bridgedb.conf 14.9 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
# -*- mode: python ; coding: utf-8 -*-
#
#   +---------------+
#   | bridgedb.conf |
#   +---------------+
#
# This file uses Python syntax, and is sourced as if it were a .py file. Just
# pretend you're writing Python, and everything will be peachy keen.
#______________________________________________________________________________
#
11
# Part of BridgeDB, a Tor bridge distribution system.
12
#
13
14
15
# :authors: The Tor Project, Inc.
# :license: This file is freely distributed as part of BridgeDB, see LICENSE
#           for details.
16
17
18
# :copyright: (c) 2007-2014 The Tor Project, Inc.
#             (c) 2007-2014, all sentient entities within the AUTHORS file
# :version: 0.0.10
19
20
21
#===============================================================================
#
# CHANGELOG:
22
# ~~~~~~~~~~
23
24
25
# Changes in version 0.0.10 - 2014-07-06
#   * ADD EMAIL_BLACKLIST and EMAIL_FUZZY_MATCH settings.
#
26
27
28
# Changes in version 0.0.9 - 2014-06-06
#   * ADD EMAIL_WHITELIST setting.
#
29
30
31
# Changes in version 0.0.8 - 2014-05-14
#   * CHANGE RECAPTCHA_PRIV_KEY to RECAPTCHA_SEC_KEY.
#
32
33
34
35
# Changes in version 0.0.7 - 2014-03-31
#   * ADD new settings for tracing function calls and thread info within logged
#     messages: LOG_THREADS, LOG_TRACE, and LOG_TIME_FORMAT.
#
36
37
38
39
# Changes in version 0.0.6 - 2014-03-28
#   * CHANGE gimp-captchas to be the norm.
#   * ADD bucket for support team.
#
40
# Changes in version 0.0.5 - 2014-02-27
41
42
#   * ADD GIMP_CAPTCHA_ENABLED, GIMP_CAPTCHA_DIR, GIMP_CAPTCHA_HMAC_KEYFILE,
#     and GIMP_CAPTCHA_RSA_KEYFILE settings (see #10809).
43
#   * Decrease email share.
44
45
#   * Whitelist the public IP address of bridges.torproject.org in
#     RECAPTCHA_REMOTE_IP setting.
46
#
47
48
49
50
51
# Changes in version 0.0.4 - 2014-01-24
#   * ADD COLLECT_TIMESTAMPS option (see #10724). Set it to False for the
#     staging instance (etc/test-bridgedb.conf), and True for the production
#     server (etc/bridgedb.conf).
#
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
# Changes in version 0.0.3 - 2014-01-17
#   * UPDATE config from bridgedb.git/bridgedb.conf, without changing any of the
#     settings.
#
# Changes in version 0.0.2 - 2014-01-17
#   * ADD missing settings, EMAIL_GPG_SIGNING_ENABLED and EMAIL_GPG_SIGNING_KEY.
#
# Changes in version 0.0.1 - 2013-08-30
#   * ADD version of config file in use on ponticum.
#     - Two config variables, RECAPTCHA_PUB_KEY and RECAPTCHA_PRIV_KEY, have
#       been removed, they can be found in:
#       patches/001-bridgedb-conf-recaptcha-vars.patch.
#   * CLEANUP the config file slightly (such as adding these headers) and
#     fixing the linewraps. No other variables were touched.
#
#===============================================================================
68

69
70
71
#===========================#
#  General-purpose options  #
#___________________________#
72

73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#----------------
# Required Files \  You'll want to make sure that these ones exist!
#------------------------------------------------------------------------------
#
# All filenames are taken as relative to the RUNTIME directory, which is the
# current working directory when you call the ``bridgedb`` script, or you may
# specify a particular RUNTIME directory by doing:
#
#     $ bridgedb -r /path/to/some/nice/place
#
# Obviously, this config file should live in that directory, so that BridgeDB
# can read it.
#------------------------------------------------------------------------------

# List of filenames from which we read ``@type bridge-server-descriptor``s, on
# startup and on SIGHUP.
BRIDGE_FILES = ["bridge-descriptors"]

# List of filenames from which we read ``@type bridge-extra-info``
# descriptors, for learning about a bridge's pluggable transports:
EXTRA_INFO_FILES = ["cached-extrainfo", "cached-extrainfo.new"]

# Filename from which we read ``@type bridge-network-status`` entries, for
# learning which current bridges are Running, as well as their IPv6 addresses.
STATUS_FILE = "networkstatus-bridges"

# Certificate file and private key for the HTTPS Distributor. To create a
# self-signed cert, run ``scripts/make-ssl-cert`` it will create these files
# in your current directory.
HTTPS_CERT_FILE="cert"
HTTPS_KEY_FILE="privkey.pem"

#----------------
# Output Files   \  Where to store created data
#------------------------------------------------------------------------------
#
# These will get automatically created for you, just specify where they should
# go.
#------------------------------------------------------------------------------
112

113
114
# Either a file to log to, or None if we should log to the console.
LOGFILE = "bridgedb.log"
aagbsn's avatar
aagbsn committed
115

116
117
118
119
120
121
122
123
124
125
126
127
128
# File in which to write our pid
PIDFILE = "bridgedb.pid"

# Filename of the database to store persistent info in.
DB_FILE = "bridgedist.db"

# Filename to log changes to persistent info in. For debugging and bugfixing.
DB_LOG_FILE = "bridgedist.log"

# Filename where we store our secret HMAC root key. This file and the key
# inside are automatically created for you if they do not exist.
MASTER_KEY_FILE = "secret_key"

129
130
# File to which we dump bridge pool assignments for statistics.
ASSIGNMENTS_FILE = "assignments.log"
131
132
133
134
135
136
137
138

#------------------
# Logging Options  \
#------------------------------------------------------------------------------
#
# Be sure to also see the LOGFILE option above!
#------------------------------------------------------------------------------

139
# One of "DEBUG", "INFO", "WARNING", "ERROR", or "FATAL:
140
141
LOGLEVEL = "DEBUG"

142
143
144
# If true, we scrub all potentially identifying information before we log it
SAFELOGGING = True

aagbsn's avatar
aagbsn committed
145
146
147
148
# Logfile rotation settings
LOGFILE_COUNT = 5
LOGFILE_ROTATE_SIZE = 10000000

149
150
151
152
153
154
155
156
157
158
# If True, include thread IDs and numbers in log messages, if available:
LOG_THREADS = False

# If True, include the module name, function name, and line number of the
# calling function where the log message was generated:
LOG_TRACE = True

# A strftime(3) format string that specifies how to log timestamps:
LOG_TIME_FORMAT = "%H:%M:%S"

159
160
161
162
163
164
165
#---------------------------
# Database/Parsing Options  \
#------------------------------------------------------------------------------
#
# These options change various database transaction and descriptor parsing
# behaviours.
#------------------------------------------------------------------------------
166

167
168
169
170
171
# (boolean) If True, then collect, sort, and store all timestamps seen for all
# bridges. This operation is extremely expensive, and should be disabled when
# it is not necessary.
COLLECT_TIMESTAMPS = True

172
173
174
175
176
177
178
#-------------------------------
# General Distribution Options  \
#------------------------------------------------------------------------------
#
# These options are not specific to a certain distributor and they may alter
# the bridge selection process in certain circumstances.
#------------------------------------------------------------------------------
179

180
181
182
183
184
185
186
# Filename that contains blocked bridges list. Comment out to disable.
#COUNTRY_BLOCK_FILE = "blocked-bridges"

# A list of filenames that contain IP addresses (one per line) of proxies.
# All IP-based distributors that see an incoming connection from a proxy
# will treat them specially.
PROXY_LIST_FILES = []
187

188
# How many clusters do we group IPs in when distributing bridges based on IP?
189
190
191
# Note that if PROXY_LIST_FILES is set (below), what we actually do here
# is use one higher than the number here, and the extra cluster is used
# for answering requests made by IP addresses in the PROXY_LIST_FILES file.
192
193
N_IP_CLUSTERS = 4

194
# If possible, always give a certain number of answers with a given ORPort.
195
196
# This is a list of ``(port, minimum)`` tuples.
FORCE_PORTS = [(443, 1)]
197

198
# If possible, always give a certain number of answers with a given flag.
199
# Only "Stable" is now supported.  This is a list of (flag,minimum) tuples.
200
FORCE_FLAGS = [("Stable", 1)]
201

202
203
# Only consider routers whose purpose matches this string.
BRIDGE_PURPOSE = "bridge"
204

205
206
207
208
209
210
211
212
213
#-------------------------------
# HTTP(S) Distribution Options  \
#------------------------------------------------------------------------------
#
# These options configure the behaviour of the web interface bridge
# distribution mechanism. If HTTPS_DIST is enabled, make sure that the above
# HTTPS_CERT_FILE and HTTPS_KEY_FILE options point to the correct location of
# your SSL certificate and key!
#------------------------------------------------------------------------------
214

215
# (boolean) True to enable distribution via HTTP or HTTPS; False otherwise.
216
HTTPS_DIST = True
217
218
219
220
221
222
223
224

# (string or None) The IP address where we listen for HTTPS connections. If
# ``None``, listen on the default interface.
HTTPS_BIND_IP = '127.0.0.1'

# (integer or None) The port to listen on for incoming HTTPS connections.
HTTPS_PORT = 6789

225
# How many bridges do we give back in an answer (either HTTP or HTTPS)?
226
227
228
229
230
231
HTTPS_N_BRIDGES_PER_ANSWER = 3

# Should we tell http users about the bridge fingerprints?  Turn this on
# once we have the vidalia/tor interaction fixed for everbody.
HTTPS_INCLUDE_FINGERPRINTS = True

232
233
234
235
# If true, there is a trusted proxy relaying incoming messages to us: take
# the *last* entry from its X-Forwarded-For header as the client's IP.
HTTPS_USE_IP_FROM_FORWARDED_HEADER = False

236
237
238
239
240
241
242
243
# (string or None) The IP address to listen on for unencrypted HTTP
# connections. Set to ``None`` to disable unencrypted connections to the web
# interface.
HTTP_UNENCRYPTED_BIND_IP = None

# (integer or None) The port to listen on for incoming HTTP connections.
HTTP_UNENCRYPTED_PORT = None

244
# (boolean) Same as the HTTPS_USE_IP_FROM_FORWARDED_HEADER option, but for
245
# unencrypted connections.
246
HTTP_USE_IP_FROM_FORWARDED_HEADER = False
247

248
249
250
251
252
253
# Options related to recaptcha support.
# Enable/Disable recaptcha
RECAPTCHA_ENABLED = False

# Recaptcha API keys
RECAPTCHA_PUB_KEY = ''
254
RECAPTCHA_SEC_KEY = ''
255
256
257

# The remoteip we send to reCAPTCHA during verification
RECAPTCHA_REMOTEIP = ''
258

259
260
261
262
263
264
# If true, use a local cache of generated CAPTCHAs:
GIMP_CAPTCHA_ENABLED = True

# The directory for the local CAPTCHA cache:
GIMP_CAPTCHA_DIR = 'captchas'

265
266
267
268
269
# The location of the files which store the HMAC secret key and RSA keypair
# (for checking captcha responses):
GIMP_CAPTCHA_HMAC_KEYFILE = 'captcha_hmac_key'
GIMP_CAPTCHA_RSA_KEYFILE = 'captcha_rsa_key'

270
271
272
273
274
275
276
277
278
#-------------------------------
# Email Distribution Options    \
#------------------------------------------------------------------------------
#
# These options configure the behaviour of the email bridge distribution
# mechanism. If EMAIL_DIST is enabled, make sure that the above
# HTTPS_CERT_FILE and HTTPS_KEY_FILE options point to the correct location of
# your SSL certificate and key!
# ------------------------------------------------------------------------------
279

280
# True if we are enabling distribution via Email; false otherwise.
281
EMAIL_DIST = True
282

283
284
285
# What email addresses do we use for outgoing email?

# EMAIL_FROM_ADDR goes in the 'From:' header on outgoing emails:
286
EMAIL_FROM_ADDR = "bridges@torproject.org"
287

288
# EMAIL_SMTP_FROM_ADDR goes in the 'MAIL FROM:' command in outgoing SMTP:
289
EMAIL_SMTP_FROM_ADDR = "bridges@torproject.org"
290

aagbsn's avatar
aagbsn committed
291
292
EMAIL_SMTP_HOST = "127.0.0.1"
EMAIL_SMTP_PORT = 25
293

294
295
296
# Reject any RCPT TO lines that aren't to this user.
EMAIL_USERNAME = "bridges"

297
# Canonical versions of domains that we will reply to.
298
EMAIL_DOMAINS = ["gmail.com", "yahoo.com", "riseup.net"]
299

300
# Map from unofficial domain to canonical domain.
301
302
303
304
305
EMAIL_DOMAIN_MAP = {
    "mail.google.com": "gmail.com",
    "googlemail.com": "gmail.com",
    "mail.riseup.net": "riseup.net",
    "fulvetta.riseup.net": "riseup.net",
306
    "fruiteater.riseup.net": "riseup.net",
307
308
    "mx1.riseup.net": "riseup.net",
}
309

310
311
312
# Map from canonical domain to list of options for that domain.  Recognized
# options are:
#     "ignore_dots" -- the service ignores "." characters in email addresses.
313
314
#     "dkim" -- if there is not a X-DKIM-Authentication-Result header
#        with the value "pass", then drop the message.
315
316
#
# Note that unrecognized options are ignored; be sure to spell them right!
317
318
319
EMAIL_DOMAIN_RULES = {
    'gmail.com': ["ignore_dots", "dkim"],
    'yahoo.com': ["dkim"],
320
    'riseup.net': ["ignore_dots", "dkim"],
321
}
322

323
324
325
# A mapping of whitelisted email addresses to GnuPG key fingerprints:
EMAIL_WHITELIST = {}

326
327
328
329
330
331
332
333
334
335
336
337
338
339
# A list of blacklisted email addresses:
EMAIL_BLACKLIST = []

# An integer. This number will be used to calculate the Levenshtein String
# Distance between the 'From:' email address on an incoming client request and
# each of the blacklisted email addresses above. If the calculated distance is
# equal or less than the number below, the address is assumed to be related to
# one of the above blacklisted spammers. Basically, this allows for fuzzy
# matching the blacklisted email addresses. Decreasing this number will allow
# more email requests through; increasing will mean that a stricter match to
# one of the blacklisted addresses is required before the address is blocked.
# Set to `0` to disable.
EMAIL_FUZZY_MATCH = 4

340
# If there are any IPs in this list, only allow incoming connections from
341
# those IPs.
342
343
EMAIL_RESTRICT_IPS = []

344
# IP and port to listen on for email connections. Debugging only.
345
346
EMAIL_BIND_IP = "127.0.0.1"
EMAIL_PORT = 6725
347

Roger Dingledine's avatar
Roger Dingledine committed
348
# How many bridges do we give back in an answer?
349
EMAIL_N_BRIDGES_PER_ANSWER = 3
350

351
352
# Should we tell http users about the bridge fingerprints?  Turn this on
# once we have the vidalia/tor interaction fixed for everbody.
Isis Lovecruft's avatar
Isis Lovecruft committed
353
EMAIL_INCLUDE_FINGERPRINTS = True
354

355
# Configuration options for GPG signed messages
Isis Lovecruft's avatar
Isis Lovecruft committed
356
357
EMAIL_GPG_SIGNING_ENABLED = True
EMAIL_GPG_SIGNING_KEY = 'gnupghome/TESTING.subkeys.sec'
358

359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
#-------------------------------
# Hashring Allocation Options   \
#------------------------------------------------------------------------------
#
# These options determine the proportions of bridges per hashring. When
# BridgeDB receives a descriptor for a new bridge, that bridge is assigned to
# a hashring. For example, if ``HTTPS_DIST`` and ``EMAIL_DIST`` are both
# enabled, there is a hashring for bridges allocated to the HTTP(S)
# Distributor, and another for the Email Distributor. In addition, an
# "Unallocated" hashring is always created, in order to reserve some portion
# of bridges for manual distribution, or as backup in the case of a major
# blocking event. Once a bridge is assigned to one of these allocation groups,
# it stays there; there is currently no mechanism for changing a bridge's
# hashring allocation.
#
374
375
# Once a bridge is assigned to either of the first two groups, it stays there
# persistently. The bridges are allocated to these groups in a proportion of
376
377
378
379
380
381
#
#     ``HTTPS_SHARE`` : ``EMAIL_SHARE`` : ``RESERVED_SHARE``
# ------------------------------------------------------------------------------

# The proportion of bridges to allocate to HTTP distribution.
HTTPS_SHARE = 10
382

383
# The proportion of bridges to allocate to Email distribution.
384
EMAIL_SHARE = 5
385

386
387
388
389
390
391
392
# An integer specifying the proportion of bridges which should remain
# unallocated, for backup usage and manual distribution.
RESERVED_SHARE = 2

# A dictionary of {FILENAME: NUMBER} where FILENAME is a string specifying the
# filename to store a certain NUMBER (an integer) of bridges in. The number of
# bridges here is *not* a share/proportion, as above; instead it's literally
393
# the number of bridges. See the ``README`` for more details.
394
FILE_BUCKETS = {}