From dd598ca1f9830a6ccac6284e76b454ab18d59754 Mon Sep 17 00:00:00 2001
From: "rE-Bo0t.bx1" <54429050+r3bo0tbx1@users.noreply.github.com>
Date: Sun, 7 Dec 2025 22:20:45 +0800
Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20refactor(ops):=20optimize?=
 =?UTF-8?q?=20workflows,=20docker=20setup=20and=20relay=20configs?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Refactors the repository configuration to streamline CI/CD processes and tune Tor relay settings.

**CI & Build:**
- 👷 Enhance `cleanup.yml` with clearer cache deletion and logging.
- 🐳 Update `.dockerignore` to streamline CI builds.
- 🔧 Simplify `.gitattributes` and prune `.hadolint.yaml` comments.

**Tor Configuration:**
- 🛡️ Tune `relay-guard.conf` for performance and remove noise.
- 🌉 Update `relay-bridge.conf` ORPort/ServerTransport settings.
- ⚡ Refine `relay-exit.conf` exit policies and bandwidth limits.

**Misc & Cleanup:**
- 💄 Improve startup banner aesthetics in `docker-entrypoint.sh`.
- 📝 Add JS execution warnings to `tor-exit-notice` HTML template.
- 🔥 Remove obsolete `examples/.env` file.
---
 .dockerignore                                 |  19 --
 .gitattributes                                |  11 -
 .github/workflows/cleanup.yml                 |  24 +-
 .hadolint.yaml                                |  58 +---
 docker-entrypoint.sh                          |   5 +-
 examples/.env                                 | 184 ----------
 examples/relay-bridge.conf                    | 195 +----------
 examples/relay-exit.conf                      | 318 +++++-------------
 examples/relay-guard.conf                     | 144 +-------
 .../tor-exit-notice (r3bo0tbx1).html          |  23 +-
 10 files changed, 145 insertions(+), 836 deletions(-)
 delete mode 100644 examples/.env

diff --git a/.dockerignore b/.dockerignore
index aac8201..8b7e41b 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,20 +1,15 @@
 # 🧱 optimized for CI builds
 
-# Ignore Git and CI/CD metadata
 .git
 .gitignore
 .gitattributes
 .github/
-
-# Ignore documentation and changelogs
 *.md
 CHANGELOG.md
 CONTRIBUTING.md
 CODE_OF_CONDUCT.md
 SECURITY.md
 LICENSE.txt
-
-# Ignore examples, templates, and local configs
 examples/
 templates/
 docs/
@@ -23,25 +18,11 @@ config/
 *.json
 *.yaml
 *.yml
-
-# Ignore temporary, backup, and log files
 *.log
 *.tmp
 *.bak
 *.swp
 *.DS_Store
-
-# Ignore local build artifacts
-*.tar
-*.gz
-*.zip
-*.tgz
-build/
-dist/
-node_modules/
-__pycache__/
-
-# Keep only files needed for building and running the image
 !Dockerfile
 !Dockerfile.edge
 !tools/
diff --git a/.gitattributes b/.gitattributes
index fadd95f..36f0521 100644
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,26 +1,15 @@
-# Auto detect text files and perform LF normalization
 * text=auto
-
-# Ensure shell scripts always use LF
 *.sh text eol=lf
 docker-entrypoint.sh text eol=lf
 healthcheck.sh text eol=lf
 tools/* text eol=lf
-
-# Dockerfiles
 *.container text eol=lf
 Dockerfile text eol=lf
-
-# GitHub workflows
 .github/workflows/*.yml text eol=lf
-
-# Standard file handling
 *.md text
 *.txt text
 *.yml text eol=lf
 *.yaml text eol=lf
-
-# Binary files
 *.png binary
 *.jpg binary
 *.gif binary
\ No newline at end of file
diff --git a/.github/workflows/cleanup.yml b/.github/workflows/cleanup.yml
index 069bb64..83bf75d 100644
--- a/.github/workflows/cleanup.yml
+++ b/.github/workflows/cleanup.yml
@@ -1,4 +1,4 @@
-name: 🗑️🧹
+name: 🗑️🧹 Force Clear Cache
 
 on:
   schedule:
@@ -12,24 +12,10 @@ jobs:
   clear-cache:
     runs-on: ubuntu-latest
     steps:
-      - name: 🗑️ Clear GitHub Actions Cache
+      - name: 💥 Nuke GitHub Actions Cache
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          REPO: ${{ github.repository }}
         run: |
-          echo "🔍 Fetching list of caches..."
-          # Get all cache keys
-          cacheKeys=$(gh cache list --limit 100 --repo $REPO --json key --jq '.[].key')
-
-          if [ -z "$cacheKeys" ]; then
-            echo "✅ No caches found to clear."
-            exit 0
-          fi
-
-          echo "🗑️ Deleting caches..."
-          for key in $cacheKeys; do
-            echo "   - Deleting $key"
-            gh cache delete "$key" --repo $REPO || echo "     ⚠️ Failed to delete $key (might already be gone)"
-          done
-          echo "🎉 Cache cleanup complete."
-          
\ No newline at end of file
+          echo "🔍 meaningful-text: check for caches..."
+          gh cache delete --all --repo ${{ github.repository }} || true
+          echo "✅ Cache storage is now empty."
\ No newline at end of file
diff --git a/.hadolint.yaml b/.hadolint.yaml
index 982d9a1..1047e23 100644
--- a/.hadolint.yaml
+++ b/.hadolint.yaml
@@ -1,65 +1,9 @@
-# Hadolint configuration for Tor Guard Relay
-# https://github.com/hadolint/hadolint
-# Dockerfile linting with security-first approach
-
-# ============================================================================
-# Ignored Rules
-# ============================================================================
-
 ignored:
-  # DL3018: Ignore unpinned package versions in apk add
-  # Rationale: Alpine Linux frequently updates packages, causing pinned versions
-  # to break builds. We prefer resilience and automatic security updates over
-  # strict reproducibility. Weekly rebuilds (Sundays 18:30 UTC) ensure we get
-  # latest security patches automatically.
   - DL3018
-
-  # DL3062: Ignore unpinned Go packages
-  # Rationale: We intentionally use 'go get -u' to fetch the latest security 
-  # patches for dependencies during our weekly rebuilds. Pinning versions
-  # would prevent automatic vulnerability remediation.
   - DL3062
 
-# ============================================================================
-# Security & Quality Settings
-# ============================================================================
-
-failure-threshold: error  # Only fail on errors, not warnings
-
-# Enable all built-in checks (except explicitly ignored above)
+failure-threshold: error
 no-fail: false
-
-# ============================================================================
-# Trusted Registries (Security)
-# ============================================================================
-
-# Only allow official registries and alpine base image
 trustedRegistries:
   - "docker.io"
   - "registry.hub.docker.com"
-
-# ============================================================================
-# Additional Notes
-# ============================================================================
-#
-# Enabled security checks include:
-# - DL3001: Avoid using sudo
-# - DL3002: Warn on using USER root
-# - DL3003: Use WORKDIR for absolute paths
-# - DL3006: Use --platform for multi-arch builds
-# - DL3007: Use specific tags for base images (not :latest)
-# - DL3008: Pin versions in apt-get (N/A - we use apk)
-# - DL3009: Delete apt-get lists after install (N/A - we use apk)
-# - DL3013: Pin versions in pip install (N/A - no Python)
-# - DL3015: Avoid additional packages in apt-get (N/A - we use apk)
-# - DL3016: Pin versions in npm (N/A - no Node.js)
-# - DL3020: Use COPY instead of ADD for files/dirs
-# - DL3022: COPY --from should reference valid stage
-# - DL3025: Use JSON notation for CMD/ENTRYPOINT
-# - DL4001: Warn on wget/curl without verified downloads
-# - DL4003: Multiple CMD instructions (only last one counts)
-# - DL4004: Multiple ENTRYPOINT instructions
-# - DL4006: Set SHELL to pipefail mode
-# - SC1000-SC9999: All ShellCheck warnings (for RUN commands)
-#
-# Our Dockerfile passes all checks except DL3018 (unpinned versions by design).
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 2c913cc..c3ce671 100644
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -49,9 +49,10 @@ cleanup_and_exit() {
 }
 
 startup_banner() {
-  log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+  log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
   log "🧅 Tor Guard Relay v1.1.3 - Initialization"
-  log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+  log "https://github.com/r3bo0tbx1/tor-guard-relay"
+  log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
   log ""
 }
 
diff --git a/examples/.env b/examples/.env
deleted file mode 100644
index 2fe6e4e..0000000
--- a/examples/.env
+++ /dev/null
@@ -1,184 +0,0 @@
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# Tor Relay Environment Configuration for version >=v1.1.1
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# Copy this file to .env and customize for your deployment
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# BRIDGE MODE - Official Tor Project ENV Naming
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# Use these for drop-in replacement of thetorproject/obfs4-bridge
-# Compatible with templates/docker-compose-bridge-official.yml
-
-# OR_PORT: Tor relay traffic port (ORPort)
-# Suggested: 443 (appears as HTTPS), 9001 (standard), or any port > 1024
-OR_PORT=9001
-
-# PT_PORT: Pluggable transport port (obfs4)
-# Can be any port > 1024
-PT_PORT=9002
-
-# EMAIL: Contact email address (REQUIRED)
-# Used in bridge descriptor for Tor Project to contact you
-EMAIL=admin@example.com
-
-# NICKNAME: Bridge nickname (optional)
-# Defaults to "DockerObfs4Bridge" if not set
-NICKNAME=MyObfs4Bridge
-
-# OBFS4_ENABLE_ADDITIONAL_VARIABLES: Enable OBFS4V_* processing
-# Set to 1 to enable additional torrc options via OBFS4V_* variables
-OBFS4_ENABLE_ADDITIONAL_VARIABLES=1
-
-# OBFS4V_AddressDisableIPv6: Disable IPv6 address announcements
-# 0 = Enable IPv6 (default), 1 = Disable IPv6
-OBFS4V_AddressDisableIPv6=0
-
-# OBFS4V_MaxMemInQueues: Maximum memory in queues
-# Helps with high-bandwidth bridges
-OBFS4V_MaxMemInQueues=1024 MB
-
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# GUARD/MIDDLE MODE - Our TOR_* ENV Naming
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# Use these for guard/middle/exit relays
-# Compatible with templates/docker-compose-guard.yml
-
-# TOR_RELAY_MODE: Relay mode (guard, exit, or bridge)
-# Default: guard
-# Note: Auto-detects to "bridge" if PT_PORT is set
-#TOR_RELAY_MODE=guard
-
-# TOR_NICKNAME: Relay nickname (REQUIRED for ENV-based config)
-# Must be unique across all Tor relays
-#TOR_NICKNAME=MyTorRelay
-
-# TOR_CONTACT_INFO: Contact email (REQUIRED for ENV-based config)
-#TOR_CONTACT_INFO=admin@example.com
-
-# TOR_ORPORT: ORPort for relay traffic
-# Suggested: 443, 9001, or any port > 1024
-#TOR_ORPORT=9001
-
-# TOR_DIRPORT: DirPort for directory service (guard/exit only)
-# Set to 0 to disable, or use standard port 9030
-#TOR_DIRPORT=9030
-
-# TOR_OBFS4_PORT: obfs4 port (bridge mode only)
-#TOR_OBFS4_PORT=9002
-
-# TOR_BANDWIDTH_RATE: Bandwidth rate limit (optional)
-# Example: "10 MBytes" = 10 MB/s sustained
-#TOR_BANDWIDTH_RATE=10 MBytes
-
-# TOR_BANDWIDTH_BURST: Bandwidth burst limit (optional)
-# Example: "20 MBytes" = 20 MB/s peak
-#TOR_BANDWIDTH_BURST=20 MBytes
-
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# EXIT MODE - Additional Options
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-# TOR_EXIT_POLICY: Exit policy (exit mode only)
-# Default: "ExitPolicy reject *:*" (reduced exit)
-# Examples:
-#   - "ExitPolicy accept *:80,accept *:443,reject *:*" (HTTP/HTTPS only)
-#   - "ExitPolicy accept *:*" (unrestricted exit - USE WITH CAUTION)
-#TOR_EXIT_POLICY=ExitPolicy reject *:*
-
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# OPTIONAL: Bandwidth Accounting (All Modes)
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# Use OBFS4V_* prefix for official bridge naming, or add to custom torrc
-
-# AccountingMax: Total bandwidth per period
-#OBFS4V_AccountingMax=100 GBytes
-
-# AccountingStart: When to reset accounting
-# Examples: "month 1 00:00", "week 1 00:00", "day 00:00"
-#OBFS4V_AccountingStart=month 1 00:00
-
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# CONTAINER OPTIONS
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-# TZ: Container timezone (optional)
-# Default: UTC
-TZ=UTC
-
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# USAGE EXAMPLES
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-# Example 1: obfs4 Bridge (Official Naming)
-# ──────────────────────────────────────────
-# OR_PORT=9001
-# PT_PORT=9002
-# EMAIL=admin@example.com
-# NICKNAME=MyObfs4Bridge
-# OBFS4_ENABLE_ADDITIONAL_VARIABLES=1
-# OBFS4V_MaxMemInQueues=1024 MB
-
-# Example 2: Guard Relay (Our Naming)
-# ──────────────────────────────────────────
-# TOR_RELAY_MODE=guard
-# TOR_NICKNAME=MyGuardRelay
-# TOR_CONTACT_INFO=admin@example.com
-# TOR_ORPORT=9001
-# TOR_DIRPORT=9030
-# TOR_BANDWIDTH_RATE=10 MBytes
-# TOR_BANDWIDTH_BURST=20 MBytes
-
-# Example 3: Exit Relay (Reduced Exit)
-# ──────────────────────────────────────────
-# TOR_RELAY_MODE=exit
-# TOR_NICKNAME=MyExitRelay
-# TOR_CONTACT_INFO=admin@example.com
-# TOR_ORPORT=9001
-# TOR_DIRPORT=9030
-# TOR_EXIT_POLICY=ExitPolicy accept *:80,accept *:443,reject *:*
-
-# Example 4: High-Bandwidth Bridge with Accounting
-# ──────────────────────────────────────────
-# OR_PORT=443
-# PT_PORT=9002
-# EMAIL=admin@example.com
-# NICKNAME=HighBandwidthBridge
-# OBFS4_ENABLE_ADDITIONAL_VARIABLES=1
-# OBFS4V_BandwidthRate=50 MBytes
-# OBFS4V_BandwidthBurst=100 MBytes
-# OBFS4V_AccountingMax=500 GBytes
-# OBFS4V_AccountingStart=month 1 00:00
-
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-# NOTES
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-#
-# 1. ENV Variable Priority:
-#    - TOR_* prefix takes precedence over official naming
-#    - Official naming (OR_PORT, PT_PORT, etc.) is used as fallback
-#    - You can mix both naming conventions
-#
-# 2. Bridge Mode Auto-Detection:
-#    - If PT_PORT is set and TOR_RELAY_MODE is not, mode becomes "bridge"
-#    - This ensures drop-in compatibility with official bridge config
-#
-# 3. OBFS4V_* Processing:
-#    - Only works in bridge mode when OBFS4_ENABLE_ADDITIONAL_VARIABLES=1
-#    - OBFS4V_* variables are stripped of prefix and added to torrc
-#    - Example: OBFS4V_MaxMemInQueues=1024 MB → MaxMemInQueues 1024 MB in torrc
-#
-# 4. Port Selection:
-#    - Use port 443 for ORPort in censored regions (appears as HTTPS)
-#    - Standard ports: ORPort 9001, DirPort 9030, obfs4 9002
-#    - Any port > 1024 works without special privileges
-#
-# 5. Bandwidth Units:
-#    - Supported: Bytes, KBytes, MBytes, GBytes, TBytes
-#    - Example: "10 MBytes" = 10 MB/s
-#
-# 6. Firewall Configuration Required:
-#    - Allow incoming connections to OR_PORT and PT_PORT (or TOR_ORPORT/TOR_OBFS4_PORT)
-#    - See docker-compose-bridge-official.yml comments for firewall examples
-#
-# ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
diff --git a/examples/relay-bridge.conf b/examples/relay-bridge.conf
index a52b80b..195cdc3 100644
--- a/examples/relay-bridge.conf
+++ b/examples/relay-bridge.conf
@@ -1,189 +1,24 @@
-# Tor obfs4 Bridge Configuration Example
-# For helping censored users connect to the Tor network
-# Bridges are NOT published in the main Tor directory
-
-# ============================================================================
-# REQUIRED: Basic Bridge Information
-# ============================================================================
-
-# Your bridge's nickname (alphanumeric, 1-19 characters)
 Nickname MyTorBridge
-
-# Contact information (email + optional PGP key)
 ContactInfo your-email@example.com <0xYOUR_PGP_FINGERPRINT>
-
-# ============================================================================
-# REQUIRED: Network Configuration
-# ============================================================================
-
-# ORPort - The port for incoming Tor connections
-# Common choices: 443, 9001, or any port > 1024
-# Must be publicly accessible for bridge to work
-ORPort 9001
-ORPort [::]:9001
-
-# ============================================================================
-# REQUIRED: Bridge Mode
-# ============================================================================
-
-# Enable bridge relay mode
 BridgeRelay 1
-
-# Pluggable transport - obfs4 via lyrebird (obfuscates traffic to look like random data)
+ORPort 24819
+ORPort [::]:24819
 ServerTransportPlugin obfs4 exec /usr/bin/lyrebird
-# obfs4 port - Common choices: 443, 9002, or any port > 1024 (different from ORPort)
-# Must be publicly accessible for bridge to work
-ServerTransportListenAddr obfs4 0.0.0.0:9002
-ServerTransportListenAddr obfs4 [::]:9002
-
-# Extended ORPort for pluggable transports
+ServerTransportListenAddr obfs4 0.0.0.0:443
+ServerTransportListenAddr obfs4 [::]:443
 ExtORPort auto
-
-# Publish bridge descriptor to bridge authority
-PublishServerDescriptor 1
-
-# ============================================================================
-# REQUIRED: Data & Logging
-# ============================================================================
-
-# Where Tor stores its data (keys, state, etc.)
+PublishServerDescriptor bridge
 DataDirectory /var/lib/tor
-
-# Log level and location (file + stdout for container logs)
 Log notice file /var/log/tor/notices.log
 Log notice stdout
-
-# ============================================================================
-# OPTIONAL: Control Port (Advanced Users Only)
-# ============================================================================
-
-# Uncomment if you want to install and use Nyx or other control tools
-# Note: Nyx is NOT included in this image by default
-# ControlPort 9051
-# CookieAuthentication 1
-
-# ============================================================================
-# REQUIRED: Disable SOCKS
-# ============================================================================
-
-# Disable SOCKS proxy (we're a bridge, not a client)
+ControlPort 0
+ControlSocket /var/lib/tor/control_socket
+ControlSocketsGroupWritable 1
+#HashedControlPassword 16:YOUR_HASHED_PASSWORD_HERE
 SocksPort 0
-
-# ============================================================================
-# OPTIONAL: Bandwidth Limits
-# ============================================================================
-
-# Limit bandwidth to prevent overwhelming your connection
-# Bridges can run on lower bandwidth than relays
-
-# Average bandwidth (sustained rate)
-RelayBandwidthRate 10 MBytes
-
-# Burst bandwidth (temporary spikes)
-RelayBandwidthBurst 20 MBytes
-
-# Alternatively, use AccountingMax to limit monthly traffic:
-# AccountingStart month 1 00:00
-# AccountingMax 500 GB
-
-# ============================================================================
-# OPTIONAL: Performance Tuning
-# ============================================================================
-
-# Number of CPU cores to use
-NumCPUs 2
-
-# Maximum memory in queues
-# MaxMemInQueues 512 MB
-
-# ============================================================================
-# Bridge Operation Notes
-# ============================================================================
-
-# 1. WHAT IS A BRIDGE?
-#    - Bridges help users in censored countries connect to Tor
-#    - Bridge addresses are NOT published in the main Tor directory
-#    - They are distributed to users through BridgeDB and other means
-#
-# 2. obfs4 PLUGGABLE TRANSPORT
-#    - Makes Tor traffic look like random data
-#    - Harder for censors to detect and block
-#    - Most effective transport for circumventing censorship
-#
-# 3. AFTER DEPLOYMENT
-#    - Wait 24-48 hours for bridge to be published
-#    - Check BridgeDB: https://bridges.torproject.org/
-#    - Get your bridge line: docker exec <container> bridge-line
-#
-# 4. SHARING YOUR BRIDGE
-#    - ONLY share your bridge line with people you trust
-#    - Don't publish it publicly (defeats the purpose)
-#    - Users can also get bridges from https://bridges.torproject.org/
-#
-# 5. MONITORING
-#    - Check logs: docker logs <container>
-#    - Full status: docker exec <container> status
-#    - JSON health: docker exec <container> health
-#    - Get bridge line: docker exec <container> bridge-line
-#    - Bridges show fewer statistics than relays for privacy
-#
-# 6. PORTS TO EXPOSE
-#    - ORPort (example: 9001, suggested: 443 or 9001) - Must be publicly accessible
-#    - obfs4 port (example: 9002, can be any port) - Must be publicly accessible
-#    - Firewall must allow both ports
-#    - Using port 443 for ORPort may help with censorship circumvention
-#
-# 7. NETWORK CONSIDERATIONS
-#    - Use a stable IP address
-#    - Ensure both IPv4 and IPv6 work (if available)
-#    - Test port accessibility from outside your network
-
-# ============================================================================
-# Deployment Example with Environment Variables
-# ============================================================================
-#
-# Method 1: Using TOR_* naming (standard)
-#
-# docker run -d \
-#   --name tor-bridge \
-#   --network host \
-#   -e TOR_RELAY_MODE=bridge \
-#   -e TOR_NICKNAME=MyBridge \
-#   -e TOR_CONTACT_INFO="your-email@example.com" \
-#   -e TOR_ORPORT=9001 \
-#   -e TOR_OBFS4_PORT=9002 \
-#   -e TOR_BANDWIDTH_RATE="10 MBytes" \
-#   -e TOR_BANDWIDTH_BURST="20 MBytes" \
-#   -v tor-bridge-data:/var/lib/tor \
-#   -v tor-bridge-logs:/var/log/tor \
-#   ghcr.io/r3bo0tbx1/onion-relay:latest
-#
-# Method 2: Using official Tor Project naming (drop-in compatibility)
-#
-# docker run -d \
-#   --name tor-bridge \
-#   --network host \
-#   -e NICKNAME=MyBridge \
-#   -e EMAIL="your-email@example.com" \
-#   -e OR_PORT=9001 \
-#   -e PT_PORT=9002 \
-#   -v tor-bridge-data:/var/lib/tor \
-#   -v tor-bridge-logs:/var/log/tor \
-#   ghcr.io/r3bo0tbx1/onion-relay:latest
-#
-# Note: PT_PORT automatically sets bridge mode. Both naming styles work identically.
-#
-# Get your bridge line after 24-48 hours:
-# docker exec tor-bridge bridge-line
-#
-# Share the bridge line with users:
-# Bridge obfs4 <IP>:<PORT> <FINGERPRINT> cert=<CERT> iat-mode=0
-
-# ============================================================================
-# Resources
-# ============================================================================
-#
-# - Bridge Setup Guide: https://community.torproject.org/relay/setup/bridge/
-# - BridgeDB: https://bridges.torproject.org/
-# - Pluggable Transports: https://tb-manual.torproject.org/circumvention/
-# - obfs4 Spec: https://gitlab.com/yawning/obfs4
+RelayBandwidthRate 20 MBytes
+RelayBandwidthBurst 40 MBytes
+NumCPUs 1
+MaxMemInQueues 512 MB
+AvoidDiskWrites 1
+DisableDebuggerAttachment 1
\ No newline at end of file
diff --git a/examples/relay-exit.conf b/examples/relay-exit.conf
index a8d12b4..77d4176 100644
--- a/examples/relay-exit.conf
+++ b/examples/relay-exit.conf
@@ -1,240 +1,98 @@
-# Tor Exit Relay Configuration Example
-# ⚠️  WARNING: Running an exit relay has legal implications!
-# Read https://community.torproject.org/relay/community-resources/eff-tor-legal-faq/
-# before deploying.
-
-# ============================================================================
-# REQUIRED: Basic Relay Information
-# ============================================================================
-
-# Your relay's nickname (alphanumeric, 1-19 characters)
 Nickname MyTorExitRelay
-
-# Contact information (email + optional PGP key)
-# This is CRITICAL for exit relays - you WILL receive abuse complaints
 ContactInfo your-email@example.com <0xYOUR_PGP_FINGERPRINT>
-
-# ============================================================================
-# REQUIRED: Network Configuration
-# ============================================================================
-
-# ORPort - The port for incoming Tor connections
-# Common choices: 443, 9001, or any port > 1024
 ORPort 9001
 ORPort [::]:9001
-
-# DirPort - Directory information port (optional but recommended)
-# Common choices: 80, 9030, or any port > 1024
-# Set to 0 to disable directory serving
 DirPort 9030
-
-# ============================================================================
-# REQUIRED: Exit Relay Configuration
-# ============================================================================
-
-# Enable exit relay mode
 ExitRelay 1
-
-# Exit policy - REDUCED EXIT POLICY (recommended for new operators)
-# This allows common services while blocking high-risk ports
-# See: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
-
-ExitPolicy accept *:20-21     # FTP
-ExitPolicy accept *:22        # SSH
-ExitPolicy accept *:43        # WHOIS
-ExitPolicy accept *:53        # DNS
-ExitPolicy accept *:79-81     # finger, HTTP
-ExitPolicy accept *:88        # kerberos
-ExitPolicy accept *:110       # POP3
-ExitPolicy accept *:143       # IMAP
-ExitPolicy accept *:194       # IRC
-ExitPolicy accept *:220       # IMAP3
-ExitPolicy accept *:389       # LDAP
-ExitPolicy accept *:443       # HTTPS
-ExitPolicy accept *:464       # kpasswd
-ExitPolicy accept *:465       # SMTP over SSL
-ExitPolicy accept *:531       # IRC/AIM
-ExitPolicy accept *:543-544   # Kerberos
-ExitPolicy accept *:554       # RTSP
-ExitPolicy accept *:563       # NNTP over SSL
-ExitPolicy accept *:587       # SMTP
-ExitPolicy accept *:636       # LDAP over SSL
-ExitPolicy accept *:706       # SILC
-ExitPolicy accept *:749       # kerberos
-ExitPolicy accept *:873       # rsync
-ExitPolicy accept *:902-904   # VMware
-ExitPolicy accept *:981       # HTTPS
-ExitPolicy accept *:989-990   # FTP over SSL
-ExitPolicy accept *:991       # NAS
-ExitPolicy accept *:992       # Telnet over SSL
-ExitPolicy accept *:993       # IMAP over SSL
-ExitPolicy accept *:994       # IRC over SSL
-ExitPolicy accept *:995       # POP3 over SSL
-ExitPolicy accept *:1194      # OpenVPN
-ExitPolicy accept *:1220      # QT Server Admin
-ExitPolicy accept *:1293      # IPSec
-ExitPolicy accept *:1500      # VLSI
-ExitPolicy accept *:1533      # Sametime
-ExitPolicy accept *:1677      # GroupWise
-ExitPolicy accept *:1723      # PPTP
-ExitPolicy accept *:1755      # RTSP
-ExitPolicy accept *:1863      # MSNP
-ExitPolicy accept *:2082      # Infowave
-ExitPolicy accept *:2083      # Secure Radius
-ExitPolicy accept *:2086-2087 # GNUnet
-ExitPolicy accept *:2095-2096 # NBX
-ExitPolicy accept *:2102-2104 # Zephyr
-ExitPolicy accept *:3128      # SQUID
-ExitPolicy accept *:3389      # RDP
-ExitPolicy accept *:3690      # SVN
-ExitPolicy accept *:4321      # RWHOIS
-ExitPolicy accept *:4643      # Virtuozzo
-ExitPolicy accept *:5050      # Yahoo! Messenger
-ExitPolicy accept *:5190      # AIM/ICQ
-ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
-ExitPolicy accept *:5228      # Google Play
-ExitPolicy accept *:5900      # VNC
-ExitPolicy accept *:6660-6669 # IRC
-ExitPolicy accept *:6679      # IRC SSL
-ExitPolicy accept *:6697      # IRC SSL
-ExitPolicy accept *:8000      # iRDMI
-ExitPolicy accept *:8008      # HTTP alternate
-ExitPolicy accept *:8074      # Gadu-Gadu
-ExitPolicy accept *:8080      # HTTP Proxies
-ExitPolicy accept *:8082      # HTTPS Electrum Bitcoin port
-ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP
-ExitPolicy accept *:8232-8233 # Zcash
-ExitPolicy accept *:8332-8333 # Bitcoin
-ExitPolicy accept *:8443      # PCsync HTTPS
-ExitPolicy accept *:8888      # HTTP Proxies, NewsEDGE
-ExitPolicy accept *:9418      # git
-ExitPolicy accept *:9999      # distinct
-ExitPolicy accept *:10000     # Network Data Management Protocol
-ExitPolicy accept *:11371     # OpenPGP hkp (keyserver)
-ExitPolicy accept *:19294     # Google Voice TCP
-ExitPolicy accept *:19638     # Ensim Control Panel
-ExitPolicy accept *:50002     # Electrum Bitcoin SSL
-ExitPolicy accept *:64738     # Mumble
-ExitPolicy reject *:*         # reject everything else
-
-# Alternative: More restrictive (HTTP/HTTPS only)
-# ExitPolicy accept *:80      # HTTP
-# ExitPolicy accept *:443     # HTTPS
-# ExitPolicy reject *:*       # reject everything else
-
-# ============================================================================
-# REQUIRED: Data & Logging
-# ============================================================================
-
-# Where Tor stores its data (keys, state, etc.)
+IPv6Exit 1
+RelayBandwidthRate 10 MBytes
+RelayBandwidthBurst 20 MBytes
+NumCPUs 1
+MaxMemInQueues 1024 MB
+DisableDebuggerAttachment 1
+AvoidDiskWrites 1
 DataDirectory /var/lib/tor
-
-# Log level and location (file + stdout for container logs)
 Log notice file /var/log/tor/notices.log
 Log notice stdout
-
-# ControlPort for monitoring with Nyx
-ControlPort 9051
-CookieAuthentication 1
-
-# ============================================================================
-# REQUIRED: Disable SOCKS
-# ============================================================================
-
-# Disable SOCKS proxy (we're a relay, not a client)
+ControlPort 0
+ControlSocket /var/lib/tor/control_socket
+ControlSocketsGroupWritable 1
+#HashedControlPassword 16:YOUR_HASHED_PASSWORD_HERE
 SocksPort 0
-
-# ============================================================================
-# OPTIONAL: Bandwidth Limits
-# ============================================================================
-
-# Limit bandwidth to prevent overwhelming your connection
-# Exit relays typically need MORE bandwidth than guard relays
-
-# Option 1: Relay-specific bandwidth (recommended for exit relays)
-# Average bandwidth (sustained rate)
-RelayBandwidthRate 50 MBytes
-
-# Burst bandwidth (temporary spikes)
-RelayBandwidthBurst 100 MBytes
-
-# Option 2: Global bandwidth limits (applies to all Tor traffic)
-# BandwidthRate 50 MBytes
-# BandwidthBurst 100 MBytes
-
-# Note: Use RelayBandwidthRate/Burst for exit relays to avoid limiting
-# directory and other non-relay traffic. Use BandwidthRate/Burst if you
-# want to limit ALL Tor traffic including directory requests.
-
-# Alternatively, use AccountingMax to limit monthly traffic:
-# AccountingStart month 1 00:00
-# AccountingMax 1000 GB
-
-# ============================================================================
-# OPTIONAL: Performance Tuning
-# ============================================================================
-
-# Number of CPU cores to use
-NumCPUs 2
-
-# Maximum memory in queues
-# MaxMemInQueues 1024 MB
-
-# ============================================================================
-# IMPORTANT: Exit Relay Legal Considerations
-# ============================================================================
-
-# 1. UNDERSTAND THE LEGAL RISKS
-#    - Your IP will be associated with exit traffic
-#    - You WILL receive abuse complaints
-#    - Some services may block your IP
-#    - Legal liability varies by jurisdiction
-#
-# 2. PREPARATION CHECKLIST
-#    ✓ Read EFF Tor Legal FAQ
-#    ✓ Inform your ISP (recommended)
-#    ✓ Set up abuse complaint handling
-#    ✓ Use a dedicated IP/server
-#    ✓ Consider running from a datacenter
-#    ✓ Have legal resources available
-#    ✓ Set up WHOIS with your contact info
-#    ✓ Create abuse@ email address
-#
-# 3. ABUSE RESPONSE TEMPLATE
-#    Keep a standard response ready:
-#    "This is a Tor exit relay. The IP address you reported
-#    is not the source of malicious activity. Tor is an
-#    anonymity network. Please see https://www.torproject.org/
-#    for more information."
-#
-# 4. MONITORING
-#    - Check status daily: docker exec <container> status
-#    - Get JSON health: docker exec <container> health
-#    - View logs: docker logs <container>
-#    - Set up alerts for issues
-#
-# 5. RESOURCES
-#    - Tor Legal FAQ: https://community.torproject.org/relay/community-resources/eff-tor-legal-faq/
-#    - Abuse Response: https://community.torproject.org/relay/community-resources/tor-abuse-templates/
-#    - Good/Bad ISPs: https://community.torproject.org/relay/community-resources/good-bad-isps/
-
-# ============================================================================
-# Deployment Example with Environment Variables
-# ============================================================================
-#
-# Instead of mounting this file, you can use environment variables:
-#
-# docker run -d \
-#   --name tor-exit-relay \
-#   --network host \
-#   -e TOR_RELAY_MODE=exit \
-#   -e TOR_NICKNAME=MyExitRelay \
-#   -e TOR_CONTACT_INFO="your-email@example.com" \
-#   -e TOR_ORPORT=9001 \
-#   -e TOR_DIRPORT=9030 \
-#   -e TOR_BANDWIDTH_RATE="50 MBytes" \
-#   -e TOR_BANDWIDTH_BURST="100 MBytes" \
-#   -e TOR_EXIT_POLICY="accept *:80,accept *:443,reject *:*" \
-#   -v tor-exit-data:/var/lib/tor \
-#   -v tor-exit-logs:/var/log/tor \
-#   ghcr.io/r3bo0tbx1/onion-relay:latest
+ExitPolicy accept *:20-21
+ExitPolicy accept *:22
+ExitPolicy accept *:43
+ExitPolicy accept *:53
+ExitPolicy accept *:79-81
+ExitPolicy accept *:88
+ExitPolicy accept *:110
+ExitPolicy accept *:143
+ExitPolicy accept *:194
+ExitPolicy accept *:220
+ExitPolicy accept *:389
+ExitPolicy accept *:443
+ExitPolicy accept *:464
+ExitPolicy accept *:465
+ExitPolicy accept *:531
+ExitPolicy accept *:543-544
+ExitPolicy accept *:554
+ExitPolicy accept *:563
+ExitPolicy accept *:587
+ExitPolicy accept *:636
+ExitPolicy accept *:706
+ExitPolicy accept *:749
+ExitPolicy accept *:873
+ExitPolicy accept *:902-904
+ExitPolicy accept *:981
+ExitPolicy accept *:989-990
+ExitPolicy accept *:991
+ExitPolicy accept *:992
+ExitPolicy accept *:993
+ExitPolicy accept *:994
+ExitPolicy accept *:995
+ExitPolicy accept *:1194
+ExitPolicy accept *:1220
+ExitPolicy accept *:1293
+ExitPolicy accept *:1500
+ExitPolicy accept *:1533
+ExitPolicy accept *:1677
+ExitPolicy accept *:1723
+ExitPolicy accept *:1755
+ExitPolicy accept *:1863
+ExitPolicy accept *:2082
+ExitPolicy accept *:2083
+ExitPolicy accept *:2086-2087
+ExitPolicy accept *:2095-2096
+ExitPolicy accept *:2102-2104
+ExitPolicy accept *:3128
+ExitPolicy accept *:3389
+ExitPolicy accept *:3690
+ExitPolicy accept *:4321
+ExitPolicy accept *:4643
+ExitPolicy accept *:5050
+ExitPolicy accept *:5190
+ExitPolicy accept *:5222-5223
+ExitPolicy accept *:5228
+ExitPolicy accept *:5900
+ExitPolicy accept *:6660-6669
+ExitPolicy accept *:6679
+ExitPolicy accept *:6697
+ExitPolicy accept *:8000
+ExitPolicy accept *:8008
+ExitPolicy accept *:8074
+ExitPolicy accept *:8080
+ExitPolicy accept *:8082
+ExitPolicy accept *:8087-8088
+ExitPolicy accept *:8232-8233
+ExitPolicy accept *:8332-8333
+ExitPolicy accept *:8443
+ExitPolicy accept *:8888
+ExitPolicy accept *:9418
+ExitPolicy accept *:9999
+ExitPolicy accept *:10000
+ExitPolicy accept *:11371
+ExitPolicy accept *:19294
+ExitPolicy accept *:19638
+ExitPolicy accept *:50002
+ExitPolicy accept *:64738
+ExitPolicy reject *:*
\ No newline at end of file
diff --git a/examples/relay-guard.conf b/examples/relay-guard.conf
index 65e951a..58e5a7c 100644
--- a/examples/relay-guard.conf
+++ b/examples/relay-guard.conf
@@ -1,139 +1,21 @@
-# Tor Guard Relay Configuration Example
-# Copy this file, customize it, and mount it to /etc/tor/torrc
-
-# ============================================================================
-# REQUIRED: Basic Relay Information
-# ============================================================================
-
-# Your relay's nickname (alphanumeric, 1-19 characters)
-Nickname MyTorRelay
-
-# Contact information (email + optional PGP key)
-# This helps the Tor Project contact you about issues
+Nickname MyTorGuardRelay
 ContactInfo your-email@example.com <0xYOUR_PGP_FINGERPRINT>
-
-# ============================================================================
-# REQUIRED: Network Configuration
-# ============================================================================
-
-# ORPort - The port for incoming Tor connections
-# Common choices: 443, 9001, or any port > 1024
-# IPv4 only
 ORPort 9001
-
-# IPv4 + IPv6 (recommended if you have IPv6)
-# Use the same port number for both IPv4 and IPv6
-# ORPort [::]:9001
-
-# DirPort - Directory information port (optional but recommended for guards)
-# Common choices: 80, 9030, or any port > 1024
-# Set to 0 to disable directory serving
+ORPort [::]:9001
 DirPort 9030
-
-# ============================================================================
-# REQUIRED: Relay Type
-# ============================================================================
-
-# Set to 0 to run as a guard/middle relay (NOT an exit relay)
-# IMPORTANT: Do NOT change this unless you understand exit relay legal risks
 ExitRelay 0
-
-# Disable SOCKS proxy (we're a relay, not a client)
-SocksPort 0
-
-# Explicit exit policy: reject all exit traffic
 ExitPolicy reject *:*
-
-# ============================================================================
-# REQUIRED: Data & Logging
-# ============================================================================
-
-# Where Tor stores its data (keys, state, etc.)
+RelayBandwidthRate 10 MBytes
+RelayBandwidthBurst 20 MBytes
+NumCPUs 1
+MaxMemInQueues 1024 MB
+DisableDebuggerAttachment 1
+AvoidDiskWrites 1
 DataDirectory /var/lib/tor
-
-# Log level and location (file + stdout for container logs)
 Log notice file /var/log/tor/notices.log
 Log notice stdout
-
-# ============================================================================
-# OPTIONAL: Bandwidth Limits
-# ============================================================================
-
-# Limit bandwidth to prevent overwhelming your connection
-# Adjust these values based on your available bandwidth
-
-# Option 1: Relay-specific bandwidth (recommended for relays)
-# Average bandwidth (sustained rate)
-RelayBandwidthRate 10 MBytes
-
-# Burst bandwidth (temporary spikes)
-RelayBandwidthBurst 20 MBytes
-
-# Option 2: Global bandwidth limits (applies to all Tor traffic)
-# BandwidthRate 10 MBytes
-# BandwidthBurst 20 MBytes
-
-# Note: Use RelayBandwidthRate/Burst for guard relays to avoid limiting
-# directory and other non-relay traffic. Use BandwidthRate/Burst if you
-# want to limit ALL Tor traffic including directory requests.
-
-# Alternatively, use AccountingMax to limit monthly traffic:
-# AccountingStart month 1 00:00
-# AccountingMax 500 GB
-
-# ============================================================================
-# OPTIONAL: Performance Tuning
-# ============================================================================
-
-# Number of CPU cores to use
-# Set to 0 for auto-detect, or specify manually
-NumCPUs 2
-
-# Maximum number of connections
-# Default is usually fine, but you can increase for high-bandwidth relays
-# MaxMemInQueues 512 MB
-
-# ============================================================================
-# OPTIONAL: Advanced Settings
-# ============================================================================
-
-# If you're behind NAT and need to advertise a different IP
-# Address YOUR.PUBLIC.IP.HERE
-
-# If your ISP blocks certain ports, you can use a different ORPort
-# ORPort 443
-
-# Enable if you want to be a directory mirror
-# DirPort 80
-
-# ============================================================================
-# Security Notes
-# ============================================================================
-
-# 1. NEVER set ExitRelay to 1 unless you:
-#    - Understand the legal implications
-#    - Have proper legal protection
-#    - Are willing to handle abuse complaints
-#
-# 2. Use a dedicated server/VPS for relay operation
-#
-# 3. Keep your contact info up to date
-#
-# 4. Monitor your relay regularly using:
-#    docker exec guard-relay status
-#
-# 5. Check Tor Metrics after 24-48 hours:
-#    https://metrics.torproject.org/rs.html
-
-# ============================================================================
-# Helpful Resources
-# ============================================================================
-
-# Official Tor Relay Guide:
-# https://community.torproject.org/relay/
-
-# Tor Relay Requirements:
-# https://community.torproject.org/relay/relays-requirements/
-
-# Good/Bad Relays Criteria:
-# https://community.torproject.org/relay/community-resources/good-bad-isps/
\ No newline at end of file
+ControlPort 0
+ControlSocket /var/lib/tor/control_socket
+ControlSocketsGroupWritable 1
+#HashedControlPassword 16:YOUR_HASHED_PASSWORD_HERE
+SocksPort 0
\ No newline at end of file
diff --git a/templates/tor-exit-notice/tor-exit-notice (r3bo0tbx1).html b/templates/tor-exit-notice/tor-exit-notice (r3bo0tbx1).html
index 2db2883..9c47a64 100644
--- a/templates/tor-exit-notice/tor-exit-notice (r3bo0tbx1).html	
+++ b/templates/tor-exit-notice/tor-exit-notice (r3bo0tbx1).html	
@@ -97,6 +97,17 @@
         animation: blink 2s infinite;
       }
 
+      .status-pill.danger {
+        color: var(--danger);
+        border-color: rgba(255, 123, 114, 0.4);
+        background: rgba(255, 123, 114, 0.1);
+      }
+
+      .status-pill.danger::before {
+        background-color: var(--danger);
+        box-shadow: 0 0 10px var(--danger);
+      }
+
       .card {
         background-color: var(--card-bg);
         border: 1px solid var(--card-border);
@@ -475,6 +486,15 @@
       <header>
         <h1>Tor Exit Router</h1>
         <div class="status-pill">System Operational</div>
+        <div style="margin-top: 10px;">
+          <noscript>
+            <div class="status-pill"> JavaScript: Disabled (Safe) </div>
+          </noscript>
+          <div id="js-warning" class="status-pill danger" style="display: none;"> JavaScript: Enabled </div>
+        </div>
+        <script>
+          document.getElementById('js-warning').style.display = 'inline-flex';
+        </script>
       </header>
       <section class="card">
         <h2>
@@ -562,9 +582,6 @@
           <div class="contact-box">
             <span class="contact-label">P2P Policy</span>
             <span class="contact-value" style="color: var(--danger);">Blocked</span>
-            <!-- if P2P is allowed, use this instead:
-            <span class="contact-value" style="color: var(--safe);">Allowed</span>
-            -->
           </div>
           <div class="contact-box">
             <span class="contact-label">Logs</span>