forked from fphammerle/docker-tor-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtorrc.template
50 lines (43 loc) · 2.24 KB
/
torrc.template
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# https://www.torproject.org/docs/tor-manual.html.en
# hide healthchecks:
# > [notice] {CONTROL} New control connection opened from 127.0.0.1.
Log [~control]notice warn stdout
LogMessageDomains 1
# default: ~/.tor
DataDirectory /var/lib/tor
# https://gitweb.torproject.org/torspec.git/tree/control-spec.txt
ControlPort localhost:9051
DNSPort 0.0.0.0:9053
# IsolateClientAddr & IsolateSOCKSAuth enabled by default
# https://web.archive.org/web/20230113155700/https://gitweb.torproject.org/tor.git/tree/doc/man/tor.1.txt?h=tor-0.4.7.13&id=7c1601fb6edd780ffef386936217ede9531c26e6#n1483
SocksPort 0.0.0.0:9050 IsolateClientAddr IsolateSOCKSAuth
# > reject application connections [...] that only provide an IP address [...]
# > not doing remote DNS
# with `SafeSocks 1`:
# $ for p in socks4 socks4a socks5 socks5h; do \
# echo -n "$p: ";
# curl -o /dev/null --no-progress-meter -x $p://127.0.0.1:9050 https://ipinfo.tw
# && echo success;
# done
# > socks4: curl: (97) Can't complete SOCKS4 connection to 0.0.0.0:0. (91), request rejected or failed.
# > socks4a: success
# > socks5: curl: (97) Can't complete SOCKS5 connection to ipinfo.tw. (2)
# > socks5h: success
# log:
# > [warn] {APP} Your application (using socks4 to port 443) is giving Tor only
# . an IP address. Applications that do DNS resolves themselves may leak
# . information. Consider using Socks4A [...]
# > [warn] {APP} Your application (using socks5 to port 443) is giving Tor [...]
SafeSocks {safe_socks}
SocksTimeout {socks_timeout_seconds}
# requires netfilter rules
# socks5 with auth-based circuit isolation (tor browser, torsocks --isolate) should be preferred
# cave: IsolateDestAddr & IsolateDestPort are not enabled
# https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TransparentProxy
# https://github.com/epidemics-scepticism/writing/blob/b6733379d653b30771d578ace04c262600345122/misconception.md#transparent-proxying-lacks-context
# https://lists.torproject.org/pipermail/tor-talk/2014-March/032507.html
# https://gitweb.torproject.org/tor.git/tree/src/or/connection_edge.c?id=6285d9bdcf7f210c56abd25f75133e30d05a7473#n1423
# https://github.com/mitmproxy/mitmproxy/blob/v6.0.2/mitmproxy/platform/linux.py#L27
TransPort 0.0.0.0:9040 IsolateClientAddr IsolateClientProtocol
# try to
HardwareAccel 1