +
+ A relay is considered overloaded if at least one of these conditions is
+ met:
+ - Onionskins are starting to be dropped.
+ - The OOM was invoked.
+
+ - (Exit only) DNS timeout occurs X% of the time over Y seconds (values
+ controlled by consensus parameters, see param-spec.txt).
+ +
+ If ExtraInfoStatistics is enabled, it can also put two more specific
+ overload lines in the extra-info document if at least one of these
+ conditions is met:
+ - TCP Port exhaustion.
+ - Connection rate limits have been reached (read and write side).
+
[[PaddingStatistics]] **PaddingStatistics** **0**|**1**::
Relays and bridges only.
When this option is enabled, Tor collects statistics for padding cells
@@ -2805,6 +2829,11 @@ details.)
+
The same flags are supported here as are supported by ORPort. This port can
only be IPv4.
+ +
+ As of Tor 0.4.6.1-alpha, non-authoritative relays (see
+ AuthoritativeDirectory) will not publish the DirPort but will still listen
+ on it. Clients don't use the DirPorts on relays, so it is safe for you
+ to remove the DirPort from your torrc configuration.
[[DirPortFrontPage]] **DirPortFrontPage** __FILENAME__::
When this option is set, it takes an HTML file and publishes it as "/" on
@@ -2825,11 +2854,15 @@ details.)
== DENIAL OF SERVICE MITIGATION OPTIONS
-Tor has three built-in mitigation options that can be individually
-enabled/disabled and fine-tuned, but by default Tor directory authorities will
-define reasonable values for relays and no explicit configuration is required
-to make use of these protections. The mitigations take place at relays,
-and are as follows:
+Tor has a series of built-in denial of service mitigation options that can be
+individually enabled/disabled and fine-tuned, but by default Tor directory
+authorities will define reasonable values for the network and no explicit
+configuration is required to make use of these protections.
+
+The following is a series of configuration options for relays and then options
+for onion services and how they work.
+
+The mitigations take place at relays, and are as follows:
1. If a single client address makes too many concurrent connections (this is
configurable via DoSConnectionMaxConcurrentCount), hang up on further
@@ -2947,6 +2980,30 @@ Denial of Service mitigation subsystem described above.
consensus, the value is 100.
(Default: 0)
+[[DoSConnectionConnectRate]] **DoSConnectionConnectRate** __NUM__::
+
+ The allowed rate of client connection from a single address per second.
+ Coupled with the burst (see below), if the limit is reached, the address
+ is marked and a defense is applied (DoSConnectionDefenseType) for a period
+ of time defined by DoSConnectionConnectDefenseTimePeriod. If not defined
+ or set to 0, it is controlled by a consensus parameter.
+ (Default: 0)
+
+[[DoSConnectionConnectBurst]] **DoSConnectionConnectBurst** __NUM__::
+
+ The allowed burst of client connection from a single address per second.
+ See the DoSConnectionConnectRate for more details on this detection. If
+ not defined or set to 0, it is controlled by a consensus parameter.
+ (Default: 0)
+
+[[DoSConnectionConnectDefenseTimePeriod]] **DoSConnectionConnectDefenseTimePeriod** __N__ **seconds**|**minutes**|**hours**::
+
+ The base time period in seconds that the client connection defense is
+ activated for. The actual value is selected randomly for each activation
+ from N+1 to 3/2 * N. If not defined or set to 0, it is controlled by a
+ consensus parameter.
+ (Default: 24 hours)
+
[[DoSRefuseSingleHopClientRendezvous]] **DoSRefuseSingleHopClientRendezvous** **0**|**1**|**auto**::
Refuse establishment of rendezvous points for single hop clients. In other
@@ -2956,6 +3013,68 @@ Denial of Service mitigation subsystem described above.
(Default: auto)
+As for onion services, only one possible mitigation exists. It was intended to
+protect the network first and thus do not help the service availability or
+reachability.
+
+The mitigation we put in place is a rate limit of the amount of introduction
+that happens at the introduction point for a service. In other words, it rates
+limit the number of clients that are attempting to reach the service at the
+introduction point instead of at the service itself.
+
+The following options are per onion service:
+
+[[HiddenServiceEnableIntroDoSDefense]] **HiddenServiceEnableIntroDoSDefense** **0**|**1**::
+ Enable DoS defense at the intropoint level. When this is enabled, the
+ rate and burst parameter (see below) will be sent to the intro point which
+ will then use them to apply rate limiting for introduction request to this
+ service.
+ +
+ The introduction point honors the consensus parameters except if this is
+ specifically set by the service operator using this option. The service
+ never looks at the consensus parameters in order to enable or disable this
+ defense. (Default: 0)
+
+//Out of order because it logically belongs after HiddenServiceEnableIntroDoSDefense.
+[[HiddenServiceEnableIntroDoSBurstPerSec]] **HiddenServiceEnableIntroDoSBurstPerSec** __NUM__::
+ The allowed client introduction burst per second at the introduction
+ point. If this option is 0, it is considered infinite and thus if
+ **HiddenServiceEnableIntroDoSDefense** is set, it then effectively
+ disables the defenses. (Default: 200)
+
+[[HiddenServiceEnableIntroDoSRatePerSec]] **HiddenServiceEnableIntroDoSRatePerSec** __NUM__::
+ The allowed client introduction rate per second at the introduction
+ point. If this option is 0, it is considered infinite and thus if
+ **HiddenServiceEnableIntroDoSDefense** is set, it then effectively
+ disables the defenses. (Default: 25)
+
+The rate is the maximum number of clients a service will ask its introduction
+points to allow every seconds. And the burst is a parameter that allows that
+many within one second.
+
+For example, the default values of 25 and 200 respectively means that for every
+introduction points a service has (default 3 but can be configured with
+**HiddenServiceNumIntroductionPoints**), 25 clients per seconds will be allowed
+to reach the service and 200 at most within 1 second as a burst. This means
+that if 200 clients are seen within 1 second, it will take 8 seconds (200/25)
+for another client to be able to be allowed to introduce due to the rate of 25
+per second.
+
+This might be too much for your use case or not, fine tuning these values is
+hard and are likely different for each service operator.
+
+Why is this not helping reachability of the service? Because the defenses are
+at the introduction point, an attacker can easily flood all introduction point
+rendering the service unavailable due to no client being able to pass through.
+But, the service itself is not overwhelmed with connetions allowing it to
+function properly for the few clients that were able to go through or other any
+services running on the same tor instance.
+
+The bottom line is that this protects the network by preventing an onion
+service to flood the network with new rendezvous circuits that is reducing load
+on the network.
+
+
== DIRECTORY AUTHORITY SERVER OPTIONS
The following options enable operation as a directory authority, and
@@ -2993,6 +3112,11 @@ on the public Tor network.
is the same as for exit policies, except that you don't need to say
"accept" or "reject", and ports are not needed.)
+[[AuthDirMiddleOnly]] **AuthDirMiddleOnly** __AddressPattern...__::
+ Authoritative directories only. A set of address patterns for servers that
+ will be listed as middle-only in any network status document this authority
+ publishes, if **AuthDirListMiddleOnly** is set. +
+
[[AuthDirFastGuarantee]] **AuthDirFastGuarantee** __N__ **bytes**|**KBytes**|**MBytes**|**GBytes**|**TBytes**|**KBits**|**MBits**|**GBits**|**TBits**::
Authoritative directories only. If non-zero, always vote the
Fast flag for any relay advertising this amount of capacity or
@@ -3040,6 +3164,13 @@ on the public Tor network.
1 unless you plan to list non-functioning exits as bad; otherwise, you are
effectively voting in favor of every declared exit as an exit.)
+[[AuthDirListMiddleOnly]] **AuthDirListMiddleOnly** **0**|**1**::
+ Authoritative directories only. If set to 1, this directory has some
+ opinion about which nodes should only be used in the middle position.
+ (Do not set this to 1 unless you plan to list questionable relays
+ as "middle only"; otherwise, you are effectively voting _against_
+ middle-only status for every relay.)
+
[[AuthDirMaxServersPerAddr]] **AuthDirMaxServersPerAddr** __NUM__::
Authoritative directories only. The maximum number of servers that we will
list as acceptable on a single IP address. Set this to "0" for "no limit".
@@ -3058,18 +3189,20 @@ on the public Tor network.
authority publishes, or accepted as an OR address in any descriptor
submitted for publication by this authority.
+[[AuthDirRejectRequestsUnderLoad]] **AuthDirRejectRequestsUnderLoad** **0**|**1**::
+ If set, the directory authority will start rejecting directory requests
+ from non relay connections by sending a 503 error code if it is under
+ bandwidth pressure (reaching the configured limit if any). Relays will
+ always tried to be answered even if this is on. (Default: 1)
+
//Out of order because it logically belongs with the other CCs options.
[[AuthDirBadExitCCs]] **AuthDirBadExitCCs** __CC__,... +
//Out of order because it logically belongs with the other CCs options.
[[AuthDirInvalidCCs]] **AuthDirInvalidCCs** __CC__,... +
-
-[[AuthDirRejectRequestsUnderLoad]] **AuthDirRejectRequestsUnderLoad** **0**|**1**::
- If set, the directory authority will start rejecting directory requests
- from non relay connections by sending a 503 error code if it is under
- bandwidth pressure (reaching the configured limit if any). Relays will
- always tried to be answered even if this is on. (Default: 1)
+//Out of order because it logically belongs with the other CCs options.
+[[AuthDirMiddleOnlytCCs]] **AuthDirMiddleOnlyCCs** __CC__,... +
[[AuthDirRejectCCs]] **AuthDirRejectCCs** __CC__,...::
Authoritative directories only. These options contain a comma-separated
@@ -3096,6 +3229,32 @@ on the public Tor network.
If set to 0, we vote Running for every relay, and don't perform
these tests. (Default: 1)
+[[AuthDirVoteGuard]] **AuthDirVoteGuard** __node__,__node__,__...__::
+ A list of identity fingerprints or country codes or address patterns of
+ nodes to vote Guard for regardless of their uptime and bandwidth. See
+ <<ExcludeNodes,ExcludeNodes>> for more information on how to specify nodes.
+
+[[AuthDirVoteGuardBwThresholdFraction]] **AuthDirVoteGuardBwThresholdFraction** __FRACTION__::
+ The Guard flag bandwidth performance threshold fraction that is the
+ fraction representing who gets the Guard flag out of all measured
+ bandwidth. (Default: 0.75)
+
+[[AuthDirVoteGuardGuaranteeTimeKnown]] **AuthDirVoteGuardGuaranteeTimeKnown** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
+ A relay with at least this much weighted time known can be considered
+ familiar enough to be a guard. (Default: 8 days)
+
+[[AuthDirVoteGuardGuaranteeWFU]] **AuthDirVoteGuardGuaranteeWFU** __FRACTION__::
+ A level of weighted fractional uptime (WFU) is that is sufficient to be a
+ Guard. (Default: 0.98)
+
+[[AuthDirVoteStableGuaranteeMinUptime]] **AuthDirVoteStableGuaranteeMinUptime** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
+ If a relay's uptime is at least this value, then it is always considered
+ stable, regardless of the rest of the network. (Default: 30 days)
+
+[[AuthDirVoteStableGuaranteeMTBF]] **AuthDirVoteStableGuaranteeMTBF** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
+ If a relay's mean time between failures (MTBF) is least this value, then
+ it will always be considered stable. (Default: 5 days)
+
[[BridgePassword]] **BridgePassword** __Password__::
If set, contains an HTTP authenticator that tells a bridge authority to
serve all requested bridge information. Used by the (only partially
@@ -3216,20 +3375,6 @@ The next section describes the per service options that can only be set
not an authorization mechanism; it is instead meant to be a mild
inconvenience to port-scanners.) (Default: 0)
-[[HiddenServiceAuthorizeClient]] **HiddenServiceAuthorizeClient** __auth-type__ __client-name__,__client-name__,__...__::
- If configured, the v2 hidden service is accessible for authorized clients
- only. The auth-type can either be \'basic' for a general-purpose
- authorization protocol or \'stealth' for a less scalable protocol that also
- hides service activity from unauthorized clients. Only clients that are
- listed here are authorized to access the hidden service. Valid client names
- are 1 to 16 characters long and only use characters in A-Za-z0-9+-_ (no
- spaces). If this option is set, the hidden service is not accessible for
- clients without authorization any more. Generated authorization data can be
- found in the hostname file. Clients need to put this authorization data in
- their configuration file using **HidServAuth**. This option is only for v2
- services; v3 services configure client authentication in a subdirectory of
- HiddenServiceDir instead (see <<client-authorization,CLIENT AUTHORIZATION>>).
-
[[HiddenServiceDir]] **HiddenServiceDir** __DIRECTORY__::
Store data files for a hidden service in DIRECTORY. Every hidden service
must have a separate directory. You may use this option multiple times to
@@ -3248,30 +3393,6 @@ The next section describes the per service options that can only be set
only owner is able to read the hidden service directory. (Default: 0)
Has no effect on Windows.
-[[HiddenServiceEnableIntroDoSDefense]] **HiddenServiceEnableIntroDoSDefense** **0**|**1**::
- Enable DoS defense at the intropoint level. When this is enabled, the
- rate and burst parameter (see below) will be sent to the intro point which
- will then use them to apply rate limiting for introduction request to this
- service.
- +
- The introduction point honors the consensus parameters except if this is
- specifically set by the service operator using this option. The service
- never looks at the consensus parameters in order to enable or disable this
- defense. (Default: 0)
-
-//Out of order because it logically belongs after HiddenServiceEnableIntroDoSDefense.
-[[HiddenServiceEnableIntroDoSBurstPerSec]] **HiddenServiceEnableIntroDoSBurstPerSec** __NUM__::
- The allowed client introduction burst per second at the introduction
- point. If this option is 0, it is considered infinite and thus if
- **HiddenServiceEnableIntroDoSDefense** is set, it then effectively
- disables the defenses. (Default: 200)
-
-[[HiddenServiceEnableIntroDoSRatePerSec]] **HiddenServiceEnableIntroDoSRatePerSec** __NUM__::
- The allowed client introduction rate per second at the introduction
- point. If this option is 0, it is considered infinite and thus if
- **HiddenServiceEnableIntroDoSDefense** is set, it then effectively
- disables the defenses. (Default: 25)
-
[[HiddenServiceExportCircuitID]] **HiddenServiceExportCircuitID** __protocol__::
The onion service will use the given protocol to expose the global circuit
identifier of each inbound client circuit. The only
@@ -3324,7 +3445,7 @@ The next section describes the per service options that can only be set
[[HiddenServiceNumIntroductionPoints]] **HiddenServiceNumIntroductionPoints** __NUM__::
Number of introduction points the hidden service will have. You can't
- have more than 10 for v2 service and 20 for v3. (Default: 3)
+ have more than 20. (Default: 3)
[[HiddenServicePort]] **HiddenServicePort** __VIRTPORT__ [__TARGET__]::
Configure a virtual port VIRTPORT for a hidden service. You may use this
@@ -3338,17 +3459,9 @@ The next section describes the per service options that can only be set
connects to that VIRTPORT, one of the TARGETs from those lines will be
chosen at random. Note that address-port pairs have to be comma-separated.
-[[HiddenServiceVersion]] **HiddenServiceVersion** **2**|**3**::
+[[HiddenServiceVersion]] **HiddenServiceVersion** **3**::
A list of rendezvous service descriptor versions to publish for the hidden
- service. Currently, versions 2 and 3 are supported. (Default: 3)
-
-[[RendPostPeriod]] **RendPostPeriod** __N__ **seconds**|**minutes**|**hours**|**days**|**weeks**::
- Every time the specified period elapses, Tor uploads any rendezvous
- service descriptors to the directory servers. This information is also
- uploaded whenever it changes. Minimum value allowed is 10 minutes and
- maximum is 3.5 days. This option is only for v2 services.
- (Default: 1 hour)
-
+ service. Currently, only version 3 is supported. (Default: 3)
**PER INSTANCE OPTIONS:**
@@ -3397,8 +3510,6 @@ The next section describes the per service options that can only be set
[[client-authorization]]
== CLIENT AUTHORIZATION
-(Version 3 only)
-
Service side:
To configure client authorization on the service side, the
@@ -3492,14 +3603,15 @@ The following options are used for running a testing Tor network.
[[TestingAuthKeySlop]] **TestingAuthKeySlop** __N__ **seconds**|**minutes**|**hours** +
[[TestingBridgeBootstrapDownloadInitialDelay]] **TestingBridgeBootstrapDownloadInitialDelay** __N__::
- Initial delay in seconds for when clients should download each bridge descriptor when they
- have just started, or when they can not contact any of their bridges.
+ Initial delay in seconds for how long clients should wait before
+ downloading a bridge descriptor for a new bridge.
Changing this requires that **TestingTorNetwork** is set. (Default: 0)
[[TestingBridgeDownloadInitialDelay]] **TestingBridgeDownloadInitialDelay** __N__::
- Initial delay in seconds for when clients should download each bridge descriptor when they
- know that one or more of their configured bridges are running. Changing
- this requires that **TestingTorNetwork** is set. (Default: 10800)
+ How long to wait (in seconds) once clients have successfully
+ downloaded a bridge descriptor, before trying another download for
+ that same bridge. Changing this requires that **TestingTorNetwork**
+ is set. (Default: 10800)
[[TestingClientConsensusDownloadInitialDelay]] **TestingClientConsensusDownloadInitialDelay** __N__::
Initial delay in seconds for when clients should download consensuses. Changing this
@@ -3818,7 +3930,12 @@ __KeyDirectory__/**`secret_onion_key_ntor`** and **`secret_onion_key_ntor.old`**
by clients that didn't have the new one.
__DataDirectory__/**`fingerprint`**::
- Only used by servers. Contains the fingerprint of the server's identity key.
+ Only used by servers. Contains the fingerprint of the server's RSA
+ identity key.
+
+__DataDirectory__/**`fingerprint-ed25519`**::
+ Only used by servers. Contains the fingerprint of the server's ed25519
+ identity key.
__DataDirectory__/**`hashed-fingerprint`**::
Only used by bridges. Contains the hashed fingerprint of the bridge's
@@ -3834,7 +3951,8 @@ __DataDirectory__/**`approved-routers`**::
descriptors are accepted, but marked in the vote as not valid.
If it is **!badexit**, then the authority will vote for it to receive a
BadExit flag, indicating that it shouldn't be used for traffic leaving
- the Tor network.
+ the Tor network. If it is **!middleonly**, then the authority will
+ vote for it to only be used in the middle of circuits.
(Neither rejected nor invalid relays are included in the consensus.)
__DataDirectory__/**`v3-status-votes`**::
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion