#========== # General-purpose options. # We chdir to this directory when we start; all files with relative # pathnames are created under this directory RUN_IN_DIR = "~/run/" # Either a file in which to write our pid, or None PIDFILE = "bridgedb.pid" # Either a file to log to, or None if we should log to the console. LOGFILE = "bridgedb.log" # One of "DEBUG", "INFO", "WARNING", "ERROR"... LOGLEVEL = "INFO" # Files from which we read bridge descriptors, on start and on SIGHUP. BRIDGE_FILES = [ "./bridge-descriptors" ] # File from which we read routerstatus entries, for learning which # current bridges are Running. STATUS_FILE = "networkstatus-bridges" # Only consider routers whose purpose matches this string. BRIDGE_PURPOSE = "bridge" # File to store persistent info in. DB_FILE = "./bridgedist.db" # File to log changes to persistent info in. For debugging and bugfixing. DB_LOG_FILE = "./bridgedist.log" # File in which we store our secret HMAC root key. MASTER_KEY_FILE = "./secret_key" # How many clusters do we group IPs in when distributing bridges based on IP? N_IP_CLUSTERS = 4 #========== # Options related to HTTPS # True if we are enabling distribution via HTTP or HTTPS; False otherwise. HTTPS_DIST = True # What proportion of bridges do we allocate to HTTP distribution? See # EMAIL_SHARE and RESERVED_SHARE. HTTPS_SHARE=10 # An IP address (form "1.2.3.4") where we listen for HTTPS connections. # "None" to listen on the default interface. HTTPS_BIND_IP=None # Port to listen on for incoming HTTPS connections HTTPS_PORT=3443 # Certificate file HTTPS_CERT_FILE="cert" # Private key file. HTTPS_KEY_FILE="privkey.pem" # IP and port to listen on for unencrypted HTTP connections. Debugging only. HTTP_UNENCRYPTED_BIND_IP=None HTTP_UNENCRYPTED_PORT=None # How many bridges do we give back in an answer? HTTPS_N_BRIDGES_PER_ANSWER=3 #========== # Options related to Email # True if we are enabling distribution via Email; false otherwise. EMAIL_DIST = True # What proportion of bridges do we allocate to Email distribution? See # HTTPS_SHARE and RESERVED_SHARE. EMAIL_SHARE=10 # Canonical versions of domains that we will reply to. EMAIL_DOMAINS = [ "gmail.com", "yahoo.com" ] # Map from unofficial domain to canonical domain. EMAIL_DOMAIN_MAP = { "mail.google.com" : "gmail.com", "googlemail.com" : "gmail.com", } # Map from canonical domain to list of options for that domain. Recognized # options are: # "ignore_dots" -- the service ignores "." characters in email addresses. # "dkim" -- if there is not a X-DKIM-Authentication-Result header # with the value "pass", then drop the message. # # Note that unrecognized options are ignored; be sure to spell them right! EMAIL_DOMAIN_RULES = { 'gmail.com' : ["ignore_dots", "dkim"], 'yahoo.com' : ["dkim"] } # If there are any IPs in this list, only allow incoming connections from # those IPs. EMAIL_RESTRICT_IPS=[] # IP and port to listen on for email connections. Debugging only. EMAIL_BIND_IP="127.0.0.1" EMAIL_PORT=6725 # How many bridges do we give back in an answer? EMAIL_N_BRIDGES_PER_ANSWER=3 #========== # Options related to unallocated bridges. # We split bridges into a group accessible by HTTPS queries; a group # accessible by email queries; and a group that we don't assign to any # query mechanism. Once a bridge is assigned to either of the first # two groups, it stays there persistently. The bridges are allocated # to these groups in a proportion of # HTTPS_SHARE : EMAIL_SHARE : RESERVED_SHARE RESERVED_SHARE=2