#========== # General-purpose options. # We chdir to this directory when we start; all files with relative # pathnames are created under this directory RUN_IN_DIR = "~/run/" # Either a file in which to write our pid, or None PIDFILE = "bridgedb.pid" # Either a file to log to, or None if we should log to the console. LOGFILE = "bridgedb.log" # One of "DEBUG", "INFO", "WARNING", "ERROR"... LOGLEVEL = "INFO" # Files from which we read bridge descriptors, on start and on SIGHUP. BRIDGE_FILES = [ "./bridge-descriptors" ] # File from which we read routerstatus entries, for learning which # current bridges are Running. STATUS_FILE = "networkstatus-bridges" # Either a file that contains blocked bridges list or None #COUNTRY_BLOCK_FILE = "./blocked-bridges" # Only consider routers whose purpose matches this string. BRIDGE_PURPOSE = "bridge" # File to store persistent info in. DB_FILE = "./bridgedist.db" # File to log changes to persistent info in. For debugging and bugfixing. DB_LOG_FILE = "./bridgedist.log" # File in which we store our secret HMAC root key. MASTER_KEY_FILE = "./secret_key" # File to which we dump bridge pool assignments for statistics. ASSIGNMENTS_FILE = "assignments.log" # How many clusters do we group IPs in when distributing bridges based on IP? # Note that if PROXY_LIST_FILES is set (below), what we actually do here # is use one higher than the number here, and the extra cluster is used # for answering requests made by IP addresses in the PROXY_LIST_FILES file. N_IP_CLUSTERS = 4 # If possible, always give a certain number of answers with a given ORPort. # This is a list of (port,minimum) tuples. FORCE_PORTS = [ (443, 1) ] # If possible, always give a certain number of answers with a given flag. # Only "stable" is now supported. This is a list of (flag,minimum) tuples. FORCE_FLAGS = [ ("Stable", 1) ] # A list of filenames that contain IP addresses (one per line) of proxies. # All IP-based distributors that see an incoming connection from a proxy # will treat them specially. PROXY_LIST_FILES = [ ] #========== # Options related to HTTPS # True if we are enabling distribution via HTTP or HTTPS; False otherwise. HTTPS_DIST = True # What proportion of bridges do we allocate to HTTP distribution? See # EMAIL_SHARE and RESERVED_SHARE. HTTPS_SHARE=10 # An IP address (form "1.2.3.4") where we listen for HTTPS connections. # "None" to listen on the default interface. HTTPS_BIND_IP=None # Port to listen on for incoming HTTPS connections HTTPS_PORT=3443 # Certificate file HTTPS_CERT_FILE="cert" # Private key file. HTTPS_KEY_FILE="privkey.pem" # If true, there is a trusted proxy relaying incoming messages to us: take # the *last* entry from its X-Forwarded-For header as the client's IP. HTTPS_USE_IP_FROM_FORWARDED_HEADER = False # IP and port to listen on for unencrypted HTTP connections. HTTP_UNENCRYPTED_BIND_IP=None HTTP_UNENCRYPTED_PORT=None # As HTTPS_USE_IP_FROM_FORWARDED_HEADER, but for unencrypted connections. HTTP_USE_IP_FROM_FORWARDED_HEADER = False # How many bridges do we give back in an answer? HTTPS_N_BRIDGES_PER_ANSWER=3 # Should we tell http users about the bridge fingerprints? Turn this on # once we have the vidalia/tor interaction fixed for everbody. HTTPS_INCLUDE_FINGERPRINTS=False #========== # Options related to Email # True if we are enabling distribution via Email; false otherwise. EMAIL_DIST = True # What proportion of bridges do we allocate to Email distribution? See # HTTPS_SHARE and RESERVED_SHARE. EMAIL_SHARE=10 # What email addresses do we use for outgoing email? EMAIL_FROM_ADDR goes # in the From: line in outgoing headers, and EMAIL_SMTP_FROM_ADDR goes in # the MAIL FROM header in outgoing SMTP. EMAIL_FROM_ADDR = "bridges@torproject.org" EMAIL_SMTP_FROM_ADDR = "bridges@torproject.org" EMAIL_SMTP_HOST = "127.0.0.1" EMAIL_SMTP_PORT = 25 # Reject any RCPT TO lines that aren't to this user. EMAIL_USERNAME = "bridges" # Canonical versions of domains that we will reply to. EMAIL_DOMAINS = [ "gmail.com", "yahoo.com" ] # Map from unofficial domain to canonical domain. EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com", "googlemail.com" : "gmail.com", } # Map from canonical domain to list of options for that domain. Recognized # options are: # "ignore_dots" -- the service ignores "." characters in email addresses. # "dkim" -- if there is not a X-DKIM-Authentication-Result header # with the value "pass", then drop the message. # # Note that unrecognized options are ignored; be sure to spell them right! EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"], 'yahoo.com' : ["dkim"] } # If there are any IPs in this list, only allow incoming connections from # those IPs. EMAIL_RESTRICT_IPS=[] # IP and port to listen on for email connections. Debugging only. EMAIL_BIND_IP="127.0.0.1" EMAIL_PORT=6725 # How many bridges do we give back in an answer? EMAIL_N_BRIDGES_PER_ANSWER=3 # Should we tell http users about the bridge fingerprints? Turn this on # once we have the vidalia/tor interaction fixed for everbody. EMAIL_INCLUDE_FINGERPRINTS=False #========== # Options related to unallocated bridges. # We split bridges into a group accessible by HTTPS queries; a group # accessible by email queries; and a group that we don't assign to any # query mechanism. Once a bridge is assigned to either of the first # two groups, it stays there persistently. The bridges are allocated # to these groups in a proportion of # HTTPS_SHARE : EMAIL_SHARE : RESERVED_SHARE RESERVED_SHARE=2 FILE_BUCKETS = {} # Options related to recaptcha support. # Enable/Disable recaptcha RECAPTCHA_ENABLED = False # Recaptcha API keys RECAPTCHA_PUB_KEY = '' RECAPTCHA_PRIV_KEY = ''