github.com/BlockABC/godash@v0.0.0-20191112120524-f4aa3a32c566/docs/configuring_tor.md (about) 1 ### Table of Contents 2 1. [Overview](#Overview)<br /> 3 2. [Client-Only](#Client)<br /> 4 2.1 [Description](#ClientDescription)<br /> 5 2.2 [Command Line Example](#ClientCLIExample)<br /> 6 2.3 [Config File Example](#ClientConfigFileExample)<br /> 7 3. [Client-Server via Tor Hidden Service](#HiddenService)<br /> 8 3.1 [Description](#HiddenServiceDescription)<br /> 9 3.2 [Command Line Example](#HiddenServiceCLIExample)<br /> 10 3.3 [Config File Example](#HiddenServiceConfigFileExample)<br /> 11 4. [Bridge Mode (Not Anonymous)](#Bridge)<br /> 12 4.1 [Description](#BridgeDescription)<br /> 13 4.2 [Command Line Example](#BridgeCLIExample)<br /> 14 4.3 [Config File Example](#BridgeConfigFileExample)<br /> 15 5. [Tor Stream Isolation](#TorStreamIsolation)<br /> 16 5.1 [Description](#TorStreamIsolationDescription)<br /> 17 5.2 [Command Line Example](#TorStreamIsolationCLIExample)<br /> 18 5.3 [Config File Example](#TorStreamIsolationFileExample)<br /> 19 20 <a name="Overview" /> 21 ### 1. Overview 22 23 btcd provides full support for anonymous networking via the 24 [Tor Project](https://www.torproject.org/), including [client-only](#Client) 25 and [hidden service](#HiddenService) configurations along with 26 [stream isolation](#TorStreamIsolation). In addition, btcd supports a hybrid, 27 [bridge mode](#Bridge) which is not anonymous, but allows it to operate as a 28 bridge between regular nodes and hidden service nodes without routing the 29 regular connections through Tor. 30 31 While it is easier to only run as a client, it is more beneficial to the Bitcoin 32 network to run as both a client and a server so others may connect to you to as 33 you are connecting to them. We recommend you take the time to setup a Tor 34 hidden service for this reason. 35 36 <a name="Client" /> 37 ### 2. Client-Only 38 39 <a name="ClientDescription" /> 40 **2.1 Description**<br /> 41 42 Configuring btcd as a Tor client is straightforward. The first step is 43 obviously to install Tor and ensure it is working. Once that is done, all that 44 typically needs to be done is to specify the `--proxy` flag via the btcd command 45 line or in the btcd configuration file. Typically the Tor proxy address will be 46 127.0.0.1:9050 (if using standalone Tor) or 127.0.0.1:9150 (if using the Tor 47 Browser Bundle). If you have Tor configured to require a username and password, 48 you may specify them with the `--proxyuser` and `--proxypass` flags. 49 50 By default, btcd assumes the proxy specified with `--proxy` is a Tor proxy and 51 hence will send all traffic, including DNS resolution requests, via the 52 specified proxy. 53 54 NOTE: Specifying the `--proxy` flag disables listening by default since you will 55 not be reachable for inbound connections unless you also configure a Tor 56 [hidden service](#HiddenService). 57 58 <a name="ClientCLIExample" /> 59 **2.2 Command Line Example**<br /> 60 61 ```bash 62 $ ./btcd --proxy=127.0.0.1:9050 63 ``` 64 65 <a name="ClientConfigFileExample" /> 66 **2.3 Config File Example**<br /> 67 68 ```text 69 [Application Options] 70 71 proxy=127.0.0.1:9050 72 ``` 73 74 <a name="HiddenService" /> 75 ### 3. Client-Server via Tor Hidden Service 76 77 <a name="HiddenServiceDescription" /> 78 **3.1 Description**<br /> 79 80 The first step is to configure Tor to provide a hidden service. Documentation 81 for this can be found on the Tor project website 82 [here](https://www.torproject.org/docs/tor-hidden-service.html.en). However, 83 there is no need to install a web server locally as the linked instructions 84 discuss since btcd will act as the server. 85 86 In short, the instructions linked above entail modifying your `torrc` file to 87 add something similar to the following, restarting Tor, and opening the 88 `hostname` file in the `HiddenServiceDir` to obtain your hidden service .onion 89 address. 90 91 ```text 92 HiddenServiceDir /var/tor/btcd 93 HiddenServicePort 8333 127.0.0.1:8333 94 ``` 95 96 Once Tor is configured to provide the hidden service and you have obtained your 97 generated .onion address, configuring btcd as a Tor hidden service requires 98 three flags: 99 * `--proxy` to identify the Tor (SOCKS 5) proxy to use for outgoing traffic. 100 This is typically 127.0.0.1:9050. 101 * `--listen` to enable listening for inbound connections since `--proxy` 102 disables listening by default 103 * `--externalip` to set the .onion address that is advertised to other peers 104 105 <a name="HiddenServiceCLIExample" /> 106 **3.2 Command Line Example**<br /> 107 108 ```bash 109 $ ./btcd --proxy=127.0.0.1:9050 --listen=127.0.0.1 --externalip=fooanon.onion 110 ``` 111 112 <a name="HiddenServiceConfigFileExample" /> 113 **3.3 Config File Example**<br /> 114 115 ```text 116 [Application Options] 117 118 proxy=127.0.0.1:9050 119 listen=127.0.0.1 120 externalip=fooanon.onion 121 ``` 122 123 <a name="Bridge" /> 124 ### 4. Bridge Mode (Not Anonymous) 125 126 <a name="BridgeDescription" /> 127 **4.1 Description**<br /> 128 129 btcd provides support for operating as a bridge between regular nodes and hidden 130 service nodes. In particular this means only traffic which is directed to or 131 from a .onion address is sent through Tor while other traffic is sent normally. 132 _As a result, this mode is **NOT** anonymous._ 133 134 This mode works by specifying an onion-specific proxy, which is pointed at Tor, 135 by using the `--onion` flag via the btcd command line or in the btcd 136 configuration file. If you have Tor configured to require a username and 137 password, you may specify them with the `--onionuser` and `--onionpass` flags. 138 139 NOTE: This mode will also work in conjunction with a hidden service which means 140 you could accept inbound connections both via the normal network and to your 141 hidden service through the Tor network. To enable your hidden service in bridge 142 mode, you only need to specify your hidden service's .onion address via the 143 `--externalip` flag since traffic to and from .onion addresses are already 144 routed via Tor due to the `--onion` flag. 145 146 <a name="BridgeCLIExample" /> 147 **4.2 Command Line Example**<br /> 148 149 ```bash 150 $ ./btcd --onion=127.0.0.1:9050 --externalip=fooanon.onion 151 ``` 152 153 <a name="BridgeConfigFileExample" /> 154 **4.3 Config File Example**<br /> 155 156 ```text 157 [Application Options] 158 159 onion=127.0.0.1:9050 160 externalip=fooanon.onion 161 ``` 162 163 <a name="TorStreamIsolation" /> 164 ### 5. Tor Stream Isolation 165 166 <a name="TorStreamIsolationDescription" /> 167 **5.1 Description**<br /> 168 169 Tor stream isolation forces Tor to build a new circuit for each connection 170 making it harder to correlate connections. 171 172 btcd provides support for Tor stream isolation by using the `--torisolation` 173 flag. This option requires --proxy or --onionproxy to be set. 174 175 <a name="TorStreamIsolationCLIExample" /> 176 **5.2 Command Line Example**<br /> 177 178 ```bash 179 $ ./btcd --proxy=127.0.0.1:9050 --torisolation 180 ``` 181 182 <a name="TorStreamIsolationFileExample" /> 183 **5.3 Config File Example**<br /> 184 185 ```text 186 [Application Options] 187 188 proxy=127.0.0.1:9050 189 torisolation=1 190 ```