Made heading in articles into links.

This commit is contained in:
Alexander Andreev 2021-02-10 19:56:44 +04:00
parent 3f503c7a86
commit 3b54438e04
Signed by: Arav
GPG Key ID: 610DF2574456329F
5 changed files with 45 additions and 40 deletions

View File

@ -15,6 +15,12 @@ h4 {
text-indent: 1.5rem; text-indent: 1.5rem;
margin: 1rem 0 1rem 0; } margin: 1rem 0 1rem 0; }
h3 a,
h4 a { color: var(--text-color); }
h3 a:hover,
h4 a:hover { color: var(--primary-color); }
code, code,
pre { pre {
font-family: 'Share Tech Mono'; font-family: 'Share Tech Mono';

View File

@ -13,10 +13,10 @@ block article
li #[a(href='#art-2') Userdir functionality like Apache's mod_userdir] li #[a(href='#art-2') Userdir functionality like Apache's mod_userdir]
li #[a(href='#art-3') Note on how NGiNX works with HTTP headers] li #[a(href='#art-3') Note on how NGiNX works with HTTP headers]
h3#art-1 1. Introduction h3#art-1 #[a(href='#art-1') 1. Introduction]
p Here I'll place recipes for implementing different functionalities and notes on webserver's behaviour. p Here I'll place recipes for implementing different functionalities and notes on webserver's behaviour.
h3#art-2 2. Userdir functionality like Apache's mod_userdir h3#art-2 #[a(href='#art-2') 2. Userdir functionality like Apache's mod_userdir]
p Once I wanted to have a “tilde user directories” like #[code /~user/] which is more known as Apache's #[code mod_userdir] feature. I work with NGiNX so regular expressions is the way to do that. p Once I wanted to have a “tilde user directories” like #[code /~user/] which is more known as Apache's #[code mod_userdir] feature. I work with NGiNX so regular expressions is the way to do that.
p Nothing special in my case. I only need to keep files there, so others may get them. Thing is simple, but I took some time to realise what regexp to use here back then. p Nothing special in my case. I only need to keep files there, so others may get them. Thing is simple, but I took some time to realise what regexp to use here back then.
p The implementation is quite simple: p The implementation is quite simple:
@ -28,6 +28,6 @@ block article
p Of course, you can choose whatever place for user's public directories. In my case you need to give a read and execute permissions to user's home directory and to public directories inside them to others (#[code chmod o=rX /home/user]), which may be a security concern. p Of course, you can choose whatever place for user's public directories. In my case you need to give a read and execute permissions to user's home directory and to public directories inside them to others (#[code chmod o=rX /home/user]), which may be a security concern.
p #[code autoindex on] will make an index of files that lies by URL. And, of course, you can put there an #[code index.html] file. p #[code autoindex on] will make an index of files that lies by URL. And, of course, you can put there an #[code index.html] file.
h3#art-3 3. Note on how NGiNX works with HTTP headers h3#art-3 #[a(href='#art-3') 3. Note on how NGiNX works with HTTP headers]
p Let's say in #[code http] block you specified common headers like #[code X-Frame-Options], #[code X-XSS-Protection], and so on for all #[code server] directives to use. But, if you add some other header for a specific #[code server] or #[code location] block then all those headers would be dropped. p Let's say in #[code http] block you specified common headers like #[code X-Frame-Options], #[code X-XSS-Protection], and so on for all #[code server] directives to use. But, if you add some other header for a specific #[code server] or #[code location] block then all those headers would be dropped.
p For now the only cure for it is to place all that headers in a separate file like #[code common-headers.inc] and using #[code include] directive to include them in all the #[code server] and #[code location] blocks where additional headers are added. p For now the only cure for it is to place all that headers in a separate file like #[code common-headers.inc] and using #[code include] directive to include them in all the #[code server] and #[code location] blocks where additional headers are added.

View File

@ -15,14 +15,14 @@ block article
li #[a(href='#art-2-1') If you're doing a fresh install] li #[a(href='#art-2-1') If you're doing a fresh install]
li #[a(href='#art-3') cmdline.txt] li #[a(href='#art-3') cmdline.txt]
h3#art-1 1. Introduction h3#art-1 #[a(href='#art-1') 1. Introduction]
p Raspberry Pi is known for how it wears off the SD cards. Thankfully you can move the root off the SD card to an external drive and leave there just a boot partition. I'm gonna use a #[s SystemD]GNU/Linux distribution for that. p Raspberry Pi is known for how it wears off the SD cards. Thankfully you can move the root off the SD card to an external drive and leave there just a boot partition. I'm gonna use a #[s SystemD]GNU/Linux distribution for that.
h3#art-2 2. Moving / to an external drive h3#art-2 #[a(href='#art-2') 2. Moving / to an external drive]
p I assume that you have your drive partitioned already. Create the temporary directories for a SD card's boot and root partitions and for a drive. Mount the partitions and issue a command #[code cp -a path/to/sdcard/root/* path/to/drive]. #[code -a] stands for archive. Which recursively copies everything preserving all the attributes and links. p I assume that you have your drive partitioned already. Create the temporary directories for a SD card's boot and root partitions and for a drive. Mount the partitions and issue a command #[code cp -a path/to/sdcard/root/* path/to/drive]. #[code -a] stands for archive. Which recursively copies everything preserving all the attributes and links.
h3#art-2-1 2.1. If you're doing a fresh install h3#art-2-1 #[a(href='#art-2-1') 2.1. If you're doing a fresh install]
p Then you just install it right on a drive. And then move files from #[code /boot] to a SD card's boot partition. Like that: #[code mv path/to/boot/* path/to/sdcard]. Keep in mind that the boot partition should be formatted in FAT32. p Then you just install it right on a drive. And then move files from #[code /boot] to a SD card's boot partition. Like that: #[code mv path/to/boot/* path/to/sdcard]. Keep in mind that the boot partition should be formatted in FAT32.
h3#art-3 3. cmdline.txt h3#art-3 3. #[a(href='#art-3') cmdline.txt]
p In a #[code cmdline.txt.] file we need to change #[code root=] part. Now it'll look like #[code root=/dev/mmcblk0p2 rw rootwait], and we need to put our drive's root partition instead of that, e.g. #[code root=/dev/sda1 rw rootwait]. p In a #[code cmdline.txt.] file we need to change #[code root=] part. Now it'll look like #[code root=/dev/mmcblk0p2 rw rootwait], and we need to put our drive's root partition instead of that, e.g. #[code root=/dev/sda1 rw rootwait].

View File

@ -36,19 +36,19 @@ block article
li #[a(href='#art-8-5') DKIM] li #[a(href='#art-8-5') DKIM]
li #[a(href='#art-9') Setting up a ClamAV antivirus] li #[a(href='#art-9') Setting up a ClamAV antivirus]
h3#art-1 1. Introduction h3#art-1 #[a(href='#art-1') 1. Introduction]
p I use Postfix as a SMTP and Dovecot (with Pigeonhole (Sieve)) as an IMAP server. ClamAV for an antivirus. For anti-spam I use SpamAssassin. For DKIM and DMARC — OpenDKIM and OpenDMARC respectively. I could use rspamd instead of the latter three, but it doesn't work on Raspberry Pi. p I use Postfix as a SMTP and Dovecot (with Pigeonhole (Sieve)) as an IMAP server. ClamAV for an antivirus. For anti-spam I use SpamAssassin. For DKIM and DMARC — OpenDKIM and OpenDMARC respectively. I could use rspamd instead of the latter three, but it doesn't work on Raspberry Pi.
p It is vital to make the DKIM, DMARC and SPF DNS records. Also, if you want your mail server to be trusted by every other mail servers then you should get a static IP-address if you don't yet. And you have to ask your ISP to edit PTR DNS record for your static IP-address to point to your domain. p It is vital to make the DKIM, DMARC and SPF DNS records. Also, if you want your mail server to be trusted by every other mail servers then you should get a static IP-address if you don't yet. And you have to ask your ISP to edit PTR DNS record for your static IP-address to point to your domain.
p Unfortunately for me I don't have neither, and I'm afraid that even if I get the static IP-address, my ISP won't edit PTR record, because that's available only for bussiness customers. p Unfortunately for me I don't have neither, and I'm afraid that even if I get the static IP-address, my ISP won't edit PTR record, because that's available only for bussiness customers.
p Server is configured in a simple way using PAM (real system users) with user's passwords and with mail stored in ~/Maildir. p Server is configured in a simple way using PAM (real system users) with user's passwords and with mail stored in ~/Maildir.
h3#art-2 2. Installing h3#art-2 #[a(href='#art-2') 2. Installing]
p You need to install following packages: #[code postfix], #[code dovecot], #[code pidgeonhole] (or could be #[code dovecot-sieve]), #[code clamav], #[code opendkim], #[code opendmarc] and #[code spamassassin]. p You need to install following packages: #[code postfix], #[code dovecot], #[code pidgeonhole] (or could be #[code dovecot-sieve]), #[code clamav], #[code opendkim], #[code opendmarc] and #[code spamassassin].
h3#art-3 3. Postfix SMTP server h3#art-3 #[a(href='#art-3') 3. Postfix SMTP server]
p Its configuration files are in directory #[code /etc/postfix]. First we need to work with #[code main.cf] file. Then configure services in #[code master.cf]. Also I'll show you how to make aliases for users. p Its configuration files are in directory #[code /etc/postfix]. First we need to work with #[code main.cf] file. Then configure services in #[code master.cf]. Also I'll show you how to make aliases for users.
h4#art-3-1 3.1. main.cf h4#art-3-1 #[a(href='#art-3-1') 3.1. main.cf]
p Set #[code myhostname] to a hostname of a server (e.g. #[code mail.example.org]). Set #[code mydomain] to your domain name (e.g. #[code example.org]). Set #[code myorigin] to #[code $mydomain] to set origin of mail being sent from your server. p Set #[code myhostname] to a hostname of a server (e.g. #[code mail.example.org]). Set #[code mydomain] to your domain name (e.g. #[code example.org]). Set #[code myorigin] to #[code $mydomain] to set origin of mail being sent from your server.
p #[code mydestination] is a list of domains that are delivered through a local transport. If server should go outside then this parameter must include #[code $mydomain] alongside names for the local machine. E.g. #[code $myhostname, localhost, $mydomain, mail.$mydomain]. p #[code mydestination] is a list of domains that are delivered through a local transport. If server should go outside then this parameter must include #[code $mydomain] alongside names for the local machine. E.g. #[code $myhostname, localhost, $mydomain, mail.$mydomain].
p #[code local_recipient_maps] are lookup tables with all names and/or addresses of local recipients. In my case it set to #[code unix:passwd.byname $alias_maps]. p #[code local_recipient_maps] are lookup tables with all names and/or addresses of local recipients. In my case it set to #[code unix:passwd.byname $alias_maps].
@ -86,7 +86,7 @@ block article
| inet_protocols = ipv4 | inet_protocols = ipv4
p Next I'll cover how to make encryption working, set up milters (mail filters (i.e. OpenDKIM and OpenDMARC)), and restrictions. p Next I'll cover how to make encryption working, set up milters (mail filters (i.e. OpenDKIM and OpenDMARC)), and restrictions.
h4#art-3-2 3.2. master.cf h4#art-3-2 #[a(href='#art-3-2') 3.2. master.cf]
p Here are all needed lines to be added or modified: p Here are all needed lines to be added or modified:
pre pre
| smtp inet n - n - - smtpd | smtp inet n - n - - smtpd
@ -106,21 +106,20 @@ block article
| user=spamd argv=/bin/vendor_perl/spamc | user=spamd argv=/bin/vendor_perl/spamc
| -e /sbin/sendmail -oi -f ${sender} ${recipient} | -e /sbin/sendmail -oi -f ${sender} ${recipient}
h4#art-3-3 3.3. User aliases h4#art-3-3 #[a(href='#art-3-3') 3.3. User aliases]
p User aliases are in #[code aliases] file. They has a form "#[code <alias>: <username>]", e.g. #[code me: arav]. Where #[code username] may be other alias. After modifications you need to run #[code newaliases] program to update #[code aliases.db] database file. p User aliases are in #[code aliases] file. They has a form "#[code <alias>: <username>]", e.g. #[code me: arav]. Where #[code username] may be other alias. After modifications you need to run #[code newaliases] program to update #[code aliases.db] database file.
h4#art-3-4 3.4. Starting Postfix h4#art-3-4 #[a(href='#art-3-4') 3.4. Starting Postfix]
p To start a Postfix service on systemd-based Linux distro run #[code systemctl start postfix]. To make Postfix run on every boot run #[code systemctl enable postfix]. p To start a Postfix service on systemd-based Linux distro run #[code systemctl start postfix]. To make Postfix run on every boot run #[code systemctl enable postfix].
h3#art-4 #[a(href='#art-4') 4. Dovecot POP3/IMAP server with Sieve mail filter]
h3#art-4 4. Dovecot POP3/IMAP server with Sieve mail filter h3#art-5 #[a(href='#art-5') 5. SpamAssassin spam filter]
h3#art-5 5. SpamAssassin spam filter h3#art-6 #[a(href='#art-6') 6. OpenDKIM signing and verifying filter]
h3#art-6 6. OpenDKIM signing and verifying filter
p On ArchLinux OpenDKIM is unable to write in #[code /run], so I created #[code /var/spool/opendkim] directory for it. p On ArchLinux OpenDKIM is unable to write in #[code /run], so I created #[code /var/spool/opendkim] directory for it.
h4#art-6-1 6.1. opendkim.conf h4#art-6-1 #[a(href='#art-6-1') 6.1. opendkim.conf]
p Well, that's main config file p Well, that's main config file
pre pre
| KeyTable refile:/etc/opendkim/keytable | KeyTable refile:/etc/opendkim/keytable
@ -152,7 +151,7 @@ block article
p Below are logging options that tells to write in syslog. p Below are logging options that tells to write in syslog.
p With #[code SoftwareHeader] set to yes OpenDKIM will be always adding "DKIM-Filter" header field. p With #[code SoftwareHeader] set to yes OpenDKIM will be always adding "DKIM-Filter" header field.
h4#art-6-2 6.2. Generating keys h4#art-6-2 #[a(href='#art-6-2') 6.2. Generating keys]
pre pre
| opendkim-genkey -r -s myselector -b 2048 -d example.com | opendkim-genkey -r -s myselector -b 2048 -d example.com
p This command will generate a key pair stored in files "myselector.private" and "myselector.txt" for a given domain. p This command will generate a key pair stored in files "myselector.private" and "myselector.txt" for a given domain.
@ -160,7 +159,7 @@ block article
p Name of a selector is usually a #[code mail], but that's just what I use, you can choose whatever you want. p Name of a selector is usually a #[code mail], but that's just what I use, you can choose whatever you want.
h4#art-6-3 6.3. Populating KeyTable and SigningTable h4#art-6-3 #[a(href='#art-6-3') 6.3. Populating KeyTable and SigningTable]
p KeyTable has following structure (a line per domain): p KeyTable has following structure (a line per domain):
pre pre
| myselector._domainkey.example.com example.com:myselector:/etc/opendkim/myselector.private | myselector._domainkey.example.com example.com:myselector:/etc/opendkim/myselector.private
@ -168,7 +167,7 @@ block article
pre pre
| *@example.com myselector._domainkey.example.com | *@example.com myselector._domainkey.example.com
h4#art-6-4 6.4. internal-hosts file h4#art-6-4 #[a(href='#art-6-4') 6.4. internal-hosts file]
p As stated above in this file we put hosts whose mail should be signed rather than verified. And its structure is the following: p As stated above in this file we put hosts whose mail should be signed rather than verified. And its structure is the following:
pre pre
| 127.0.0.1 | 127.0.0.1
@ -176,10 +175,10 @@ block article
p #[code 127.0.0.1] is necessary to be there according to a manual. p #[code 127.0.0.1] is necessary to be there according to a manual.
h4#art-6-5 6.5. Starting OpenDKIM h4#art-6-5 #[a(href='#art-6-5') 6.5. Starting OpenDKIM]
p #[code systemctl start opendkim] and #[code systemctl enable opendkim] to start and enable OpenDKIM service to run on OS start up if you got Poetteringed just like me. :) p #[code systemctl start opendkim] and #[code systemctl enable opendkim] to start and enable OpenDKIM service to run on OS start up if you got Poetteringed just like me. :)
h3#art-7 7. OpenDMARC email policy filter h3#art-7 #[a(href='#art-7') 7. OpenDMARC email policy filter]
p Its configuration lies in #[code /etc/opendmarc/opendmarc.conf] and is fully documented. Here are the options I changed: p Its configuration lies in #[code /etc/opendmarc/opendmarc.conf] and is fully documented. Here are the options I changed:
pre pre
| AuthservID OpenDMARC | AuthservID OpenDMARC
@ -198,9 +197,9 @@ block article
p What's in a #[code Socket] option should be added to Postfix's #[code smtpd_milters] and #[code non_smtpd_milters]. p What's in a #[code Socket] option should be added to Postfix's #[code smtpd_milters] and #[code non_smtpd_milters].
p Creating DMARC DNS record covered in <a href="#art-7-4">7.4</a>. p Creating DMARC DNS record covered in <a href="#art-7-4">7.4</a>.
h3#art-8 8. DNS records h3#art-8 #[a(href='#art-8') 8. DNS records]
h4#art-8-1 8.1. MX and A/AAAA h4#art-8-1 #[a(href='#art-8-1') 8.1. MX and A/AAAA]
p It's good to have a dedicated A (IPv4 address) or AAAA (IPv6 address) record for a mail server's hostname instead of a CNAME record so other servers won't need to do two DNS requests. Hostname is usually mail.example.org if there's just one server, you can call it whatever you want. Remind you that we set it in Postfix in #[code myhostname] parameter. p It's good to have a dedicated A (IPv4 address) or AAAA (IPv6 address) record for a mail server's hostname instead of a CNAME record so other servers won't need to do two DNS requests. Hostname is usually mail.example.org if there's just one server, you can call it whatever you want. Remind you that we set it in Postfix in #[code myhostname] parameter.
p And A record looks like this: p And A record looks like this:
pre pre
@ -212,20 +211,20 @@ block article
p Here 10 is a priority of a record. The lower a number the higher a priority. p Here 10 is a priority of a record. The lower a number the higher a priority.
p A period at the end of the hostnames is necessary in DNS records. p A period at the end of the hostnames is necessary in DNS records.
h4#art-8-2 8.2. PTR h4#art-8-2 #[a(href='#art-8-2') 8.2. PTR]
p PTR is a reverse DNS record that stands for pointer and is used to &ldquo;bind&rdquo; a hostname to IP-address. Mail servers looks for this record and check so this name equals to a hostname provided in EHLO. Most servers will reject your mail if your PTR looks something like 1.2.3.4.pppoe.someisp.net or not set at all. p PTR is a reverse DNS record that stands for pointer and is used to &ldquo;bind&rdquo; a hostname to IP-address. Mail servers looks for this record and check so this name equals to a hostname provided in EHLO. Most servers will reject your mail if your PTR looks something like 1.2.3.4.pppoe.someisp.net or not set at all.
p There are three ways to set this record: ask your hosting or internet-provider, or get your own Autonomous System (:^)). p There are three ways to set this record: ask your hosting or internet-provider, or get your own Autonomous System (:^)).
p Example of this record: p Example of this record:
pre pre
| 1 IN PTR mail.example.org. | 1 IN PTR mail.example.org.
h4#art-8-3 8.3. SPF h4#art-8-3 #[a(href='#art-8-3') 8.3. SPF]
p SPF stands for Sender Policy Framework and in my case it looks exactly like this: p SPF stands for Sender Policy Framework and in my case it looks exactly like this:
pre pre
| v=spf1 +a +mx -all | v=spf1 +a +mx -all
p So, #[code v] is a version of a protocol. #[code +a +mx] means that only servers specified in the A and MX DNS records could send email, and #[code -all] that no one else could do that. p So, #[code v] is a version of a protocol. #[code +a +mx] means that only servers specified in the A and MX DNS records could send email, and #[code -all] that no one else could do that.
h4#art-8-4 8.4. DMARC h4#art-8-4 #[a(href='#art-8-4') 8.4. DMARC]
p DMARC stands for Domain-based Message Authentication Reporting and Conformance. And its DNS record could be like this one that I use: p DMARC stands for Domain-based Message Authentication Reporting and Conformance. And its DNS record could be like this one that I use:
pre pre
| _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:admin@example.org; ruf=mailto:admin@example.org" | _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:admin@example.org; ruf=mailto:admin@example.org"
@ -233,14 +232,14 @@ block article
p #[code p] is a default policy that could be set to #[code none], #[code quarantine] and #[code reject]. I chose to #[code reject] mail that comes from &laquo;me&rdquo; if there's something wrong with a origin of a message. If you could get email from subdomains then you need to set #[code sp] as well. p #[code p] is a default policy that could be set to #[code none], #[code quarantine] and #[code reject]. I chose to #[code reject] mail that comes from &laquo;me&rdquo; if there's something wrong with a origin of a message. If you could get email from subdomains then you need to set #[code sp] as well.
p #[code rua] is an address for the reports and #[code ruf] is for the forensic reports. p #[code rua] is an address for the reports and #[code ruf] is for the forensic reports.
h4#art-8-5 8.5. DKIM h4#art-8-5 #[a(href='#art-8-5') 8.5. DKIM]
p In 5.2 we generated a key pair for our domain and now we'll take what's inside a #[code myselector.txt] file and add it to our DNS. p In 5.2 we generated a key pair for our domain and now we'll take what's inside a #[code myselector.txt] file and add it to our DNS.
p DKIM DNS record looks like this: p DKIM DNS record looks like this:
pre pre
| myselector._domainkey IN TXT ( "v=DKIMv1; k=rsa; s=email; p=&lt;public key goes here&gt;" ) | myselector._domainkey IN TXT ( "v=DKIMv1; k=rsa; s=email; p=&lt;public key goes here&gt;" )
p By the way, brackets are used in case a content of a record doesn't fit on one line. p By the way, brackets are used in case a content of a record doesn't fit on one line.
h3#art-9 9. Setting up a ClamAV antivirus h3#art-9 #[a(href='#art-9') 9. Setting up a ClamAV antivirus]
p All you need to make it work together with Postfix is to add #[code /run/clamav/milter.sock] to #[code smtpd_milters] and #[code non_smtpd_milters] options in Postfix, also make some changes in configs of ClamAV. p All you need to make it work together with Postfix is to add #[code /run/clamav/milter.sock] to #[code smtpd_milters] and #[code non_smtpd_milters] options in Postfix, also make some changes in configs of ClamAV.
p In #[code clamav-milter.conf] you need the following: p In #[code clamav-milter.conf] you need the following:
pre pre

View File

@ -21,18 +21,18 @@ block article
li #[a(href='#art-4-1') Nyx &mdash; status monitor for Tor nodes] li #[a(href='#art-4-1') Nyx &mdash; status monitor for Tor nodes]
li #[a(href='#art-4-2') Notes] li #[a(href='#art-4-2') Notes]
h3#art-1 1. Introduction h3#art-1 #[a(href='#art-1') 1. Introduction]
p In this article I'll show you how to setup your own Tor proxy (SOCKS5 and HTTP), relay, and hidden service. p In this article I'll show you how to setup your own Tor proxy (SOCKS5 and HTTP), relay, and hidden service.
h3#art-2 2. Installation h3#art-2 #[a(href='#art-2') 2. Installation]
p Install #[code tor] package using your package manager. p Install #[code tor] package using your package manager.
p You definitely want to have control over your node and monitor it. For that purpose there is #[code nyx] tool. I'll cover it in 3.1 section. p You definitely want to have control over your node and monitor it. For that purpose there is #[code nyx] tool. I'll cover it in 3.1 section.
p Any program can be passed through Tor using #[code torify] from #[code torsocks] package. p Any program can be passed through Tor using #[code torify] from #[code torsocks] package.
h3#art-3 3. Configuration h3#art-3 #[a(href='#art-3') 3. Configuration]
p Tor is already bundled with a great documented #[code torrc-dist] file. You may just copy a #[code torrc-dist] file and name it as #[code torrc] and change what you need. p Tor is already bundled with a great documented #[code torrc-dist] file. You may just copy a #[code torrc-dist] file and name it as #[code torrc] and change what you need.
h4#art-3-1 3.1. Tor SOCKS/HTTP proxy h4#art-3-1 #[a(href='#art-3-1') 3.1. Tor SOCKS/HTTP proxy]
p Here is an example of SOCKS/HTTP proxy settings: p Here is an example of SOCKS/HTTP proxy settings:
pre pre
| SocksPort 192.168.0.100:9050, [ipv6 address]:9050 | SocksPort 192.168.0.100:9050, [ipv6 address]:9050
@ -53,7 +53,7 @@ block article
p #[code HTTPTunnelPort] enables HTTP proxy, set it to desireable IP:Port. p #[code HTTPTunnelPort] enables HTTP proxy, set it to desireable IP:Port.
p There are also #[code ExcludeNodes] and #[code ExcludeExitNodes] options that are the comma separated lists of forbidden nodes. There may be placed country codes, address patterns and identity fingerprints of nodes to never use in circuits. They are looking like #[code {ru}, {??}, 123.45.*]. I recommend to leave there at least #[code {??}] to forbid misconfigured nodes or nodes of an unknown origin, especially for exit nodes. p There are also #[code ExcludeNodes] and #[code ExcludeExitNodes] options that are the comma separated lists of forbidden nodes. There may be placed country codes, address patterns and identity fingerprints of nodes to never use in circuits. They are looking like #[code {ru}, {??}, 123.45.*]. I recommend to leave there at least #[code {??}] to forbid misconfigured nodes or nodes of an unknown origin, especially for exit nodes.
h4#art-3-2 3.2. Tor relay h4#art-3-2 #[a(href='#art-3-2') 3.2. Tor relay]
p Here is an example of relay settings. p Here is an example of relay settings.
pre pre
| ORPort 8443, [::]:8443 | ORPort 8443, [::]:8443
@ -80,7 +80,7 @@ block article
p Add #[code ExitPolicy reject *:*] to disable exit node if you don't need it. I found out that setting #[code ExitRelay] to 0 doesn't disable an exit node, so you must add rejecting policy. p Add #[code ExitPolicy reject *:*] to disable exit node if you don't need it. I found out that setting #[code ExitRelay] to 0 doesn't disable an exit node, so you must add rejecting policy.
p #[code AccountingMax] and #[code AccountingStart] are used to limit traffic for given period. p #[code AccountingMax] and #[code AccountingStart] are used to limit traffic for given period.
h4#art-3-3 3.3. Hidden service h4#art-3-3 #[a(href='#art-3-3') 3.3. Hidden service]
p There are two mandatory options to work with: #[code HiddenServiceDir] and #[code HiddenServicePort]. p There are two mandatory options to work with: #[code HiddenServiceDir] and #[code HiddenServicePort].
p Of course, there are many other options, e.g. client authentication. But in simple case all you need are those two options above. p Of course, there are many other options, e.g. client authentication. But in simple case all you need are those two options above.
p Every hidden service starts with #[code HiddenServiceDir &lt;path&gt;] directory that contains public and secret keys, hostname for a hidden service and a directory called #[code authorized_clients] that stores info on all clients that are authorized to access this hidden service. p Every hidden service starts with #[code HiddenServiceDir &lt;path&gt;] directory that contains public and secret keys, hostname for a hidden service and a directory called #[code authorized_clients] that stores info on all clients that are authorized to access this hidden service.
@ -92,9 +92,9 @@ block article
| HiddenServicePort 80 localhost:8201 | HiddenServicePort 80 localhost:8201
| HiddenServicePort 25 192.168.1.160:25 | HiddenServicePort 25 192.168.1.160:25
h3#art-4 4. Miscellaneous h3#art-4 #[a(href='#art-4') 4. Miscellaneous]
h4#art-4-1 4.1. Nyx &mdash; status monitor for Tor nodes h4#art-4-1 #[a(href='#art-4-1') 4.1. Nyx &mdash; status monitor for Tor nodes]
p You have to set #[code ControlPort] option to desired port, it will listen on localhost. If you need access from outside then set it to IP:9051. Also, you need to set #[code DisableDebuggerAttachment] option to 0, otherwise you'll not be able to use nyx. At least in my case nyx cannot connect with this option being set to 1. p You have to set #[code ControlPort] option to desired port, it will listen on localhost. If you need access from outside then set it to IP:9051. Also, you need to set #[code DisableDebuggerAttachment] option to 0, otherwise you'll not be able to use nyx. At least in my case nyx cannot connect with this option being set to 1.
p Example: p Example:
pre pre
@ -102,7 +102,7 @@ block article
| DisableDebuggerAttachment 0 | DisableDebuggerAttachment 0
p You may install it using package manager, but guaranteed last version can be installed from Python's #[code pip] package manager (#[code pip install nyx]). p You may install it using package manager, but guaranteed last version can be installed from Python's #[code pip] package manager (#[code pip install nyx]).
h4#art-4-2 4.2. Notes h4#art-4-2 #[a(href='#art-4-2') 4.2. Notes]
p I hope you have a static IP-address or your IP changes once a month at least, otherwise you'll never become a guard (entry) node. p I hope you have a static IP-address or your IP changes once a month at least, otherwise you'll never become a guard (entry) node.
p An option #[code AvoidDiskWrites] is usefull in case you're running from SSD or SD card. p An option #[code AvoidDiskWrites] is usefull in case you're running from SSD or SD card.
p You have to make a backup of #[code /var/lib/tor/keys] folder to save your node's cryptographic identity keys. They are used to identify your node. You can see stats on your node at #[a(href="https://metrics.torproject.org" rel="noopener noreferrer" target="_blank") metrics.torproject.org]. To find your node use what you put in #[code Nickname] parameter or a fingerprint that is shown in nyx. p You have to make a backup of #[code /var/lib/tor/keys] folder to save your node's cryptographic identity keys. They are used to identify your node. You can see stats on your node at #[a(href="https://metrics.torproject.org" rel="noopener noreferrer" target="_blank") metrics.torproject.org]. To find your node use what you put in #[code Nickname] parameter or a fingerprint that is shown in nyx.