commit 6068a5ec52c8b3177f7ad47d2dcb8f1454893e83 Author: Isis Lovecruft <isis@torproject.org> Date: Fri Jan 17 16:41:20 2014 +0000 Sync bridgedb.conf with bridgedb-admin.git (no settings changed). --- bridgedb.conf | 85 +++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 56 insertions(+), 29 deletions(-) diff --git a/bridgedb.conf b/bridgedb.conf index a0a1f57..bf97077 100644 --- a/bridgedb.conf +++ b/bridgedb.conf @@ -8,12 +8,34 @@ # pretend you're writing Python, and everything will be peachy keen. #______________________________________________________________________________ # -# This file is part of BridgeDB, a Tor bridge distribution system. +# Part of BridgeDB, a Tor bridge distribution system. # -# :copyright: (c) 2007-2013, The Tor Project, Inc. +# :authors: The Tor Project, Inc. +# :license: This file is freely distributed as part of BridgeDB, see LICENSE +# for details. +# :copyright: (c) 2007-2013 The Tor Project, Inc. # (c) 2007-2013, all sentient entities within the AUTHORS file -# :license: see LICENSE for licensing information -#______________________________________________________________________________ +# :version: 0.0.3 +#=============================================================================== +# +# CHANGELOG: +# ~~~~~~~~~~ +# Changes in version 0.0.3 - 2014-01-17 +# * UPDATE config from bridgedb.git/bridgedb.conf, without changing any of the +# settings. +# +# Changes in version 0.0.2 - 2014-01-17 +# * ADD missing settings, EMAIL_GPG_SIGNING_ENABLED and EMAIL_GPG_SIGNING_KEY. +# +# Changes in version 0.0.1 - 2013-08-30 +# * ADD version of config file in use on ponticum. +# - Two config variables, RECAPTCHA_PUB_KEY and RECAPTCHA_PRIV_KEY, have +# been removed, they can be found in: +# patches/001-bridgedb-conf-recaptcha-vars.patch. +# * CLEANUP the config file slightly (such as adding these headers) and +# fixing the linewraps. No other variables were touched. +# +#=============================================================================== #===========================# # General-purpose options # @@ -33,6 +55,10 @@ # can read it. #------------------------------------------------------------------------------ +# We chdir to this directory when we start; all files with relative pathnames +# are created under this directory +#RUN_IN_DIR = "/srv/bridges.torproject.org/run" + # List of filenames from which we read ``@type bridge-server-descriptor``s, on # startup and on SIGHUP. BRIDGE_FILES = ["bridge-descriptors"] @@ -62,9 +88,6 @@ HTTPS_KEY_FILE="privkey.pem" # Either a file to log to, or None if we should log to the console. LOGFILE = "bridgedb.log" -# File to which we dump bridge pool assignments for statistics. -ASSIGNMENTS_FILE = "assignments.log" - # File in which to write our pid PIDFILE = "bridgedb.pid" @@ -93,7 +116,7 @@ PROXY_LIST_FILES = [] # Be sure to also see the LOGFILE option above! #------------------------------------------------------------------------------ -# One of "DEBUG", "INFO", "WARNING", "ERROR"... +# One of "DEBUG", "INFO", "WARNING", "ERROR", or "FATAL: LOGLEVEL = "DEBUG" # If true, we scrub all potentially identifying information before we log it @@ -103,10 +126,12 @@ SAFELOGGING = True LOGFILE_COUNT = 5 LOGFILE_ROTATE_SIZE = 10000000 - # Only consider routers whose purpose matches this string. BRIDGE_PURPOSE = "bridge" +# File to which we dump bridge pool assignments for statistics. +ASSIGNMENTS_FILE = "assignments.log" + # How many clusters do we group IPs in when distributing bridges based on IP? # Note that if PROXY_LIST_FILES is set (below), what we actually do here # is use one higher than the number here, and the extra cluster is used @@ -118,7 +143,7 @@ N_IP_CLUSTERS = 4 FORCE_PORTS = [(443, 1)] # If possible, always give a certain number of answers with a given flag. -# Only "stable" is now supported. This is a list of (flag,minimum) tuples. +# Only "Stable" is now supported. This is a list of (flag,minimum) tuples. FORCE_FLAGS = [("Stable", 1)] #------------------------------- @@ -131,7 +156,7 @@ FORCE_FLAGS = [("Stable", 1)] # your SSL certificate and key! #------------------------------------------------------------------------------ -# Set to ``True`` to enable distribution via HTTP or HTTPS; False otherwise. +# (boolean) True to enable distribution via HTTP or HTTPS; False otherwise. HTTPS_DIST = True # (string or None) The IP address where we listen for HTTPS connections. If @@ -141,7 +166,7 @@ HTTPS_BIND_IP = '127.0.0.1' # (integer or None) The port to listen on for incoming HTTPS connections. HTTPS_PORT = 6789 -# How many bridges do we give back in an answer? +# How many bridges do we give back in an answer (either HTTP or HTTPS)? HTTPS_N_BRIDGES_PER_ANSWER = 3 # Should we tell http users about the bridge fingerprints? Turn this on @@ -160,14 +185,10 @@ HTTP_UNENCRYPTED_BIND_IP = None # (integer or None) The port to listen on for incoming HTTP connections. HTTP_UNENCRYPTED_PORT = None -# Same as the ``HTTPS_USE_IP_FROM_FORWARDED_HEADER`` option, but for +# (boolean) Same as the HTTPS_USE_IP_FROM_FORWARDED_HEADER option, but for # unencrypted connections. HTTP_USE_IP_FROM_FORWARDED_HEADER = False -# The number of bridges to hand out per response by the unencrypted HTTP -# distributor -HTTP_N_BRIDGES_PER_ANSWER = 3 - #------------------------------- # Email Distribution Options \ #------------------------------------------------------------------------------ @@ -181,11 +202,14 @@ HTTP_N_BRIDGES_PER_ANSWER = 3 # True if we are enabling distribution via Email; false otherwise. EMAIL_DIST = True -# What email addresses do we use for outgoing email? EMAIL_FROM_ADDR goes -# in the From: line in outgoing headers, and EMAIL_SMTP_FROM_ADDR goes in -# the MAIL FROM header in outgoing SMTP. +# What email addresses do we use for outgoing email? + +# EMAIL_FROM_ADDR goes in the 'From:' header on outgoing emails: EMAIL_FROM_ADDR = "bridges@torproject.org" + +# EMAIL_SMTP_FROM_ADDR goes in the 'Mail-From:' header in outgoing SMTP: EMAIL_SMTP_FROM_ADDR = "bridges@torproject.org" + EMAIL_SMTP_HOST = "127.0.0.1" EMAIL_SMTP_PORT = 25 @@ -196,8 +220,8 @@ EMAIL_USERNAME = "bridges" EMAIL_DOMAINS = ["gmail.com", "yahoo.com"] # Map from unofficial domain to canonical domain. -EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com", - "googlemail.com" : "gmail.com"} +EMAIL_DOMAIN_MAP = {"mail.google.com": "gmail.com", + "googlemail.com": "gmail.com"} # Map from canonical domain to list of options for that domain. Recognized # options are: @@ -206,19 +230,19 @@ EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com", # with the value "pass", then drop the message. # # Note that unrecognized options are ignored; be sure to spell them right! -EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"], - 'yahoo.com' : ["dkim"]} +EMAIL_DOMAIN_RULES = {'gmail.com': ["ignore_dots", "dkim"], + 'yahoo.com': ["dkim"]} # If there are any IPs in this list, only allow incoming connections from # those IPs. EMAIL_RESTRICT_IPS = [] # IP and port to listen on for email connections. Debugging only. -EMAIL_BIND_IP="127.0.0.1" -EMAIL_PORT=6725 +EMAIL_BIND_IP = "127.0.0.1" +EMAIL_PORT = 6725 # How many bridges do we give back in an answer? -EMAIL_N_BRIDGES_PER_ANSWER=3 +EMAIL_N_BRIDGES_PER_ANSWER = 3 # Should we tell http users about the bridge fingerprints? Turn this on # once we have the vidalia/tor interaction fixed for everbody. @@ -243,7 +267,8 @@ EMAIL_GPG_SIGNING_KEY = 'gnupghome/TESTING.subkeys.sec' # it stays there; there is currently no mechanism for changing a bridge's # hashring allocation. # -# The bridges are allocated to these groups with the following proportions: +# Once a bridge is assigned to either of the first two groups, it stays there +# persistently. The bridges are allocated to these groups in a proportion of # # ``HTTPS_SHARE`` : ``EMAIL_SHARE`` : ``RESERVED_SHARE`` # ------------------------------------------------------------------------------ @@ -264,7 +289,9 @@ RESERVED_SHARE = 2 # the number of bridges. FILE_BUCKETS = {} -# Options related to recaptcha support. +# Recaptcha Options +# ----------------- + # Enable/Disable recaptcha RECAPTCHA_ENABLED = False