bridgedb.conf 12 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
# -*- mode: python ; coding: utf-8 -*-
#
#   +---------------+
#   | bridgedb.conf |
#   +---------------+
#
# This file uses Python syntax, and is sourced as if it were a .py file. Just
# pretend you're writing Python, and everything will be peachy keen.
#______________________________________________________________________________
#
11
# Part of BridgeDB, a Tor bridge distribution system.
12
#
13
14
15
16
# :authors: The Tor Project, Inc.
# :license: This file is freely distributed as part of BridgeDB, see LICENSE
#           for details.
# :copyright: (c) 2007-2013 The Tor Project, Inc.
17
#             (c) 2007-2013, all sentient entities within the AUTHORS file
18
19
20
21
22
# :version: 0.0.3
#===============================================================================
#
# CHANGELOG:
# ~~~~~~~~~~ 
23
24
25
26
27
# Changes in version 0.0.4 - 2014-01-24
#   * ADD COLLECT_TIMESTAMPS option (see #10724). Set it to False for the
#     staging instance (etc/test-bridgedb.conf), and True for the production
#     server (etc/bridgedb.conf).
#
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# Changes in version 0.0.3 - 2014-01-17
#   * UPDATE config from bridgedb.git/bridgedb.conf, without changing any of the
#     settings.
#
# Changes in version 0.0.2 - 2014-01-17
#   * ADD missing settings, EMAIL_GPG_SIGNING_ENABLED and EMAIL_GPG_SIGNING_KEY.
#
# Changes in version 0.0.1 - 2013-08-30
#   * ADD version of config file in use on ponticum.
#     - Two config variables, RECAPTCHA_PUB_KEY and RECAPTCHA_PRIV_KEY, have
#       been removed, they can be found in:
#       patches/001-bridgedb-conf-recaptcha-vars.patch.
#   * CLEANUP the config file slightly (such as adding these headers) and
#     fixing the linewraps. No other variables were touched.
#
#===============================================================================
44

45
46
47
#===========================#
#  General-purpose options  #
#___________________________#
48

49
50
51
52
53
54
55
56
57
58
59
60
61
62
#----------------
# Required Files \  You'll want to make sure that these ones exist!
#------------------------------------------------------------------------------
#
# All filenames are taken as relative to the RUNTIME directory, which is the
# current working directory when you call the ``bridgedb`` script, or you may
# specify a particular RUNTIME directory by doing:
#
#     $ bridgedb -r /path/to/some/nice/place
#
# Obviously, this config file should live in that directory, so that BridgeDB
# can read it.
#------------------------------------------------------------------------------

63
64
65
66
# We chdir to this directory when we start; all files with relative pathnames
# are created under this directory
#RUN_IN_DIR = "/srv/bridges.torproject.org/run"

67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# List of filenames from which we read ``@type bridge-server-descriptor``s, on
# startup and on SIGHUP.
BRIDGE_FILES = ["bridge-descriptors"]

# List of filenames from which we read ``@type bridge-extra-info``
# descriptors, for learning about a bridge's pluggable transports:
EXTRA_INFO_FILES = ["cached-extrainfo", "cached-extrainfo.new"]

# Filename from which we read ``@type bridge-network-status`` entries, for
# learning which current bridges are Running, as well as their IPv6 addresses.
STATUS_FILE = "networkstatus-bridges"

# Certificate file and private key for the HTTPS Distributor. To create a
# self-signed cert, run ``scripts/make-ssl-cert`` it will create these files
# in your current directory.
HTTPS_CERT_FILE="cert"
HTTPS_KEY_FILE="privkey.pem"

#----------------
# Output Files   \  Where to store created data
#------------------------------------------------------------------------------
#
# These will get automatically created for you, just specify where they should
# go.
#------------------------------------------------------------------------------
92

93
94
# Either a file to log to, or None if we should log to the console.
LOGFILE = "bridgedb.log"
aagbsn's avatar
aagbsn committed
95

96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
# File in which to write our pid
PIDFILE = "bridgedb.pid"

# Filename of the database to store persistent info in.
DB_FILE = "bridgedist.db"

# Filename to log changes to persistent info in. For debugging and bugfixing.
DB_LOG_FILE = "bridgedist.log"

# Filename where we store our secret HMAC root key. This file and the key
# inside are automatically created for you if they do not exist.
MASTER_KEY_FILE = "secret_key"

# Filename that contains blocked bridges list. Comment out to disable.
#COUNTRY_BLOCK_FILE = "blocked-bridges"

# A list of filenames that contain IP addresses (one per line) of proxies.
# All IP-based distributors that see an incoming connection from a proxy
# will treat them specially.
PROXY_LIST_FILES = []

#------------------
# Logging Options  \
#------------------------------------------------------------------------------
#
# Be sure to also see the LOGFILE option above!
#------------------------------------------------------------------------------

124
# One of "DEBUG", "INFO", "WARNING", "ERROR", or "FATAL:
125
126
LOGLEVEL = "DEBUG"

127
128
129
# If true, we scrub all potentially identifying information before we log it
SAFELOGGING = True

aagbsn's avatar
aagbsn committed
130
131
132
133
# Logfile rotation settings
LOGFILE_COUNT = 5
LOGFILE_ROTATE_SIZE = 10000000

134
135
# Only consider routers whose purpose matches this string.
BRIDGE_PURPOSE = "bridge"
136

137
138
139
# File to which we dump bridge pool assignments for statistics.
ASSIGNMENTS_FILE = "assignments.log"

140
# How many clusters do we group IPs in when distributing bridges based on IP?
141
142
143
# Note that if PROXY_LIST_FILES is set (below), what we actually do here
# is use one higher than the number here, and the extra cluster is used
# for answering requests made by IP addresses in the PROXY_LIST_FILES file.
144
145
N_IP_CLUSTERS = 4

146
# If possible, always give a certain number of answers with a given ORPort.
147
148
# This is a list of ``(port, minimum)`` tuples.
FORCE_PORTS = [(443, 1)]
149

150
# If possible, always give a certain number of answers with a given flag.
151
# Only "Stable" is now supported.  This is a list of (flag,minimum) tuples.
152
FORCE_FLAGS = [("Stable", 1)]
153

154
155
156
157
158
159
160
161
162
163
164
165
166
#---------------------------
# Database/Parsing Options  \
#------------------------------------------------------------------------------
#
# These options change various database transaction and descriptor parsing
# behaviours.
#------------------------------------------------------------------------------

# (boolean) If True, then collect, sort, and store all timestamps seen for all
# bridges. This operation is extremely expensive, and should be disabled when
# it is not necessary.
COLLECT_TIMESTAMPS = True

167
168
169
170
171
172
173
174
175
#-------------------------------
# HTTP(S) Distribution Options  \
#------------------------------------------------------------------------------
#
# These options configure the behaviour of the web interface bridge
# distribution mechanism. If HTTPS_DIST is enabled, make sure that the above
# HTTPS_CERT_FILE and HTTPS_KEY_FILE options point to the correct location of
# your SSL certificate and key!
#------------------------------------------------------------------------------
176

177
# (boolean) True to enable distribution via HTTP or HTTPS; False otherwise.
178
HTTPS_DIST = True
179
180
181
182
183
184
185
186

# (string or None) The IP address where we listen for HTTPS connections. If
# ``None``, listen on the default interface.
HTTPS_BIND_IP = '127.0.0.1'

# (integer or None) The port to listen on for incoming HTTPS connections.
HTTPS_PORT = 6789

187
# How many bridges do we give back in an answer (either HTTP or HTTPS)?
188
189
190
191
192
193
HTTPS_N_BRIDGES_PER_ANSWER = 3

# Should we tell http users about the bridge fingerprints?  Turn this on
# once we have the vidalia/tor interaction fixed for everbody.
HTTPS_INCLUDE_FINGERPRINTS = True

194
195
196
197
# If true, there is a trusted proxy relaying incoming messages to us: take
# the *last* entry from its X-Forwarded-For header as the client's IP.
HTTPS_USE_IP_FROM_FORWARDED_HEADER = False

198
199
200
201
202
203
204
205
# (string or None) The IP address to listen on for unencrypted HTTP
# connections. Set to ``None`` to disable unencrypted connections to the web
# interface.
HTTP_UNENCRYPTED_BIND_IP = None

# (integer or None) The port to listen on for incoming HTTP connections.
HTTP_UNENCRYPTED_PORT = None

206
# (boolean) Same as the HTTPS_USE_IP_FROM_FORWARDED_HEADER option, but for
207
# unencrypted connections.
208
HTTP_USE_IP_FROM_FORWARDED_HEADER = False
209

210
211
212
213
214
215
216
217
218
#-------------------------------
# Email Distribution Options    \
#------------------------------------------------------------------------------
#
# These options configure the behaviour of the email bridge distribution
# mechanism. If EMAIL_DIST is enabled, make sure that the above
# HTTPS_CERT_FILE and HTTPS_KEY_FILE options point to the correct location of
# your SSL certificate and key!
# ------------------------------------------------------------------------------
219

220
# True if we are enabling distribution via Email; false otherwise.
221
EMAIL_DIST = True
222

223
224
225
# What email addresses do we use for outgoing email?

# EMAIL_FROM_ADDR goes in the 'From:' header on outgoing emails:
226
EMAIL_FROM_ADDR = "bridges@torproject.org"
227
228

# EMAIL_SMTP_FROM_ADDR goes in the 'Mail-From:' header in outgoing SMTP:
229
EMAIL_SMTP_FROM_ADDR = "bridges@torproject.org"
230

aagbsn's avatar
aagbsn committed
231
232
EMAIL_SMTP_HOST = "127.0.0.1"
EMAIL_SMTP_PORT = 25
233

234
235
236
# Reject any RCPT TO lines that aren't to this user.
EMAIL_USERNAME = "bridges"

237
# Canonical versions of domains that we will reply to.
238
239
EMAIL_DOMAINS = ["gmail.com", "yahoo.com"]

240
# Map from unofficial domain to canonical domain.
241
242
EMAIL_DOMAIN_MAP = {"mail.google.com": "gmail.com",
                    "googlemail.com": "gmail.com"}
243

244
245
246
# Map from canonical domain to list of options for that domain.  Recognized
# options are:
#     "ignore_dots" -- the service ignores "." characters in email addresses.
247
248
#     "dkim" -- if there is not a X-DKIM-Authentication-Result header
#        with the value "pass", then drop the message.
249
250
#
# Note that unrecognized options are ignored; be sure to spell them right!
251
252
EMAIL_DOMAIN_RULES = {'gmail.com': ["ignore_dots", "dkim"],
                      'yahoo.com': ["dkim"]}
253

254
# If there are any IPs in this list, only allow incoming connections from
255
# those IPs.
256
257
EMAIL_RESTRICT_IPS = []

258
# IP and port to listen on for email connections. Debugging only.
259
260
EMAIL_BIND_IP = "127.0.0.1"
EMAIL_PORT = 6725
261

Roger Dingledine's avatar
Roger Dingledine committed
262
# How many bridges do we give back in an answer?
263
EMAIL_N_BRIDGES_PER_ANSWER = 3
264

265
266
# Should we tell http users about the bridge fingerprints?  Turn this on
# once we have the vidalia/tor interaction fixed for everbody.
Isis Lovecruft's avatar
Isis Lovecruft committed
267
EMAIL_INCLUDE_FINGERPRINTS = True
268

269
# Configuration options for GPG signed messages
Isis Lovecruft's avatar
Isis Lovecruft committed
270
271
EMAIL_GPG_SIGNING_ENABLED = True
EMAIL_GPG_SIGNING_KEY = 'gnupghome/TESTING.subkeys.sec'
272

273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
#-------------------------------
# Hashring Allocation Options   \
#------------------------------------------------------------------------------
#
# These options determine the proportions of bridges per hashring. When
# BridgeDB receives a descriptor for a new bridge, that bridge is assigned to
# a hashring. For example, if ``HTTPS_DIST`` and ``EMAIL_DIST`` are both
# enabled, there is a hashring for bridges allocated to the HTTP(S)
# Distributor, and another for the Email Distributor. In addition, an
# "Unallocated" hashring is always created, in order to reserve some portion
# of bridges for manual distribution, or as backup in the case of a major
# blocking event. Once a bridge is assigned to one of these allocation groups,
# it stays there; there is currently no mechanism for changing a bridge's
# hashring allocation.
#
288
289
# Once a bridge is assigned to either of the first two groups, it stays there
# persistently. The bridges are allocated to these groups in a proportion of
290
291
292
293
294
295
#
#     ``HTTPS_SHARE`` : ``EMAIL_SHARE`` : ``RESERVED_SHARE``
# ------------------------------------------------------------------------------

# The proportion of bridges to allocate to HTTP distribution.
HTTPS_SHARE = 10
296

297
298
# The proportion of bridges to allocate to Email distribution.
EMAIL_SHARE = 10
299

300
301
302
303
304
305
306
307
# An integer specifying the proportion of bridges which should remain
# unallocated, for backup usage and manual distribution.
RESERVED_SHARE = 2

# A dictionary of {FILENAME: NUMBER} where FILENAME is a string specifying the
# filename to store a certain NUMBER (an integer) of bridges in. The number of
# bridges here is *not* a share/proportion, as above; instead it's literally
# the number of bridges.
308
FILE_BUCKETS = {}
aagbsn's avatar
aagbsn committed
309

310
311
312
# Recaptcha Options
# -----------------

aagbsn's avatar
aagbsn committed
313
314
# Enable/Disable recaptcha
RECAPTCHA_ENABLED = False
315

aagbsn's avatar
aagbsn committed
316
317
# Recaptcha API keys
RECAPTCHA_PUB_KEY = ''
318
RECAPTCHA_PRIV_KEY = ''