mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-09-20 21:16:22 +02:00
Make it an explicit step to allow connections to your local
resources from your tor server. svn:r6017
This commit is contained in:
parent
c7f2970777
commit
e7824c3e01
@ -195,7 +195,7 @@ try to determine whether the ports you configured are reachable from
|
||||
the outside. This may take up to 20 minutes. Look for a log entry like
|
||||
<tt>Self-testing indicates your ORPort is reachable from the outside. Excellent.</tt>
|
||||
If you don't see this message, it means that your server is not reachable
|
||||
from the outside -- you should re-check your firewalls, check that it's
|
||||
from the outside — you should re-check your firewalls, check that it's
|
||||
testing the IP and port you think it should be testing, etc.
|
||||
</p>
|
||||
|
||||
@ -228,7 +228,7 @@ include the following information in the message:
|
||||
<ul>
|
||||
<li>Your server's nickname</li>
|
||||
<li>The fingerprint for your server's key (the contents of the
|
||||
"fingerprint" file in your DataDirectory -- on Windows, look in
|
||||
"fingerprint" file in your DataDirectory — on Windows, look in
|
||||
\<i>username</i>\Application Data\tor\ or \Application Data\tor\;
|
||||
on OS X, look in /Library/Tor/var/lib/tor/; and on Linux/BSD/Unix,
|
||||
look in /var/lib/tor or ~/.tor)
|
||||
@ -289,7 +289,18 @@ ports are 22, 110, and 143.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
10. (Unix only). Make a separate user to run the server. If you
|
||||
10. If your Tor server provides other services on the same IP address
|
||||
— such as a public webserver — make sure that connections to the
|
||||
webserver are allowed from the local host too. You need to allow these
|
||||
connections because Tor clients will detect that your Tor server is the <a
|
||||
href="http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers">safest
|
||||
way to reach that webserver</a>, and always build a circuit that ends
|
||||
at your server. If you don't want to allow the connections, you must
|
||||
explicitly reject them in your exit policy.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
11. (Unix only). Make a separate user to run the server. If you
|
||||
installed the OS X package or the deb or the rpm, this is already
|
||||
done. Otherwise, you can do it by hand. (The Tor server doesn't need to
|
||||
be run as root, so it's good practice to not run it as root. Running
|
||||
@ -300,7 +311,7 @@ into a chroot jail</a>.)
|
||||
</p>
|
||||
|
||||
<p>
|
||||
11. (Unix only.) Your operating system probably limits the number
|
||||
12. (Unix only.) Your operating system probably limits the number
|
||||
of open file descriptors per process to 1024 (or even less). If you
|
||||
plan to be running a fast exit node, this is probably not enough. On
|
||||
Linux, you should add a line like "toruser hard nofile 8192" to your
|
||||
@ -313,7 +324,7 @@ you launch Tor.
|
||||
</p>
|
||||
|
||||
<p>
|
||||
12. If you installed Tor via some package or installer, it probably starts
|
||||
13. If you installed Tor via some package or installer, it probably starts
|
||||
Tor for you automatically on boot. But if you installed from source,
|
||||
you may find the initscripts in contrib/tor.sh or contrib/torctl useful.
|
||||
</p>
|
||||
|
Loading…
Reference in New Issue
Block a user