bridgedb.conf 6.02 KB
Newer Older
1
2
3
4

#==========
# General-purpose options.

5
6
7
# Either a file in which to write our pid, or None
PIDFILE = "bridgedb.pid"

8
9
# Either a file to log to, or None if we should log to the console.
LOGFILE = "bridgedb.log"
aagbsn's avatar
aagbsn committed
10

11
12
13
# If true, we scrub all potentially identifying information before we log it
SAFELOGGING = True

aagbsn's avatar
aagbsn committed
14
15
16
17
# Logfile rotation settings
LOGFILE_COUNT = 5
LOGFILE_ROTATE_SIZE = 10000000

18
# One of "DEBUG", "INFO", "WARNING", "ERROR"...
aagbsn's avatar
aagbsn committed
19
LOGLEVEL = "WARNING"
20

Roger Dingledine's avatar
Roger Dingledine committed
21
# Files from which we read bridge descriptors, on start and on SIGHUP.
22
23
24
25
26
BRIDGE_FILES = [ "./bridge-descriptors" ]

# File from which we read routerstatus entries, for learning which
# current bridges are Running.
STATUS_FILE = "networkstatus-bridges"
27

28
29
30
# Either a file that contains blocked bridges list or None
#COUNTRY_BLOCK_FILE = "./blocked-bridges" 

31
32
# File from which we read extra-info entries, for learning pluggable
# transports
Isis Lovecruft's avatar
Isis Lovecruft committed
33
EXTRA_INFO_FILES = ["cached-extrainfo", "cached-extrainfo.new"]
34

35
36
37
# Only consider routers whose purpose matches this string.
BRIDGE_PURPOSE = "bridge"
# File to store persistent info in.
Isis Lovecruft's avatar
Isis Lovecruft committed
38
DB_FILE = "bridgedist.db"
39
# File to log changes to persistent info in.  For debugging and bugfixing.
Isis Lovecruft's avatar
Isis Lovecruft committed
40
DB_LOG_FILE = "bridgedist.log"
41
# File in which we store our secret HMAC root key.
Isis Lovecruft's avatar
Isis Lovecruft committed
42
MASTER_KEY_FILE = "secret_key"
43

44
45
46
# File to which we dump bridge pool assignments for statistics.
ASSIGNMENTS_FILE = "assignments.log"

47
# How many clusters do we group IPs in when distributing bridges based on IP?
48
49
50
# Note that if PROXY_LIST_FILES is set (below), what we actually do here
# is use one higher than the number here, and the extra cluster is used
# for answering requests made by IP addresses in the PROXY_LIST_FILES file.
51
52
N_IP_CLUSTERS = 4

53
54
55
56
# If possible, always give a certain number of answers with a given ORPort.
# This is a list of (port,minimum) tuples.
FORCE_PORTS = [ (443, 1) ]

57
58
59
60
61
62
63
64
65
# If possible, always give a certain number of answers with a given flag.
# Only "stable" is now supported.  This is a list of (flag,minimum) tuples.
FORCE_FLAGS = [ ("Stable", 1) ]

# A list of filenames that contain IP addresses (one per line) of proxies.
# All IP-based distributors that see an incoming connection from a proxy
# will treat them specially.
PROXY_LIST_FILES = [ ]

66
67
68
#==========
# Options related to HTTPS

69
# True if we are enabling distribution via HTTP or HTTPS; False otherwise.
70
71
72
73
74
75
HTTPS_DIST = True
# What proportion of bridges do we allocate to HTTP distribution?  See
# EMAIL_SHARE and RESERVED_SHARE.
HTTPS_SHARE=10
# An IP address (form "1.2.3.4") where we listen for HTTPS connections.
# "None" to listen on the default interface.
Isis Lovecruft's avatar
Isis Lovecruft committed
76
HTTPS_BIND_IP='127.0.0.1'
77
# Port to listen on for incoming HTTPS connections
Isis Lovecruft's avatar
Isis Lovecruft committed
78
HTTPS_PORT=6789
79
80
81
82
# Certificate file
HTTPS_CERT_FILE="cert"
# Private key file.
HTTPS_KEY_FILE="privkey.pem"
83
84
85
86
87
# If true, there is a trusted proxy relaying incoming messages to us: take
# the *last* entry from its X-Forwarded-For header as the client's IP.
HTTPS_USE_IP_FROM_FORWARDED_HEADER = False

# IP and port to listen on for unencrypted HTTP connections.
88
89
HTTP_UNENCRYPTED_BIND_IP=None
HTTP_UNENCRYPTED_PORT=None
90
91
# As HTTPS_USE_IP_FROM_FORWARDED_HEADER, but for unencrypted connections.
HTTP_USE_IP_FROM_FORWARDED_HEADER = False
92
# How many bridges do we give back in an answer?
Roger Dingledine's avatar
Roger Dingledine committed
93
HTTPS_N_BRIDGES_PER_ANSWER=3
Isis Lovecruft's avatar
Isis Lovecruft committed
94
HTTP_N_BRIDGES_PER_ANSWER=3
95

96
97
# Should we tell http users about the bridge fingerprints?  Turn this on
# once we have the vidalia/tor interaction fixed for everbody.
Isis Lovecruft's avatar
Isis Lovecruft committed
98
HTTPS_INCLUDE_FINGERPRINTS=True
99

100
101
102
#==========
# Options related to Email

103
# True if we are enabling distribution via Email; false otherwise.
104
105
106
107
EMAIL_DIST = True
# What proportion of bridges do we allocate to Email distribution?  See
# HTTPS_SHARE and RESERVED_SHARE.
EMAIL_SHARE=10
108

Roger Dingledine's avatar
Roger Dingledine committed
109
# What email addresses do we use for outgoing email?  EMAIL_FROM_ADDR goes
110
111
112
113
# in the From: line in outgoing headers, and EMAIL_SMTP_FROM_ADDR goes in
# the MAIL FROM header in outgoing SMTP.
EMAIL_FROM_ADDR = "bridges@torproject.org"
EMAIL_SMTP_FROM_ADDR = "bridges@torproject.org"
aagbsn's avatar
aagbsn committed
114
115
EMAIL_SMTP_HOST = "127.0.0.1"
EMAIL_SMTP_PORT = 25
116

117
118
119
# Reject any RCPT TO lines that aren't to this user.
EMAIL_USERNAME = "bridges"

120
121
122
123
124
125
# Canonical versions of domains that we will reply to.
EMAIL_DOMAINS = [ "gmail.com", "yahoo.com" ]
# Map from unofficial domain to canonical domain.
EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com",
                     "googlemail.com" : "gmail.com",
                     }
126
127
128
# Map from canonical domain to list of options for that domain.  Recognized
# options are:
#     "ignore_dots" -- the service ignores "." characters in email addresses.
129
130
#     "dkim" -- if there is not a X-DKIM-Authentication-Result header
#        with the value "pass", then drop the message.
131
132
#
# Note that unrecognized options are ignored; be sure to spell them right!
133
134
EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"],
                       'yahoo.com' : ["dkim"]
135
                       }
136
# If there are any IPs in this list, only allow incoming connections from
137
138
139
# those IPs.
EMAIL_RESTRICT_IPS=[]
# IP and port to listen on for email connections. Debugging only.
140
EMAIL_BIND_IP="127.0.0.1"
141
EMAIL_PORT=6725
Roger Dingledine's avatar
Roger Dingledine committed
142
# How many bridges do we give back in an answer?
143
EMAIL_N_BRIDGES_PER_ANSWER=3
144

145
146
# Should we tell http users about the bridge fingerprints?  Turn this on
# once we have the vidalia/tor interaction fixed for everbody.
Isis Lovecruft's avatar
Isis Lovecruft committed
147
EMAIL_INCLUDE_FINGERPRINTS = True
148

149
# Configuration options for GPG signed messages
Isis Lovecruft's avatar
Isis Lovecruft committed
150
151
EMAIL_GPG_SIGNING_ENABLED = True
EMAIL_GPG_SIGNING_KEY = 'gnupghome/TESTING.subkeys.sec'
152

153
154
155
156
157
158
159
#==========
# Options related to unallocated bridges.

# We split bridges into a group accessible by HTTPS queries; a group
# accessible by email queries; and a group that we don't assign to any
# query mechanism.  Once a bridge is assigned to either of the first
# two groups, it stays there persistently.  The bridges are allocated
Roger Dingledine's avatar
Roger Dingledine committed
160
# to these groups in a proportion of
161
162
163
#   HTTPS_SHARE : EMAIL_SHARE : RESERVED_SHARE
RESERVED_SHARE=2

164
FILE_BUCKETS = {}
aagbsn's avatar
aagbsn committed
165
166
167
168
169
170
171

# Options related to recaptcha support.
# Enable/Disable recaptcha
RECAPTCHA_ENABLED = False
# Recaptcha API keys
RECAPTCHA_PUB_KEY = ''
RECAPTCHA_PRIV_KEY = ''