On Mittwoch, 28. August 2024 07:53:21 CEST Alessandro Greco via tor-relays wrote:
Once your bridge has been running stable for a few weeks, an advanced but experimental feature is to hide OrPort.
So is it possible to remove the ports from the torrc file while keeping them unchanged?
You hide the OrPort or place it on the local port. More Info: https://forum.torproject.org/t/orport-127-0-0-1-auto/8470/2 https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129
The reason I called it an experimental feature is because Tor Metrics sometimes shows your bridge as offline even though it is running. This might make you feel insecure in the first few days.
This has been fixed for a few weeks, 'running' flag is rarely gone: https://gitlab.torproject.org/tpo/network-health/team/-/issues/318
But you can see in the history that they are running or check it here: https://bridges.torproject.org/scan/
Coincidentally, my bridges are all 'red' right now ;-) https://metrics.torproject.org/rs.html#search/ForPrivacyNETbr
But what if for some reasons (For istance necessary updates) you have to restart tor? The torrc file is reworked, right? What would need to be done in that case?
Upgrades overwrite, among others, /usr/share/tor/tor-service-defaults-torrc but not /etc/tor/torrc or the entire folder /etc/tor/*
the same applies to ControlPort:
ControlPort 0
The control port allows me to quickly check that Tor is working properly via nyx but obviously if it is preferable to close it I will do so but for that reason I would like to better understand why you recommend closing it (Assuming by “0” you mean closing it and not something else that I don't know).
My note was about if you don't use it. But if you use Nyx or other tools that need it then use it. ;-) Authentication method 'CookieAuthentication' is enabled per default. NOTE: In order to use the ControlPort, the (Nyx) <user> must belong to the tor group. sudo usermod -aG debian-tor <user>