Config file

Here's a fully annotated config file:

# [optional] Path to the database; must be writable by the `earendil` daemon.
# If this key is not specified, `earendil` uses a default path.
# If you start more than one `earendil` daemon on the same machine, you must specify this field in all but one of the daemon configs.
# This prevents additional daemons from trying to use the same database and crashing.
db_path: ./.cache/earendil

# [optional] IP address where the daemon listens for control commands.
# If this key is not specified, `earendil` listens for control commands on a default port.
# If you start more than one `earendil` daemon on the same machine, you must specify this field in all but one of the daemon configs.
# This prevents additional daemons from trying to listen on the same port and crashing.
# Currently sending control commands to remote daemons is not supported, so this should be `127.0.0.1:<free port>`.
control_listen: 127.0.0.1:11111

# ------------------------ routing config ----------------------------
# relays to connect to as neighbors. Client configs *must* contain at least one `out_route`; optional for relays.
out_routes:
  example-relay:
    # IP address and port where the relay is listening for incoming connections
    connect: 62.210.93.59:12345
    # long-term identity of the relay
    fingerprint: 4b7a641b77c2d6ceb8b3fecec2b2978dfe81ae045ed9a25ed78b828009c4967a
    # obfuscation protocol to use, for resisting ISP-level censorship
    # There are currently 2 obfuscation options:
    # - `none`: no obfuscation. In a censored network environment, this may lead to your connection to this relay getting blocked.
    # - `sosistab3`: a TCP-based obfuscated transport with a symmetric cookie, defined by the relay. This obfuscation protocol is developed as a part of [geph5](https://github.com/geph-official/geph5)
    obfs:
      sosistab3: shove-mistake-wish-endless-antique-citizen-filter-employ-cigar-clip-acid-defense
    # price and debt config for this link
    price_config:
      # how much you charge per incoming packet, in µMELs
      inbound_price: 0
      # debt limit for inbound packets, in µMELs
      inbound_debt_limit: 0
      # max price you're willing to pay per outgoing packet, in µMELs
      outbound_max_price: 10
      # min debt limit you accept for outbound packets, in µMELs
      # Negative debt limit means prepayment is required
      outbound_min_debt_limit: -100
  # more relays to connect to
  relay-2:
    connect: ...
    fingerprint: ...
    obfs: none
    price_config: ...

# -------------------- payments + Mel blockchain access -----------------------
payment_methods:
  # no arguments required to support PoW payments
  - pow
  - on_chain: <your-mel-wallet-secret> # secret of melwallet to use for sending + receiving payments

# [optional] how to connect to the Mel blockchain, can be Earendil haven address
# If this key is not specified, then we connect to the Mel blockchain using the default bootstrap node over clearnet. This may not work in countries with internet censorship.
mel_bootstrap: <address-to-melnode>

# --------------------------- havens + proxy ---------------------------
# [optional] Starts a local Socks5 server that proxies traffic through Earendil.
# This gives you access to Earendil havens.
# If this key is not specified, `earendil` starts a Socks5 proxy on **port 30003** with `fallback: pass_through`.
# If you start more than one `earendil` daemon on the same machine, you must specify this field in all but one of the daemon configs.
# This prevents additional daemons from trying to listen on the same port and crashing.
socks5:
  # localhost address where the earendil Socks5 proxy listens
  listen: 127.0.0.1:23456
  # how to handle non-Earendil traffic (like a request to tunnel `google.com:443`). There are 3 options:
  # 1) `pass_through`: let all non-Earendil traffic through as if you're not using Earendil. Requests to `google.com` will behave the same way as if you weren't connected to the Earendil proxy.
  # 2) `block`: block all non-Earendil traffic. Requests to `google.com` will fail.
  # 3) `simple_proxy`: proxy non-Earendil traffic via a specified exit node, similar to how you use Tor as a web proxy.
  fallback:
    simple_proxy: passthrough

# havens we're hosting
havens:
  ## a TCP haven, e.g. a website
  # path to file storing long-term haven identity. Must be writable to earendil daemon
  - identity_file: /your/path/identity.secret
    # fingerprint of relay chosen as rendezvous point for this haven (keeps haven anonymous to visitors)
    rendezvous: 4b7a641b77c2d6ceb8b3fecec2b2978dfe81ae045ed9a25ed78b828009c4967a
    handler:
      type: tcp_service
      # dock where this TCP haven is hosted
      listen_dock: 12345
      # TCP address to forward all traffic for this haven to. The TCP service behind this haven (e.g., website) should be listening to this address.
      upstream: 127.0.0.1:8000

  ## a web proxy haven
  # path to file storing long-term haven identity. Must be writable to earendil daemon
  - identity_file:
      /your/path/identity.secret
      # relay chosen as our rendezvous point. Web proxy havens cannot be anonymous, so this relay should be chosen to optimize performance.
    rendezvous: 4b7a641b77c2d6ceb8b3fecec2b2978dfe81ae045ed9a25ed78b828009c4967a
    handler:
      # Earendil's web proxy protocol
      type: simple_proxy
      # dock where proxy server listens
      listen_dock: 19999

# -------------------------- relay-only ----------------------------
relay_config:
  # path to file for storing a long-term identity.
  identity_file: /your/path/identity.secret

  # where & how to accept incoming connections
  in_routes:
    main_obfs:
      # obfuscation protocol to use, for resisting ISP-level censorship
      obfs:
        sosistab3: snake-before-antenna-toward-floor-stuff-frozen-power-avocado-retire-grunt-nation
      # TCP port this in_route listens at
      listen: 0.0.0.0:19999
      # price config for this route, in µMELs
      price_config:
        inbound_price: 5
        inbound_debt_limit: 50000
        outbound_max_price: 0
        outbound_min_debt_limit: 0
    # another in_route, with no obfuscation
    no_obfs:
      obfs: none
      listen: 0.0.0.0:19998
      price_config:
        inbound_price: 3
        inbound_debt_limit: 30000
        outbound_max_price: 0
        outbound_min_debt_limit: 0

Last updated