github.com/palcoin-project/palcd@v1.0.0/docs/configuring_tor.md (about) 1 # Configuring TOR 2 3 btcd provides full support for anonymous networking via the 4 [Tor Project](https://www.torproject.org/), including [client-only](#Client) 5 and [hidden service](#HiddenService) configurations along with 6 [stream isolation](#TorStreamIsolation). In addition, btcd supports a hybrid, 7 [bridge mode](#Bridge) which is not anonymous, but allows it to operate as a 8 bridge between regular nodes and hidden service nodes without routing the 9 regular connections through Tor. 10 11 While it is easier to only run as a client, it is more beneficial to the Bitcoin 12 network to run as both a client and a server so others may connect to you to as 13 you are connecting to them. We recommend you take the time to setup a Tor 14 hidden service for this reason. 15 16 ## Client-only 17 18 Configuring btcd as a Tor client is straightforward. The first step is 19 obviously to install Tor and ensure it is working. Once that is done, all that 20 typically needs to be done is to specify the `--proxy` flag via the btcd command 21 line or in the btcd configuration file. Typically the Tor proxy address will be 22 127.0.0.1:9050 (if using standalone Tor) or 127.0.0.1:9150 (if using the Tor 23 Browser Bundle). If you have Tor configured to require a username and password, 24 you may specify them with the `--proxyuser` and `--proxypass` flags. 25 26 By default, btcd assumes the proxy specified with `--proxy` is a Tor proxy and 27 hence will send all traffic, including DNS resolution requests, via the 28 specified proxy. 29 30 NOTE: Specifying the `--proxy` flag disables listening by default since you will 31 not be reachable for inbound connections unless you also configure a Tor 32 [hidden service](#HiddenService). 33 34 ### Command line example 35 36 ```bash 37 ./btcd --proxy=127.0.0.1:9050 38 ``` 39 40 ### Config file example 41 42 ```text 43 [Application Options] 44 45 proxy=127.0.0.1:9050 46 ``` 47 48 ## Client-server via Tor hidden service 49 50 The first step is to configure Tor to provide a hidden service. Documentation 51 for this can be found on the Tor project website 52 [here](https://www.torproject.org/docs/tor-hidden-service.html.en). However, 53 there is no need to install a web server locally as the linked instructions 54 discuss since btcd will act as the server. 55 56 In short, the instructions linked above entail modifying your `torrc` file to 57 add something similar to the following, restarting Tor, and opening the 58 `hostname` file in the `HiddenServiceDir` to obtain your hidden service .onion 59 address. 60 61 ```text 62 HiddenServiceDir /var/tor/btcd 63 HiddenServicePort 8333 127.0.0.1:8333 64 ``` 65 66 Once Tor is configured to provide the hidden service and you have obtained your 67 generated .onion address, configuring btcd as a Tor hidden service requires 68 three flags: 69 70 * `--proxy` to identify the Tor (SOCKS 5) proxy to use for outgoing traffic. 71 This is typically 127.0.0.1:9050. 72 * `--listen` to enable listening for inbound connections since `--proxy` 73 disables listening by default 74 * `--externalip` to set the .onion address that is advertised to other peers 75 76 ### Command line example 77 78 ```bash 79 ./btcd --proxy=127.0.0.1:9050 --listen=127.0.0.1 --externalip=fooanon.onion 80 ``` 81 82 ### Config file example 83 84 ```text 85 [Application Options] 86 87 proxy=127.0.0.1:9050 88 listen=127.0.0.1 89 externalip=fooanon.onion 90 ``` 91 92 ## Bridge mode (not anonymous) 93 94 btcd provides support for operating as a bridge between regular nodes and hidden 95 service nodes. In particular this means only traffic which is directed to or 96 from a .onion address is sent through Tor while other traffic is sent normally. 97 _As a result, this mode is **NOT** anonymous._ 98 99 This mode works by specifying an onion-specific proxy, which is pointed at Tor, 100 by using the `--onion` flag via the btcd command line or in the btcd 101 configuration file. If you have Tor configured to require a username and 102 password, you may specify them with the `--onionuser` and `--onionpass` flags. 103 104 NOTE: This mode will also work in conjunction with a hidden service which means 105 you could accept inbound connections both via the normal network and to your 106 hidden service through the Tor network. To enable your hidden service in bridge 107 mode, you only need to specify your hidden service's .onion address via the 108 `--externalip` flag since traffic to and from .onion addresses are already 109 routed via Tor due to the `--onion` flag. 110 111 ### Command line example 112 113 ```bash 114 ./btcd --onion=127.0.0.1:9050 --externalip=fooanon.onion 115 ``` 116 117 ### Config file example 118 119 ```text 120 [Application Options] 121 122 onion=127.0.0.1:9050 123 externalip=fooanon.onion 124 ``` 125 126 ## Tor stream isolation 127 128 Tor stream isolation forces Tor to build a new circuit for each connection 129 making it harder to correlate connections. 130 131 btcd provides support for Tor stream isolation by using the `--torisolation` 132 flag. This option requires --proxy or --onionproxy to be set. 133 134 ### Command line example 135 136 ```bash 137 ./btcd --proxy=127.0.0.1:9050 --torisolation 138 ``` 139 140 ### Config file example 141 142 ```text 143 [Application Options] 144 145 proxy=127.0.0.1:9050 146 torisolation=1 147 ```