commit d7568ec679bffe1cbfa25a5d71dc41215b197251 Author: traumschule traumschuleriebau@riseup.net Date: Wed Aug 22 00:44:07 2018 +0200
faq: improved torrc/datadir section ; several housekeeping tasks
- linked first occurrence of torrc in every answer to #torrc - replaced absolute links to torproject.org with relative ones - added TODO to questions in html comments --- docs/en/faq.wml | 130 +++++++++++++++++++++++++++++++++----------------------- 1 file changed, 78 insertions(+), 52 deletions(-)
diff --git a/docs/en/faq.wml b/docs/en/faq.wml index 04718a37..05eaff4e 100644 --- a/docs/en/faq.wml +++ b/docs/en/faq.wml @@ -119,6 +119,7 @@ <ul> <li><a href="#torrc">I'm supposed to "edit my torrc". What does that mean?</a></li> + <li><a href="#datadir">Where's tor's data directory?</a></li> <li><a href="#Logs">How do I set up logging, or see Tor's logs?</a></li> <li><a href="#LogLevel">What log level should I use?</a></li> @@ -1067,7 +1068,7 @@ idea. Tor Browser aims to provide sufficient privacy that additional add-ons to stop ads and trackers are not necessary. Using add-ons like these may cause some sites to break, which - <a href="https://www.torproject.org/projects/torbrowser/design/#philosophy"> + <a href="/projects/torbrowser/design/#philosophy"> we don't want to do</a>. Additionally, maintaining a list of "bad" sites that should be black-listed provides another opportunity to uniquely fingerprint users. @@ -1417,15 +1418,15 @@ </p>
<p> - First (best option), if you're on Linux, you can install the system - Tor package (e.g. apt-get install tor) and then set it up to be a relay - (<a href="https://www.torproject.org/docs/tor-relay-debian"> - instructions</a>). You can then use TBB independent of that. + First (best option), if you're on Linux, you can install the + <a href="<page download/download-unix>">system Tor package</a> + (e.g. apt-get install tor) and then set it up to be a relay + (<a href="https://www.torproject.org/docs/tor-relay-debian">instructions</a>). + You can then use TBB independent of that. </p>
- <p> - Second (complex option), you can edit your torrc file (in Data/Tor/torrc) + Second (complex option), you can edit your <a href="#torrc">torrc file</a> directly to add the following lines: </p>
@@ -1468,7 +1469,8 @@ README file</a> for the build instructions. There is also some informations in the <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking"> - Tor Browser Hacking Guide</a>. + Tor Browser Hacking Guide</a>. Also see our + <a href="<page docs/verifying-signatures>">fingerprint verification guide</a>. </p>
<hr> @@ -1476,9 +1478,9 @@ <a id="AdvancedTorUsage"></a> <h2><a class="anchor" href="#AdvancedTorUsage">Advanced Tor usage:</a></h2>
- <a id="torrc"></a> + <a id="torrc"></a><a id="datadir"></a> <h3><a class="anchor" href="#torrc">I'm supposed to "edit my torrc". - What does that mean?</a></h3> + What does that mean? Where's tor's data directory?</a></h3>
<p> Tor uses a text file called torrc that contains configuration @@ -1487,26 +1489,47 @@ </p>
<p> - If you installed Tor Browser on Windows or Linux, look for - <code>Browser/TorBrowser/Data/Tor/torrc</code> inside your Tor Browser - directory. - If you're on macOS, the torrc is in + If you installed Tor Browser on Windows or Linux, torrc is in the data + directory, which is <code>Browser/TorBrowser/Data/Tor</code> inside your + Tor Browser directory. For the tor service on Windows see + <a href="#NTService">Windows NT</a>. + </p> + + <p> + If you're on macOS, the torrc is in the data directory at <code>~/Library/Application Support/TorBrowser-Data/Tor</code>. To get to it, press cmd-shift-g while in Finder and copy/paste that directory into the box that appears. </p>
<p> - Otherwise, if you are using Tor without Tor Browser, it looks for the - torrc file in <code>/usr/local/etc/tor/torrc</code> if you compiled tor - from source, and <code>/etc/tor/torrc</code> or <code>/etc/torrc</code> - if you installed a pre-built package. + Otherwise, if you are using Tor without Tor Browser, it looks for torrc at + differentt possible locations: </p> + <ul> + <li> + <code>/usr/local/etc/tor/torrc</code> if you compiled tor from source + </li> + <li> + <code>/etc/tor/torrc</code> or <code>/etc/torrc</code> if you installed a + pre-built package. The data directory usually is + <code>/var/lib/tor/</code>, if not defined otherwise with + <code>DataDirectory</code> in torrc. + </li> + <li><code>$HOME/.torrc</code>: fallback location if above file is not found. + </li> + <li> + You can define a different location for torrc with <code>-f FILE</code> and + set another data directory with <code>--DataDirectory DIR</code> as options + to tor. + </li> + </ul>
<p> - Once you've created or changed your torrc file, you will need to restart - tor for the changes to take effect. (For advanced users, note that - you actually only need to send Tor a HUP signal, not actually restart it.) + Once you've created or changed your torrc file, you will need to restart or + reload tor for the changes to take effect. On Debian use + <code>system tor reload</code>. (For advanced users, note that you + actually only need to send Tor a HUP signal, not actually restart it.) </p>
<p> @@ -1533,7 +1556,7 @@ <li>On OS X, Debian, Red Hat, etc, the logs are in /var/log/tor/ </li> <li>On Windows, there are no default log files currently. If you enable - logs in your torrc file, they default to <code>\username\Application + logs in your <a href="#torrc">torrc</a> file, they default to <code>\username\Application Data\tor\log</code> or <code>\Application Data\tor\log</code> </li> <li>If you compiled Tor from source, by default your Tor logs to @@ -1718,7 +1741,7 @@ If you don't find any good hints, you should consider running Tor in the foreground (from a shell) so you can see how it dies. Warning: if you switch to running Tor in the foreground, you might start using a different - torrc file, with a different default Data Directory; see the + <a href="#torrc">torrc</a> file, with a different default Data Directory; see the <a href="#UpgradeOrMove">relay-upgrade FAQ entry</a> for details. </li> @@ -1755,8 +1778,8 @@ <p> Yes. You can set preferred entry and exit nodes as well as inform Tor which nodes you do not want to use. - The following options can be added to your config file <a - href="#torrc">"torrc"</a> or specified on the command line: + The following options can be added to your config file + <a href="#torrc">torrc</a> or specified on the command line: </p> <dl> <dt><tt>EntryNodes $fingerprint,$fingerprint,...</tt></dt> @@ -1818,7 +1841,7 @@ versions. If your firewall works by blocking ports, then you can tell Tor to only use the ports when you start your Tor Browser. Or you can add the ports that your firewall permits by adding "FascistFirewall 1" to your - <a href="<page docs/faq>#torrc">torrc configuration file</a>. + <a href="#torrc">torrc configuration file</a>. By default, when you set this Tor assumes that your firewall allows only port 80 and port 443 (HTTP and HTTPS respectively). You can select a different set of ports with the FirewallPorts torrc option. @@ -1841,9 +1864,11 @@ versions. ports?</a></h3> <p> The default open ports are listed below but keep in mind that, any port or - ports can be opened by the relay operator by configuring it in torrc or - modifying the source code. But the default according to src/or/policies.c - from the source code release tor-0.2.4.16-rc is: + ports can be opened by the relay operator by configuring it in + <a href="#torrc">torrc</a> or modifying the source code. + <!-- TODO should we update this? --> + The default according to src/or/policies.c from the source code release + tor-0.2.4.16-rc: </p> <pre> reject 0.0.0.0/8 @@ -1934,7 +1959,7 @@ versions. with tor-resolve, then pass the IPs to your applications, you'll be fine. (Tor will still give the warning, but now you know what it means.) </li>
- <!-- I'm not sure if this project is still maintained or not + <!-- TODO I'm not sure if this project is still maintained or not <li>You can use TorDNS as a local DNS server to rectify the DNS leakage. See the Torify HOWTO for info on how to run particular applications anonymously.</li> @@ -1993,7 +2018,7 @@ versions. By default, your Tor client only listens for applications that connect from localhost. Connections from other computers are refused. If you want to torify applications on different computers - than the Tor client, you should edit your torrc to define + than the Tor client, you should edit your <a href="#torrc">torrc</a> to define SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you want to get more advanced, you can configure your Tor client on a firewall to bind to your internal IP but not your external IP. @@ -2019,7 +2044,7 @@ versions. key all around. </p> <p> - Configuration is simple, editing your torrc file's SocksListenAddress + Configuration is simple, editing your <a href="#torrc">torrc</a> file's SocksListenAddress according to the following examples: </p>
@@ -2130,8 +2155,8 @@ versions. using a dynamic IP address?</a></h3>
<p> - Tor can handle relays with dynamic IP addresses just fine. Just leave - the "Address" line in your torrc blank, and Tor will guess. + Tor can handle relays with dynamic IP addresses just fine. Just leave the + "Address" line in your <a href="#torrc">torrc</a> blank, and Tor will guess. </p>
<hr> @@ -2143,9 +2168,9 @@ versions. Tor has <a href="<wiki>org/roadmaps/Tor/IPv6Features">partial</a> support for IPv6 and we encourage every relay operator to <a href="<wiki>TorRelayGuide#IPv6">enable IPv6 functionality</a> in their - torrc configuration files when IPv6 connectivity is available. - For the time being Tor will require IPv4 addresses on relays, you can not - run a Tor relay on a host with IPv6 addresses only. + <a href="#torrc">torrc</a> configuration files when IPv6 connectivity is + available. For the time being Tor will require IPv4 addresses on relays, + you can not run a Tor relay on a host with IPv6 addresses only. </p>
<hr> @@ -2244,7 +2269,7 @@ versions. options are available to Tor relays?</a></h3>
<p> - There are two options you can add to your torrc file: + There are two options you can add to your <a href="#torrc">torrc</a> file: </p> <ul> <li> @@ -2298,7 +2323,7 @@ versions. <h3><a class="anchor" href="#LimitTotalBandwidth">How can I limit the total amount of bandwidth used by my Tor relay?</a></h3> <p> - The accounting options in the torrc file allow you to specify the maximum + The accounting options in the <a href="#torrc">torrc</a> file allow you to specify the maximum amount of bytes your relay uses for a time period. </p> <pre> @@ -2394,7 +2419,7 @@ versions. working relay setup) is as follows:</p>
<ul> - <li>In the relay Tor torrc file, simply set the SocksPort to 0.</li> + <li>In the relay Tor <a href="#torrc">torrc</a> file, simply set the SocksPort to 0.</li> <li>Create a new client torrc file from the torrc.sample and ensure it uses a different log file from the relay. One naming convention may be torrc.client and torrc.relay.</li> @@ -2574,7 +2599,7 @@ don't want to deal with abuse issues.</a></h3>
<p> This means that if you're upgrading your Tor relay and you keep the same - torrc and the same DataDirectory, then the upgrade should just work and + <a href="#torrc">torrc and the same DataDirectory</a>, then the upgrade should just work and your relay will keep using the same key. If you need to pick a new DataDirectory, be sure to copy your old keys/ed25519_master_id_secret_key and keys/secret_id_key over. @@ -2615,7 +2640,7 @@ don't want to deal with abuse issues.</a></h3> and confirms that the medium term signing key is valid for a certain period of time. The default validity is 30 days, but this can be customized by setting "SigningKeyLifetime N days|weeks|months" in - torrc.</li> + <a href="#torrc">torrc</a>.</li> <li>there is also a master public key named "ed25519_master_id_public_key, which is the actual identity of the relay advertised in the network. This one is not sensitive and can be easily @@ -2681,7 +2706,7 @@ don't want to deal with abuse issues.</a></h3> <p> Optionally, you can specify additional options for the Tor service using the -options argument. For example, if you want Tor to use C:\tor\torrc, - instead of the default torrc, and open a control port on port 9151, you + instead of the default <a href="#torrc">torrc</a>, and open a control port on port 9151, you would run: </p>
@@ -3119,9 +3144,10 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor%22%3ENoisebridge</a> tool for configuring, controlling and running tests on a testing Tor network. It requires that you have Tor and Python (2.5 or later) installed on your system. You can use Chutney to create a testing - network by generating Tor configuration files (torrc) and necssary keys - (for the directory authorities). Then you can let Chutney start your Tor - authorities, relays and clients and wait for the network to bootstrap. + network by generating Tor configuration files (<a href="#torrc">torrc</a>) + and necessary keys (for the directory authorities). Then you can let + Chutney start your Tor authorities, relays and clients and wait for the + network to bootstrap. Finally, you can have Chutney run tests on your network to see which things work and which do not. Chutney is typically used for running a testing network with about 10 instances of Tor. Every instance of Tor @@ -3265,7 +3291,7 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor%22%3ENoisebridge</a> a series of proxies. Your communication is encrypted in multiple layers and routed via multiple hops through the Tor network to the final receiver. More details on this process can be found in the <a - href="https://www.torproject.org/about/overview%22%3ETor overview</a>. + href="<page about/overview>">Tor overview</a>. Note that all your local ISP can observe now is that you are communicating with Tor nodes. Similarly, servers in the Internet just see that they are being contacted by Tor nodes. @@ -3371,7 +3397,7 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor%22%3ENoisebridge</a> identity leaks, Tor Browser also includes browser extensions like NoScript and Torbutton, as well as patches to the Firefox source code. The full design of Tor Browser can be read <a - href="https://www.torproject.org/projects/torbrowser/design/%22%3Ehere</a>. + href="/projects/torbrowser/design/index.html.en">here</a>. In designing a safe, secure solution for browsing the web with Tor, we've discovered that configuring <a href="#TBBOtherBrowser">other browsers</a> to use Tor is unsafe. @@ -3386,7 +3412,7 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor%22%3ENoisebridge</a>
<p> Tor is a work in progress. There is still <a - href="https://www.torproject.org/getinvolved/volunteer%22%3Eplenty of work + href="<page getinvolved/volunteer>">plenty of work left to do</a> for a strong, secure, and complete solution. </p>
@@ -3649,7 +3675,7 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor%22%3ENoisebridge</a> anonymity solution</a>.</b> If you're looking for a trusted entry into the Tor network, or if you want to obscure the fact that you're using Tor, - <a href="https://www.torproject.org/docs/bridges#RunningABridge">setting up + <a href="<page docs/bridges>#RunningABridge">setting up a private server as a bridge</a> works quite well. </p>
@@ -3796,7 +3822,7 @@ Perhaps even run separate Tor clients for these applications. First, we need to make Tor stable as a relay on all common operating systems. The main remaining platform is Windows, and we're mostly there. See Section 4.1 of - <a href="https://www.torproject.org/press/2008-12-19-roadmap-press-release"> + <a href="<page press/2008-12-19-roadmap-press-release>"> our development roadmap</a>. </p>
@@ -4248,7 +4274,7 @@ Perhaps even run separate Tor clients for these applications.
<p> Please read the - <a href="https://www.torproject.org/eff/tor-legal-faq">legal FAQ written + <a href="<page eff/tor-legal-faq>">legal FAQ written by EFF lawyers</a>. There's a growing <a href="https://blog.torproject.org/blog/start-tor-legal-support-directory"> legal directory</a> of people who may be able to help you.
tor-commits@lists.torproject.org