[tor-relays] Bridge node configurations and where to find them (semi quote)
boldsuck
lists at for-privacy.net
Wed Aug 28 13:10:14 UTC 2024
On Mittwoch, 28. August 2024 07:53:21 CEST Alessandro Greco via tor-relays
wrote:
> > Once your bridge has been running stable for a few weeks, an advanced but
> > experimental feature is to hide OrPort.
>
> So is it possible to remove the ports from the torrc file while keeping them
> unchanged?
You hide the OrPort or place it on the local port. More Info:
https://forum.torproject.org/t/orport-127-0-0-1-auto/8470/2
https://gitlab.torproject.org/tpo/anti-censorship/team/-/issues/129
The reason I called it an experimental feature is because Tor Metrics
sometimes shows your bridge as offline even though it is running.
This might make you feel insecure in the first few days.
This has been fixed for a few weeks, 'running' flag is rarely gone:
https://gitlab.torproject.org/tpo/network-health/team/-/issues/318
But you can see in the history that they are running or check it here:
https://bridges.torproject.org/scan/
Coincidentally, my bridges are all 'red' right now ;-)
https://metrics.torproject.org/rs.html#search/ForPrivacyNETbr
> But what if for some reasons (For istance necessary updates) you
> have to restart tor? The torrc file is reworked, right? What would need to
> be done in that case?
Upgrades overwrite, among others, /usr/share/tor/tor-service-defaults-torrc
but not /etc/tor/torrc or the entire folder /etc/tor/*
> > the same applies to ControlPort:
> >
> >
> > ControlPort 0
>
> The control port allows me to quickly check that Tor is working properly via
> nyx but obviously if it is preferable to close it I will do so but for that
> reason I would like to better understand why you recommend closing it
> (Assuming by “0” you mean closing it and not something else that I don't
> know).
My note was about if you don't use it. But if you use Nyx or other tools that
need it then use it. ;-)
Authentication method 'CookieAuthentication' is enabled per default.
NOTE: In order to use the ControlPort, the (Nyx) <user> must belong to the tor
group.
sudo usermod -aG debian-tor <user>
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240828/ec6874e3/attachment.sig>
More information about the tor-relays
mailing list