Browse code

faq: improved torrc/datadir section ; several housekeeping tasks

- linked first occurrence of torrc in every answer to #torrc
- replaced absolute links to torproject.org with relative ones
- added TODO to questions in html comments

traumschule authored on22/08/2018 00:44:07
Showing1 changed files
... ...
@@ -119,6 +119,7 @@
119 119
     <ul>
120 120
     <li><a href="#torrc">I'm supposed to "edit my torrc". What does
121 121
     that mean?</a></li>
122
+    <li><a href="#datadir">Where's tor's data directory?</a></li>
122 123
     <li><a href="#Logs">How do I set up logging, or see Tor's
123 124
     logs?</a></li>
124 125
     <li><a href="#LogLevel">What log level should I use?</a></li>
... ...
@@ -1067,7 +1068,7 @@
1067 1068
     idea. Tor Browser aims to provide sufficient privacy that additional add-ons
1068 1069
     to stop ads and trackers are not necessary. Using add-ons like these may
1069 1070
     cause some sites to break, which
1070
-    <a href="https://www.torproject.org/projects/torbrowser/design/#philosophy">
1071
+    <a href="/projects/torbrowser/design/#philosophy">
1071 1072
     we don't want to do</a>. Additionally, maintaining a list of "bad" sites
1072 1073
     that should be black-listed provides another opportunity to uniquely
1073 1074
     fingerprint users.
... ...
@@ -1417,15 +1418,15 @@
1417 1418
     </p>
1418 1419
 
1419 1420
     <p>
1420
-    First (best option), if you're on Linux, you can install the system
1421
-    Tor package (e.g. apt-get install tor) and then set it up to be a relay
1422
-    (<a href="https://www.torproject.org/docs/tor-relay-debian">
1423
-    instructions</a>). You can then use TBB independent of that.
1421
+    First (best option), if you're on Linux, you can install the
1422
+    <a href="<page download/download-unix>">system Tor package</a>
1423
+    (e.g. apt-get install tor) and then set it up to be a relay
1424
+    (<a href="https://www.torproject.org/docs/tor-relay-debian">instructions</a>).
1425
+    You can then use TBB independent of that.
1424 1426
     </p>
1425 1427
 
1426
-
1427 1428
     <p>
1428
-    Second (complex option), you can edit your torrc file (in Data/Tor/torrc)
1429
+    Second (complex option), you can edit your <a href="#torrc">torrc file</a>
1429 1430
     directly to add the following lines:
1430 1431
     </p>
1431 1432
 
... ...
@@ -1468,7 +1469,8 @@
1468 1469
     README file</a> for the build instructions.
1469 1470
     There is also some informations in the
1470 1471
     <a href="https://trac.torproject.org/projects/tor/wiki/doc/TorBrowser/Hacking">
1471
-    Tor Browser Hacking Guide</a>.
1472
+    Tor Browser Hacking Guide</a>. Also see our
1473
+    <a href="<page docs/verifying-signatures>">fingerprint verification guide</a>.
1472 1474
     </p>
1473 1475
 
1474 1476
     <hr>
... ...
@@ -1476,9 +1478,9 @@
1476 1478
     <a id="AdvancedTorUsage"></a>
1477 1479
     <h2><a class="anchor" href="#AdvancedTorUsage">Advanced Tor usage:</a></h2>
1478 1480
 
1479
-    <a id="torrc"></a>
1481
+    <a id="torrc"></a><a id="datadir"></a>
1480 1482
     <h3><a class="anchor" href="#torrc">I'm supposed to "edit my torrc".
1481
-    What does that mean?</a></h3>
1483
+    What does that mean? Where's tor's data directory?</a></h3>
1482 1484
 
1483 1485
     <p>
1484 1486
     Tor uses a text file called torrc that contains configuration
... ...
@@ -1487,26 +1489,47 @@
1487 1489
     </p>
1488 1490
 
1489 1491
     <p>
1490
-    If you installed Tor Browser on Windows or Linux, look for
1491
-    <code>Browser/TorBrowser/Data/Tor/torrc</code> inside your Tor Browser
1492
-    directory.
1493
-    If you're on macOS, the torrc is in
1492
+    If you installed Tor Browser on Windows or Linux, torrc is in the data
1493
+    directory, which is <code>Browser/TorBrowser/Data/Tor</code> inside your
1494
+    Tor Browser directory. For the tor service on Windows see
1495
+    <a href="#NTService">Windows NT</a>.
1496
+    </p>
1497
+
1498
+    <p>
1499
+    If you're on macOS, the torrc is in the data directory at
1494 1500
     <code>~/Library/Application Support/TorBrowser-Data/Tor</code>.
1495 1501
     To get to it, press cmd-shift-g while in Finder and copy/paste that
1496 1502
     directory into the box that appears.
1497 1503
     </p>
1498 1504
 
1499 1505
     <p>
1500
-    Otherwise, if you are using Tor without Tor Browser, it looks for the
1501
-    torrc file in <code>/usr/local/etc/tor/torrc</code> if you compiled tor
1502
-    from source, and <code>/etc/tor/torrc</code> or <code>/etc/torrc</code>
1503
-    if you installed a pre-built package.
1506
+    Otherwise, if you are using Tor without Tor Browser, it looks for torrc at
1507
+    differentt possible locations:
1504 1508
     </p>
1509
+    <ul>
1510
+    <li>
1511
+    <code>/usr/local/etc/tor/torrc</code> if you compiled tor from source
1512
+    </li>
1513
+    <li>
1514
+    <code>/etc/tor/torrc</code> or <code>/etc/torrc</code> if you installed a
1515
+    pre-built package. The data directory usually is
1516
+    <code>/var/lib/tor/</code>, if not defined otherwise with
1517
+    <code>DataDirectory</code> in torrc.
1518
+    </li>
1519
+    <li><code>$HOME/.torrc</code>: fallback location if above file is not found.
1520
+    </li>
1521
+    <li>
1522
+    You can define a different location for torrc with <code>-f FILE</code> and
1523
+    set another data directory with <code>--DataDirectory DIR</code> as options
1524
+    to tor.
1525
+    </li>
1526
+    </ul>
1505 1527
 
1506 1528
     <p>
1507
-    Once you've created or changed your torrc file, you will need to restart
1508
-    tor for the changes to take effect. (For advanced users, note that
1509
-    you actually only need to send Tor a HUP signal, not actually restart it.)
1529
+    Once you've created or changed your torrc file, you will need to restart or
1530
+    reload tor for the changes to take effect. On Debian use
1531
+    <code>system tor reload</code>. (For advanced users, note that you
1532
+    actually only need to send Tor a HUP signal, not actually restart it.)
1510 1533
     </p>
1511 1534
 
1512 1535
     <p>
... ...
@@ -1533,7 +1556,7 @@
1533 1556
       <li>On OS X, Debian, Red Hat, etc, the logs are in /var/log/tor/
1534 1557
       </li>
1535 1558
       <li>On Windows, there are no default log files currently. If you enable
1536
-      logs in your torrc file, they default to <code>\username\Application
1559
+      logs in your <a href="#torrc">torrc</a> file, they default to <code>\username\Application
1537 1560
       Data\tor\log\</code> or <code>\Application Data\tor\log\</code>
1538 1561
       </li>
1539 1562
       <li>If you compiled Tor from source, by default your Tor logs to
... ...
@@ -1718,7 +1741,7 @@
1718 1741
     If you don't find any good hints, you should consider running Tor in the
1719 1742
     foreground (from a shell) so you can see how it dies. Warning: if you
1720 1743
     switch to running Tor in the foreground, you might start using a different
1721
-    torrc file, with a different default Data Directory; see the
1744
+    <a href="#torrc">torrc</a> file, with a different default Data Directory; see the
1722 1745
     <a href="#UpgradeOrMove">relay-upgrade FAQ entry</a>
1723 1746
     for details.
1724 1747
     </li>
... ...
@@ -1755,8 +1778,8 @@
1755 1778
     <p>
1756 1779
     Yes. You can set preferred entry and exit nodes as well as
1757 1780
     inform Tor which nodes you do not want to use.
1758
-    The following options can be added to your config file <a
1759
-    href="#torrc">"torrc"</a> or specified on the command line:
1781
+    The following options can be added to your config file
1782
+    <a href="#torrc">torrc</a> or specified on the command line:
1760 1783
     </p>
1761 1784
     <dl>
1762 1785
       <dt><tt>EntryNodes $fingerprint,$fingerprint,...</tt></dt>
... ...
@@ -1818,7 +1841,7 @@ versions.
1818 1841
     If your firewall works by blocking ports, then you can tell Tor to only
1819 1842
     use the ports when you start your Tor Browser. Or you can add the ports
1820 1843
     that your firewall permits by adding "FascistFirewall 1" to your
1821
-    <a href="<page docs/faq>#torrc">torrc configuration file</a>.
1844
+    <a href="#torrc">torrc configuration file</a>.
1822 1845
     By default, when you set this Tor assumes that your firewall allows only
1823 1846
     port 80 and port 443 (HTTP and HTTPS respectively). You can select a
1824 1847
     different set of ports with the FirewallPorts torrc option.
... ...
@@ -1841,9 +1864,11 @@ versions.
1841 1864
     ports?</a></h3>
1842 1865
     <p>
1843 1866
     The default open ports are listed below but keep in mind that, any port or
1844
-    ports can be opened by the relay operator by configuring it in torrc or
1845
-    modifying the source code. But the default according to src/or/policies.c
1846
-    from the source code release tor-0.2.4.16-rc is:
1867
+    ports can be opened by the relay operator by configuring it in
1868
+    <a href="#torrc">torrc</a> or modifying the source code.
1869
+    <!-- TODO should we update this? -->
1870
+    The default according to src/or/policies.c from the source code release
1871
+    tor-0.2.4.16-rc:
1847 1872
     </p>
1848 1873
     <pre>
1849 1874
   reject 0.0.0.0/8
... ...
@@ -1934,7 +1959,7 @@ versions.
1934 1959
     with tor-resolve, then pass the IPs to your applications, you'll be fine.
1935 1960
     (Tor will still give the warning, but now you know what it means.) </li>
1936 1961
 
1937
-    <!-- I'm not sure if this project is still maintained or not
1962
+    <!-- TODO I'm not sure if this project is still maintained or not
1938 1963
     <li>You can use TorDNS as a local DNS server to rectify the DNS leakage.
1939 1964
     See the Torify HOWTO for info on how to run particular applications
1940 1965
     anonymously.</li>
... ...
@@ -1993,7 +2018,7 @@ versions.
1993 2018
     By default, your Tor client only listens for applications that
1994 2019
     connect from localhost. Connections from other computers are
1995 2020
     refused. If you want to torify applications on different computers
1996
-    than the Tor client, you should edit your torrc to define
2021
+    than the Tor client, you should edit your <a href="#torrc">torrc</a> to define
1997 2022
     SocksListenAddress 0.0.0.0 and then restart (or hup) Tor. If you
1998 2023
     want to get more advanced, you can configure your Tor client on a
1999 2024
     firewall to bind to your internal IP but not your external IP.
... ...
@@ -2019,7 +2044,7 @@ versions.
2019 2044
      key all around.
2020 2045
     </p>
2021 2046
     <p>
2022
-    Configuration is simple, editing your torrc file's SocksListenAddress
2047
+    Configuration is simple, editing your <a href="#torrc">torrc</a> file's SocksListenAddress
2023 2048
     according to the following examples:
2024 2049
     </p>
2025 2050
 
... ...
@@ -2130,8 +2155,8 @@ versions.
2130 2155
     using a dynamic IP address?</a></h3>
2131 2156
 
2132 2157
     <p>
2133
-    Tor can handle relays with dynamic IP addresses just fine. Just leave
2134
-    the "Address" line in your torrc blank, and Tor will guess.
2158
+    Tor can handle relays with dynamic IP addresses just fine. Just leave the
2159
+    "Address" line in your <a href="#torrc">torrc</a> blank, and Tor will guess.
2135 2160
     </p>
2136 2161
 
2137 2162
     <hr>
... ...
@@ -2143,9 +2168,9 @@ versions.
2143 2168
     Tor has <a href="<wiki>org/roadmaps/Tor/IPv6Features">partial</a> support
2144 2169
     for IPv6 and we encourage every relay operator to
2145 2170
     <a href="<wiki>TorRelayGuide#IPv6">enable IPv6 functionality</a> in their
2146
-    torrc configuration files when IPv6 connectivity is available.
2147
-    For the time being Tor will require IPv4 addresses on relays, you can not
2148
-    run a Tor relay on a host with IPv6 addresses only.
2171
+    <a href="#torrc">torrc</a> configuration files when IPv6 connectivity is
2172
+    available. For the time being Tor will require IPv4 addresses on relays,
2173
+    you can not run a Tor relay on a host with IPv6 addresses only.
2149 2174
     </p>
2150 2175
 
2151 2176
     <hr>
... ...
@@ -2244,7 +2269,7 @@ versions.
2244 2269
     options are available to Tor relays?</a></h3>
2245 2270
 
2246 2271
     <p>
2247
-    There are two options you can add to your torrc file:
2272
+    There are two options you can add to your <a href="#torrc">torrc</a> file:
2248 2273
     </p>
2249 2274
     <ul>
2250 2275
     <li>
... ...
@@ -2298,7 +2323,7 @@ versions.
2298 2323
     <h3><a class="anchor" href="#LimitTotalBandwidth">How can I limit the
2299 2324
     total amount of bandwidth used by my Tor relay?</a></h3>
2300 2325
     <p>
2301
-    The accounting options in the torrc file allow you to specify the maximum
2326
+    The accounting options in the <a href="#torrc">torrc</a> file allow you to specify the maximum
2302 2327
     amount of bytes your relay uses for a time period.
2303 2328
     </p>
2304 2329
     <pre>
... ...
@@ -2394,7 +2419,7 @@ versions.
2394 2419
     working relay setup) is as follows:</p>
2395 2420
 
2396 2421
     <ul>
2397
-        <li>In the relay Tor torrc file, simply set the SocksPort to 0.</li>
2422
+        <li>In the relay Tor <a href="#torrc">torrc</a> file, simply set the SocksPort to 0.</li>
2398 2423
         <li>Create a new client torrc file from the torrc.sample and ensure
2399 2424
         it uses a different log file from the relay. One naming convention
2400 2425
         may be torrc.client and torrc.relay.</li>
... ...
@@ -2574,7 +2599,7 @@ don't want to deal with abuse issues.</a></h3>
2574 2599
 
2575 2600
     <p>
2576 2601
     This means that if you're upgrading your Tor relay and you keep the same
2577
-    torrc and the same DataDirectory, then the upgrade should just work and
2602
+    <a href="#torrc">torrc and the same DataDirectory</a>, then the upgrade should just work and
2578 2603
     your relay will keep using the same key. If you need to pick a new
2579 2604
     DataDirectory, be sure to copy your old
2580 2605
     keys/ed25519_master_id_secret_key and keys/secret_id_key over.
... ...
@@ -2615,7 +2640,7 @@ don't want to deal with abuse issues.</a></h3>
2615 2640
     and confirms that the medium term signing key is valid for a certain
2616 2641
     period of time. The default validity is 30 days, but this can be
2617 2642
     customized by setting "SigningKeyLifetime N days|weeks|months" in
2618
-    torrc.</li>
2643
+    <a href="#torrc">torrc</a>.</li>
2619 2644
     <li>there is also a master public key named
2620 2645
     "ed25519_master_id_public_key, which is the actual identity of the relay
2621 2646
     advertised in the network. This one is not sensitive and can be easily
... ...
@@ -2681,7 +2706,7 @@ don't want to deal with abuse issues.</a></h3>
2681 2706
     <p>
2682 2707
     Optionally, you can specify additional options for the Tor service using
2683 2708
     the -options argument. For example, if you want Tor to use C:\tor\torrc,
2684
-    instead of the default torrc, and open a control port on port 9151, you
2709
+    instead of the default <a href="#torrc">torrc</a>, and open a control port on port 9151, you
2685 2710
     would run:
2686 2711
     </p>
2687 2712
 
... ...
@@ -3119,9 +3144,10 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor">Noisebridge</a>
3119 3144
     tool for configuring, controlling and running tests on a
3120 3145
     testing Tor network. It requires that you have Tor and Python (2.5 or
3121 3146
     later) installed on your system. You can use Chutney to create a testing
3122
-    network by generating Tor configuration files (torrc) and necssary keys
3123
-    (for the directory authorities). Then you can let Chutney start your Tor
3124
-    authorities, relays and clients and wait for the network to bootstrap.
3147
+    network by generating Tor configuration files (<a href="#torrc">torrc</a>)
3148
+    and necessary keys (for the directory authorities). Then you can let
3149
+    Chutney start your Tor authorities, relays and clients and wait for the
3150
+    network to bootstrap.
3125 3151
     Finally, you can have Chutney run tests on your network to see which
3126 3152
     things work and which do not. Chutney is typically used for running a
3127 3153
     testing network with about 10 instances of Tor. Every instance of Tor
... ...
@@ -3265,7 +3291,7 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor">Noisebridge</a>
3265 3291
     a series of proxies. Your communication is encrypted in multiple layers
3266 3292
     and routed via multiple hops through the Tor network to the final
3267 3293
     receiver. More details on this process can be found in the <a
3268
-    href="https://www.torproject.org/about/overview">Tor overview</a>.
3294
+    href="<page about/overview>">Tor overview</a>.
3269 3295
     Note that all your local ISP can observe now is that you are
3270 3296
     communicating with Tor nodes. Similarly, servers in the Internet just
3271 3297
     see that they are being contacted by Tor nodes.
... ...
@@ -3371,7 +3397,7 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor">Noisebridge</a>
3371 3397
     identity leaks, Tor Browser also includes browser extensions like
3372 3398
     NoScript and Torbutton, as well as patches to the Firefox source
3373 3399
     code. The full design of Tor Browser can be read <a
3374
-    href="https://www.torproject.org/projects/torbrowser/design/">here</a>.
3400
+    href="/projects/torbrowser/design/index.html.en">here</a>.
3375 3401
     In designing a safe, secure solution for browsing the web with Tor,
3376 3402
     we've discovered that configuring <a href="#TBBOtherBrowser">other
3377 3403
     browsers</a> to use Tor is unsafe.
... ...
@@ -3386,7 +3412,7 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor">Noisebridge</a>
3386 3412
 
3387 3413
     <p>
3388 3414
     Tor is a work in progress. There is still <a
3389
-    href="https://www.torproject.org/getinvolved/volunteer">plenty of work
3415
+    href="<page getinvolved/volunteer>">plenty of work
3390 3416
     left to do</a> for a strong, secure, and complete solution.
3391 3417
     </p>
3392 3418
 
... ...
@@ -3649,7 +3675,7 @@ href="https://www.noisebridge.net/wiki/Noisebridge_Tor">Noisebridge</a>
3649 3675
     anonymity solution</a>.</b>
3650 3676
     If you're looking for a trusted entry into the Tor network, or if you want
3651 3677
     to obscure the fact that you're using Tor,
3652
-    <a href="https://www.torproject.org/docs/bridges#RunningABridge">setting up
3678
+    <a href="<page docs/bridges>#RunningABridge">setting up
3653 3679
     a private server as a bridge</a> works quite well.
3654 3680
     </p>
3655 3681
 
... ...
@@ -3796,7 +3822,7 @@ Perhaps even run separate Tor clients for these applications.
3796 3822
     First, we need to make Tor stable as a relay on all common operating
3797 3823
     systems. The main remaining platform is Windows, and we're mostly there.
3798 3824
     See Section 4.1 of
3799
-    <a href="https://www.torproject.org/press/2008-12-19-roadmap-press-release">
3825
+    <a href="<page press/2008-12-19-roadmap-press-release>">
3800 3826
     our development roadmap</a>.
3801 3827
     </p>
3802 3828
 
... ...
@@ -4248,7 +4274,7 @@ Perhaps even run separate Tor clients for these applications.
4248 4274
 
4249 4275
    <p>
4250 4276
    Please read the
4251
-   <a href="https://www.torproject.org/eff/tor-legal-faq">legal FAQ written
4277
+   <a href="<page eff/tor-legal-faq>">legal FAQ written
4252 4278
    by EFF lawyers</a>. There's a growing
4253 4279
    <a href="https://blog.torproject.org/blog/start-tor-legal-support-directory">
4254 4280
    legal directory</a> of people who may be able to help you.