[tor-commits] [community/translations] content updates

emmapeel at torproject.org emmapeel at torproject.org
Tue Jun 29 10:17:51 UTC 2021


commit af0007dd9569ea131ee1512b6b6956edc300961f
Author: emma peel <emma.peel at riseup.net>
Date:   Tue Jun 29 11:40:24 2021 +0200

    content updates
---
 content/onion-services/advanced/https/contents.lr  | 36 ++++++++++------
 .../community-resources/bad-relays/contents.lr     | 10 ++---
 content/relay/community-resources/contents.lr      |  2 +-
 .../setup/bridge/centos-rhel-opensuse/contents.lr  | 48 ++++++++++-----------
 .../relay/setup/bridge/debian-ubuntu/contents.lr   |  4 +-
 content/relay/setup/bridge/docker/contents.lr      | 16 ++-----
 .../relay/setup/bridge/dragonflybsd/contents.lr    | 49 ++++++++++------------
 content/relay/setup/bridge/fedora/contents.lr      | 16 +++----
 content/relay/setup/bridge/freebsd/contents.lr     | 22 ++++------
 content/relay/setup/bridge/netbsd/contents.lr      | 22 ++++------
 content/relay/setup/bridge/openbsd/contents.lr     | 20 ++++-----
 content/relay/setup/bridge/windows/contents.lr     |  2 +-
 12 files changed, 111 insertions(+), 136 deletions(-)

diff --git a/content/onion-services/advanced/https/contents.lr b/content/onion-services/advanced/https/contents.lr
index c49fd7a..9122a0e 100644
--- a/content/onion-services/advanced/https/contents.lr
+++ b/content/onion-services/advanced/https/contents.lr
@@ -16,14 +16,17 @@ html: two-columns-page.html
 ---
 body:
 
-When visiting a site over HTTPS (HTTP over TLS), the TLS protocol prevents data in transit from being read or manipulated by man in the middle attacks, and an x.509 certificate obtained from a Certificate Authority (CA) is validates that the user is actually connecting to a server representing the domain name in the browser address bar.
+When visiting a site over HTTPS (HTTP over TLS), the TLS protocol prevents data in transit from being read or manipulated by man in the middle attacks, and an x.509 certificate obtained from a Certificate Authority (CA) validates that the user is actually connecting to a server representing the domain name in the browser address bar.
 Modern browsers indicate that a connection is insecure if not using TLS, and require that a TLS connection is authenticated by a CA-issued x.509 certificate.
 
 When visiting a site over the onion services protocol, the Tor protocol prevents data in transit from being read or manipulated by man in the middle attacks, and the onion service protocol validates that the user is connected to the domain name in the browser address bar.
-No certificate authority is required for this proof, because that name is the actual public key used to authenticate the underlying connection.
+No certificate authority is required for this proof, because the name of the service is the actual public key used to authenticate the underlying connection.
 
 As ".onion" is a [special top level domain name](https://tools.ietf.org/html/rfc7686), most Certificate Authorities don't have support for issuing X.509 certificates for onion sites.
-Right now, HTTPS certificates are only provided by DigiCert with an Extended Validation (EV) TLS certificate, which means a considerable cost for an organization.
+Right now, HTTPS certificates are only provided by:
+
+- [DigiCert](https://www.digicert.com/) with an Extended Validation (EV) TLS certificate, which means a considerable cost for an organization.
+- [HARICA](https://www.harica.gr) with Domain Validation (DV) TLS certificates.
 
 That said, there are some specific cases where you would need or want to have an HTTPS for your onion site.
 
@@ -34,23 +37,29 @@ Users would need to click and do a manual verification, and that would show that
 Alternatively, websites can provide other ways to verify their onion address using HTTPS, for example, linking their onion site address from an HTTPS-authenticated page, or using [Onion-Location](https://community.torproject.org/onion-services/advanced/onion-location/).
 
 2. Another topic of this discussion is user expectations and modern browsers.
-While there is extensive criticism regarding HTTPS and the CA trust model, the information security community has taught users to look for HTTPS when visiting a website as a synonym of secure connection and avoid HTTP connections.
-Tor Developers and UX team worked together to bring a new user experience for Tor Browser users, so when a user visits an onion site using HTTP [Tor Browser doesn't display a warning or error message](https://support.torproject.org/onionservices/onionservices-5/).
+While there is extensive criticism regarding HTTPS and the CA trust model, the information security community has taught users to look for HTTPS when visiting a website as a synonym of secure connection, and to avoid HTTP connections.
+Tor Developers and UX team worked together to bring a new user experience for Tor Browser users, so when a user visits an onion site using HTTP, [Tor Browser doesn't display a warning or error message](https://support.torproject.org/onionservices/onionservices-5/).
+
+3. One of the risks of using a certificate issued by a CA is that `.onion` names might unintentionally get [leaked](https://crt.sh/?q=.onion) if the onion service owners use HTTPS due to [Certificate Transparency](https://certificate.transparency.dev/).
+There is an [open proposal](https://github.com/alecmuffett/onion-dv-certificate-proposal/blob/master/text/draft-muffett-same-origin-onion-certificates.txt) to allow Tor Browser to verify self-created HTTPS certificates.
+If this proposal gets implemented, an onion service operator could make their own HTTPS certificate chain using an onion key to sign it.
+Tor Browser would know how to verify such a self-created chain.
+This will mean that you don't need to involve a third-party in making it, so no third-party will know that your onion exists.
 
-3. Some websites have a complex setup and are serving HTTP and HTTPS content.
+4. Some websites have a complex setup, and are serving HTTP and HTTPS content.
 In that case, just using onion services over HTTP could leak [secure cookies](https://github.com/alecmuffett/eotk/blob/master/docs.d/security-advisories.d/001-torbrowser.md).
-We wrote about [Tor Browser security expectations](https://blog.torproject.org/tor-brower-onion-services-challenges-opportunities), and how we're working on onion services usability and adoption. 
+We wrote about [Tor Browser security expectations](https://blog.torproject.org/tor-brower-onion-services-challenges-opportunities), and how we're working on onion services usability and adoption.
 There are some alternatives you might want to try to address this problem:
 
  * To avoid using an HTTPS certificate for your onion, the easiest answer is to write all your content so it uses only relative links.
-Then the content will work smoothly no matter what website name it's being served from.
+This way the content will work smoothly, independently of what website name it's being served from.
  * Another option is to use webserver rules to rewrite absolute links on the fly.
- * Or use a reverse proxy in the middle or more specifically EOTK with an HTTPS certificate.
+ * Or use a reverse proxy in the middle (more specifically EOTK with an HTTPS certificate).
 
-4. Related to the previous point, some protocols, frameworks, and infrastructures use SSL as a technical requirement; they won't work if they don't see an "https://" link.
-In that case, your onion will need to use an HTTPS certificate in order to function.
+5. Related to the previous point, some protocols, frameworks, and infrastructures use SSL as a technical requirement; they won't work if they don't see an "https://" link.
+In that case, your onion service will need to use an HTTPS certificate in order to function.
 
-5. Actually HTTPS does give you a little bit more than onion services.
+6. Actually HTTPS does give you a little bit more than onion services.
 For example, in the case where the webserver isn't in the same location as the Tor program, you would need to use an HTTPS certificate to avoid exposing unencrypted traffic to the network in between the two.
 Remember that there's no requirement for the webserver and the Tor process to be on the same machine.
 
@@ -66,5 +75,6 @@ If you're going to purchase an HTTPS certificate be aware that [v2 onion service
  * For a detailed step by step how to create an HTTPS onion certificate, check [Brave's blog post](https://brave.com/new-onion-service/).
  * [Tor Browser and Onion Services - Challenges and Opportunities (2020)](https://blog.torproject.org/tor-brower-onion-services-challenges-opportunities)
  * [Facebook, hidden services, and https certs (2014)](https://blog.torproject.org/facebook-hidden-services-and-https-certs)
- * [DigiCert](https://www.digicert.com/blog/onion-officially-recognized-special-use-domain/)
+ * [DigiCert: Get TLS certificate with Extended Validation (EV) for your onion site (2015)](https://www.digicert.com/blog/onion-officially-recognized-special-use-domain/)
+ * [HARICA: Get a TLS certificate with Domain Validation (DV) for your onion site (2021)](https://blog.torproject.org/tls-certificate-for-onion-site)
  * [The ".onion" Special-Use Domain Name - IETF RFC 7686](https://tools.ietf.org/html/rfc7686)
diff --git a/content/relay/community-resources/bad-relays/contents.lr b/content/relay/community-resources/bad-relays/contents.lr
index 4de7718..2733baf 100644
--- a/content/relay/community-resources/bad-relays/contents.lr
+++ b/content/relay/community-resources/bad-relays/contents.lr
@@ -6,7 +6,9 @@ title: Bad relays
 ---
 body:
 
-Ran into a misconfigured, malicious, or suspicious relay while using Tor? Please let us know by sending email to bad-relays AT lists DOT torproject DOT org! Many bad relays are caught thanks to our wider community, so many thanks for all your help and vigilance!
+Ran into a misconfigured, malicious, or suspicious relay while using Tor? Please let us know by sending email to bad-relays AT lists DOT torproject DOT org!
+Many bad relays are caught thanks to our wider community, so many thanks for all your help and vigilance!
+The criteria for rejecting bad relays can be found in the [Network Health wiki](https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Criteria-for-rejecting-bad-relays).
 
 ### What is a bad relay?
 
@@ -21,9 +23,9 @@ A bad relay is one that either doesn't work properly or tampers with our users'
 
 Also, if your relay is stolen or goes missing, please report it as well, so we can blocklist it in case whoever took it puts it back online.
 
-The following are currently permitted yet do have some discussion for prohibition (as such, they should not be reported at this time)...
+The following are currently permitted yet do have some discussion for prohibition (as such, they should not be reported at this time):
 
- * Only allowing plain-text traffic (for instance, just port 80). There's no good reason to disallow its encrypted counterpart (like port 443), making these relays highly suspect for sniffing traffic. See [context](https://www.google.com/search?site:torproject.org+80+443+6667) and [spec](https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n1969).
+* Only allowing plain-text traffic (for instance, just port 80). There's no good reason to disallow its encrypted counterpart (like port 443), making these relays highly suspect for sniffing traffic. See [context](https://www.google.com/search?site:torproject.org+80+443+6667) and [spec](https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n1969).
 
 ### How do I report a bad relay?
 
@@ -58,8 +60,6 @@ In just about all cases we're unable to contact the operator to resolve the issu
 Yes. For our automated issue detection see [exitmap](http://www.cs.kau.se/philwint/spoiled_onions/) and [sybilhunter](https://gitweb.torproject.org/user/phw/sybilhunter.git/).
 
 Other monitors include [tortunnel](https://github.com/moxie0/tortunnel), [SoaT](https://gitweb.torproject.org/torflow.git/tree/NetworkScanners/ExitAuthority/README.ExitScanning), [torscanner](https://code.google.com/p/torscanner/), and DetecTor.
-
-
 ---
 html: two-columns-page.html
 ---
diff --git a/content/relay/community-resources/contents.lr b/content/relay/community-resources/contents.lr
index 667b241..30dbaaf 100644
--- a/content/relay/community-resources/contents.lr
+++ b/content/relay/community-resources/contents.lr
@@ -75,7 +75,7 @@ Many computer science departments, university libraries, and individual students
 
 These universities include the Massachusetts Institute of Technology (MIT CSAIL), Boston University, the University of Waterloo, the University of Washington, Northeastern University, Karlstad University, Universitaet Stuttgart, and Friedrich-Alexander University Erlangen-Nuremberg.
 
-To learn more about how to get support for a relay on your university's network, check out EFF's resources: [Tor on campus](https://www.eff.org/torchallenge/tor-on-campus.html).
+To learn more about how to get support for a relay on your university's network, check out EFF's resources: Tor on campus [Part 1 - It's Been Done Before and Should Happen Again](https://www.eff.org/deeplinks/2014/08/tor-campus-part-i-its-been-done-and-should-happen-again) and [Part 2 - Icebreakers and Risk Mitigation Strategies](https://www.eff.org/deeplinks/2014/08/tor-campus-part-ii-icebreakers-and-risk-mitigation-strategies).
 
 ## At your company or organization
 
diff --git a/content/relay/setup/bridge/centos-rhel-opensuse/contents.lr b/content/relay/setup/bridge/centos-rhel-opensuse/contents.lr
index f31d12e..8a75476 100644
--- a/content/relay/setup/bridge/centos-rhel-opensuse/contents.lr
+++ b/content/relay/setup/bridge/centos-rhel-opensuse/contents.lr
@@ -6,13 +6,11 @@ title: CentOS / RHEL / OpenSUSE
 ---
 body:
 
-### 1. Install tor and dependencies
+### 1. Install Tor and dependencies
 
 * CentOS / RHEL:
 
-```
-yum install epel-release -y
-```
+`# yum install epel-release -y`
 
 Then add the following to the `/etc/yum.repos.d/tor.repo` file.
 
@@ -27,15 +25,11 @@ cost=100
 ```
 And then install the following packages.
 
-```
-yum install git golang tor policycoreutils-python-utils
-```
+`# yum install git golang tor policycoreutils-python-utils`
 
 * OpenSUSE:
 
-```
-zypper install tor go git
-```
+`# zypper install tor go git`
 
 ### 2. Build obfs4proxy and move it into place.
 
@@ -43,20 +37,21 @@ Heavily outdated versions of git can make `go get` fail, so try upgrading to a m
 
 * CentOS / RHEL:
 
-```
-export GOPATH=`mktemp -d`
-go get gitlab.com/yawning/obfs4.git/obfs4proxy
-sudo cp $GOPATH/bin/obfs4proxy /usr/local/bin/
-chcon --reference=/usr/bin/tor /usr/local/bin/obfs4proxy
-```
+`export GOPATH='mktemp -d'`
+
+`go get gitlab.com/yawning/obfs4.git/obfs4proxy`
+
+`sudo cp $GOPATH/bin/obfs4proxy /usr/local/bin/`
+
+`# chcon --reference=/usr/bin/tor /usr/local/bin/obfs4proxy`
 
 * OpenSUSE:
 
-```
-export GOPATH=`mktemp -d`
-go get gitlab.com/yawning/obfs4.git/obfs4proxy
-sudo cp $GOPATH/bin/obfs4proxy /usr/local/bin/
-```
+`export GOPATH='mktemp -d'`
+
+`go get gitlab.com/yawning/obfs4.git/obfs4proxy`
+
+`sudo cp $GOPATH/bin/obfs4proxy /usr/local/bin/`
 
 ### 3. Edit your Tor config file, usually located at `/etc/tor/torrc` and replace its content with:
 
@@ -96,18 +91,17 @@ Nickname PickANickname
 
 * Note that both Tor's OR port and its obfs4 port must be reachable. If your bridge is behind a firewall or NAT, make sure to open both ports. You can use [our reachability test](https://bridges.torproject.org/scan/) to see if your obfs4 port is reachable from the Internet.
 
-### 4. Restart tor
+### 4. Restart Tor
 
 * CentOS / RHEL:
 
-```
-sudo semanage port -a -t tor_port_t -p tcp [OR port set earlier, in TODO1]
-sudo semanage port -a -t tor_port_t -p tcp [obfs4 port set earlier, in TODO2]
-```
+`sudo semanage port -a -t tor_port_t -p tcp [OR port set earlier, in TODO1]`
+
+`sudo semanage port -a -t tor_port_t -p tcp [obfs4 port set earlier, in TODO2]`
 
 * CentOS / RHEL / OpenSUSE:
 
-`systemctl restart tor`
+`sudo systemctl restart tor`
 
 ### 5. Monitor your logs (usually in your syslog)
 
diff --git a/content/relay/setup/bridge/debian-ubuntu/contents.lr b/content/relay/setup/bridge/debian-ubuntu/contents.lr
index 76926a9..9a8aff8 100644
--- a/content/relay/setup/bridge/debian-ubuntu/contents.lr
+++ b/content/relay/setup/bridge/debian-ubuntu/contents.lr
@@ -61,9 +61,9 @@ Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`,
   If your bridge is behind a firewall or NAT, make sure to open both ports.
   You can use [our reachability test](https://bridges.torproject.org/scan/) to see if your obfs4 port is reachable from the Internet.
 
-### 4. Restart tor
+### 4. Restart Tor
 
-`systemctl restart tor`
+`sudo systemctl restart tor`
 
 ### 5. Monitor your logs
 
diff --git a/content/relay/setup/bridge/docker/contents.lr b/content/relay/setup/bridge/docker/contents.lr
index 6d2d322..5cf2eb1 100644
--- a/content/relay/setup/bridge/docker/contents.lr
+++ b/content/relay/setup/bridge/docker/contents.lr
@@ -23,9 +23,7 @@ EMAIL=Z
 Replace `X` with your desired OR port, `Y` with your obfs4 port (make sure that **both** ports are forwarded in your firewall), and `Z` with your email address, which allows us to get in touch with you if there are problems with your bridge.
 With your bridge configuration in place, you can now deploy the container by running:
 
-```
-docker-compose up -d obfs4-bridge
-```
+`docker-compose up -d obfs4-bridge`
 
 This command will automatically load your `docker-compose.yml` file while considering the environment variables in `.env`.
 
@@ -41,9 +39,7 @@ That's it! Your container is now bootstrapping your new obfs4 bridge.
 
 Upgrading to the latest version of our image is as simple as running:
 
-```
-docker-compose up -d obfs4-bridge
-```
+`docker-compose up -d obfs4-bridge`
 
 Note that your bridge's data directory (which includes its key material) is stored in a docker volume, so you won't lose your bridge's identity when upgrading to the latest docker image.
 If you are running multiple bridges on your computer, you need to repeat this step for each bridge.
@@ -53,16 +49,12 @@ We will announce new image versions on the [tor-dev](https://lists.torproject.or
 
 You can inspect your bridge's logs by running:
 
-```
-docker logs CONTAINER_ID
-```
+`docker logs CONTAINER_ID`
 
 To use your new bridge in Tor Browser, you need its "bridge line".
 Here's how you can get your bridge line:
 
-```
-docker exec CONTAINER_ID get-bridge-line
-```
+`docker exec CONTAINER_ID get-bridge-line`
 
 This will return a string similar to the following:
 
diff --git a/content/relay/setup/bridge/dragonflybsd/contents.lr b/content/relay/setup/bridge/dragonflybsd/contents.lr
index 1027a79..0d449f8 100644
--- a/content/relay/setup/bridge/dragonflybsd/contents.lr
+++ b/content/relay/setup/bridge/dragonflybsd/contents.lr
@@ -16,13 +16,15 @@ DragonFlyBSD's daily snapshots and releases (starting with 3.4) come with `pkg`
 
 If `pkg` is missing on the system for any reason, it can be quickly bootstrapped without having to build it from source or even having **DPorts** installed:
 
-```
-cd /usr
-make pkg-bootstrap
-rehash
-pkg-static install -y pkg
-rehash
-```
+`# cd /usr`
+
+`# make pkg-bootstrap`
+
+`# rehash`
+
+`# pkg-static install -y pkg`
+
+`# rehash`
 
 ##### 1.1. Recommended Steps to Setup `pkg`
 
@@ -30,9 +32,7 @@ Here, it will be similar to what we have on a **FreeBSD** system, and we are goi
 
 Installing the `ca_root_nss` package:
 
-```
-pkg install ca_root_nss
-```
+`# pkg install ca_root_nss`
 
 For fresh installations, the file `/usr/local/etc/pkg/repos/df-latest.conf.sample` is copied to `/usr/local/etc/pkg/repos/df-latest`. The files ending in the ".sample" extension are ignored; pkg(8) only reads files that end in ".conf" and it will read as many as it finds.
 
@@ -45,25 +45,20 @@ We can simply edit the **URL** used to point to the repositories on `/usr/local/
 
 After applying all these changes, we update the packages list again and try to check if there's already a new update to apply:
 
-```
-pkg update -f
-pkg upgrade -y -f
-```
+`# pkg update -f`
+
+`# pkg upgrade -y -f`
 
 ### 2. Install `tor` and `obfs4proxy` DragonflyBSD's Package
 
 Here we can choose to install the latest stable version, like:
 
-```
-pkg install tor obfs4proxy-tor
-```
+`# pkg install tor obfs4proxy-tor`
 
   ... or install an alpha release:
 
 
-```
-pkg install tor-devel  obfs4proxy-tor
-```
+`# pkg install tor-devel  obfs4proxy-tor`
 
 ### 3. Configure `/usr/local/etc/tor/torrc` to run **Tor** as a Bridge
 
@@ -109,19 +104,17 @@ Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`,
 
 Here we set `tor` to start at boot time and use the setuid feature, in order to bind to lower ports like 443 (the daemon itself will still run as a regular non-privileged user).
 
-```
-echo "tor_setuid=YES" >> /etc/rc.conf
-echo "tor_enable=YES" >> /etc/rc.conf
-service tor start
-```
+`# echo "tor_setuid=YES" >> /etc/rc.conf`
+
+`# echo "tor_enable=YES" >> /etc/rc.conf`
+
+`# service tor start`
 
 ### 5. Monitor your logs
 
 To confirm your bridge is running with no issues, you should see something like this in `/var/log/tor/notices.log`:
 
-```
-tail /var/log/tor/notices.log
-```
+`# tail /var/log/tor/notices.log`
 
 ```
 [notice] Your Tor server's identity key fingerprint is '<NICKNAME> <FINGERPRINT>'
diff --git a/content/relay/setup/bridge/fedora/contents.lr b/content/relay/setup/bridge/fedora/contents.lr
index 11113ba..bd953f4 100644
--- a/content/relay/setup/bridge/fedora/contents.lr
+++ b/content/relay/setup/bridge/fedora/contents.lr
@@ -6,9 +6,9 @@ title: Fedora
 ---
 body:
 
-### 1. Install tor and dependencies
+### 1. Install Tor and dependencies
 
-Add the following to /etc/yum.repos.d/tor.repo
+Add the following to `/etc/yum.repos.d/tor.repo`
 
 ```
 [tor]
@@ -63,13 +63,13 @@ Nickname PickANickname
   If your bridge is behind a firewall or NAT, make sure to open both ports.
   You can use [our reachability test](https://bridges.torproject.org/scan/) to see if your obfs4 port is reachable from the Internet.
 
-### 3. Restart tor
+### 4. Restart Tor
 
-```
-sudo semanage port -a -t tor_port_t -p tcp [OR port set earlier, in TODO1]
-sudo semanage port -a -t tor_port_t -p tcp [obfs4 port set earlier, in TODO2]
-systemctl restart tor
-```
+`sudo semanage port -a -t tor_port_t -p tcp [OR port set earlier, in TODO1]`
+
+`sudo semanage port -a -t tor_port_t -p tcp [obfs4 port set earlier, in TODO2]`
+
+`sudo systemctl restart tor`
 
 ### 4. Monitor your logs (usually in your syslog)
 
diff --git a/content/relay/setup/bridge/freebsd/contents.lr b/content/relay/setup/bridge/freebsd/contents.lr
index 5d182d8..d954e06 100644
--- a/content/relay/setup/bridge/freebsd/contents.lr
+++ b/content/relay/setup/bridge/freebsd/contents.lr
@@ -12,9 +12,7 @@ body:
 
 ### 1. Install packages
 
-```
-pkg install obfs4proxy-tor tor ca_root_nss
-```
+`# pkg install obfs4proxy-tor tor ca_root_nss`
 
 ### 2. Edit your Tor config file, usually located at `/usr/local/etc/tor` and replace its content with:
 
@@ -58,17 +56,15 @@ Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`,
 
 ### 3. Ensure that the `random_id` sysctl setting is enabled:
 
-```
-echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf
-sysctl net.inet.ip.random_id=1
-```
+`# echo "net.inet.ip.random_id=1" >> /etc/sysctl.conf`
+
+`# sysctl net.inet.ip.random_id=1`
 
 ### 4. Start the tor daemon and make sure it starts at boot:
 
-```
-sysrc tor_enable=YES
-service tor start
-```
+`# sysrc tor_enable=YES`
+
+`# service tor start`
 
 ### 5. Monitor your logs
 
@@ -89,9 +85,7 @@ To confirm your bridge is running with no issues, you should see something like
 
 Create the following folder:
 
-```
-mkdir -p /usr/local/etc/pkg/repos
-```
+`# mkdir -p /usr/local/etc/pkg/repos`
 
 Create the file `/usr/local/etc/pkg/repos/FreeBSD.conf` with the following content:
 
diff --git a/content/relay/setup/bridge/netbsd/contents.lr b/content/relay/setup/bridge/netbsd/contents.lr
index c681497..f81e965 100644
--- a/content/relay/setup/bridge/netbsd/contents.lr
+++ b/content/relay/setup/bridge/netbsd/contents.lr
@@ -12,15 +12,11 @@ body:
 
 ### 1. Setup `pkg_add`
 
-```
-echo "PKG_PATH=http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/$(uname -m)/$(uname -r)/All" > /etc/pkg_install.conf
-```
+`# echo "PKG_PATH=http://cdn.netbsd.org/pub/pkgsrc/packages/NetBSD/$(uname -m)/$(uname -r)/All" > /etc/pkg_install.conf`
 
 2. Install `obfs4proxy` and `tor` NetBSD's package
 
-```
-pkg_add obfs4proxy tor
-```
+`# pkg_add obfs4proxy tor`
 
 ### 2. Configure `/usr/pkg/etc/tor/torrc` to run **Tor** as a Bridge
 
@@ -64,19 +60,17 @@ Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`,
 
 ### 3. Start `tor`:
 
-```
-ln -sf /usr/pkg/share/examples/rc.d/tor /etc/rc.d/tor
-echo "tor=YES" >> /etc/rc.conf
-/etc/rc.d/tor start
-```
+`# ln -sf /usr/pkg/share/examples/rc.d/tor /etc/rc.d/tor`
+
+`# echo "tor=YES" >> /etc/rc.conf`
+
+`# /etc/rc.d/tor start`
 
 ### 4. Monitor your logs
 
 To confirm your bridge is running with no issues, you should see something like this:
 
-```
-tail /var/log/messages
-```
+`# tail /var/log/messages`
 
 ```
 [notice] Your Tor server's identity key fingerprint is '<NICKNAME> <FINGERPRINT>'
diff --git a/content/relay/setup/bridge/openbsd/contents.lr b/content/relay/setup/bridge/openbsd/contents.lr
index 0a60051..4fc5f65 100644
--- a/content/relay/setup/bridge/openbsd/contents.lr
+++ b/content/relay/setup/bridge/openbsd/contents.lr
@@ -11,9 +11,8 @@ key: 8
 body:
 
 ### 1. Install packages 
-```
-pkg_add tor obfs4proxy
-```
+
+`# pkg_add tor obfs4proxy`
 
 ### 2. Edit your Tor config file
 
@@ -60,17 +59,16 @@ Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`,
 
 ### 3. Create the tor log directory and give it the correct permissions:
 
-```
-mkdir /var/log/tor
-chown _tor /var/log/tor
-```
+`# mkdir /var/log/tor`
+
+`# chown _tor /var/log/tor`
 
 ### 4. Start the tor daemon and make sure it starts at boot:
 
-```
-rcctl enable tor
-rcctl start tor
-```
+`# rcctl enable tor`
+
+`# rcctl start tor`
+
 ### 5. Monitor your logs
 
 To confirm your bridge is running with no issues, you should see something like this  (`/var/log/tor/notices.log`): 
diff --git a/content/relay/setup/bridge/windows/contents.lr b/content/relay/setup/bridge/windows/contents.lr
index 7bf3ddc..26e8789 100644
--- a/content/relay/setup/bridge/windows/contents.lr
+++ b/content/relay/setup/bridge/windows/contents.lr
@@ -75,7 +75,7 @@ Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`,
   If your bridge is behind a firewall or NAT, make sure to open both ports.
   You can use [our reachability test](https://bridges.torproject.org/scan/) to see if your obfs4 port is reachable from the Internet.
 
-### 4. Start tor
+### 4. Start Tor
 
 Open up the Command Prompt App. Change your directory with: `cd C:\Users\<user>\AppData\Roaming\tor\`. Type: `tor.exe -f torrc`.
 





More information about the tor-commits mailing list