# A Tor config that just boots up, runs as a client (not a relay), and
# allows access to our .onion website.

# Ubuntu's torrc has this (since it installs Tor as a system service)
RunAsDaemon 1

# Some smart options to have.
AvoidDiskWrites 1
HardwareAccel 1
ClientOnly 1
ExitPolicy reject *:*

# With these three config lines, we serve our website (see nginx.conf) on a .onion
# domain. The name is generated randomly (an RSA key is generated & the domain is
# based on the hash), but you can brute force for partial strings by using
# https://github.com/freaken/shallot (this fork has important fix for math bug).
# This is how I get my .onion domain to start with "tigas".
# -> tigas3l7uusztiqu.onion
HiddenServiceDir /home/mtigas/tigas_hidserv
HiddenServicePort 80 127.0.0.1:15517
HiddenServicePort 443 127.0.0.1:443

##### Regarding censorship #####
# You can host a hidden service even if you are behind a firewall
# and can't open ports. It won't operate as a publicly-accessible
# website, but you can tell nginx (or any other server) to listen
# on 127.0.0.1 (whatever port you desire). Tor's hidden service
# architecture effecrtively punches a hole through firewalls and
# censors.

# If you're in an extremely hostile situation where the content
# you are publishing may be censored (or may get you into trouble),
# you are probably also in a situation where Tor is blocked. You
# can host a hidden service even in this situation, if you enable
# bridges. You can circumvent deep packet inspection censorship
# techniques by connecting to Tor via an obfsproxy bridge.
#
# See https://bridges.torproject.org/ for details on bridge relays.
# See https://www.torproject.org/projects/obfsproxy.html.en for details on obfsproxy.

#UseBridges 1
#ClientTransportPlugin obfs2,obfs3 exec /usr/local/bin/pyobfsproxy managed
#Bridge 54.218.98.220:443
#Bridge obfs2 128.31.0.34:1051
#Bridge obfs3 37.247.49.206:35254
# You shouldn't use these "Bridge" lines, though.
# Get bridge lines from https://bridges.torproject.org/bridges (since they'll be up
# to date and less likely to be blocked from a blacklist).