diff --git a/site-cookbooks/tor-full/README.md b/site-cookbooks/tor-full/README.md
index 6b2a6c4..415cbf7 100644
--- a/site-cookbooks/tor-full/README.md
+++ b/site-cookbooks/tor-full/README.md
@@ -32,6 +32,8 @@ The following platform families are supported:
 * `node['tor']['MinLogLevel']` - The minimum log level to log. Possible values include debug, info, notice, warn, and err.
 * `node['tor']['LogDestination']` - Where logs should be written. Valid values include a path to a file or "syslog"
 * `node['tor']['SocksPorts']` - List of 'address:port' to open tor socks proxy on. Defaults to disabled
+* `node['tor']['ControlPort']` - The port on which Tor will listen for local connections from Tor controller applications
+* `node['tor']['CookieAuthentication']` - Enable this (`true`) when using ControlPort
 
 ### Hidden Services config section
 
diff --git a/site-cookbooks/tor-full/templates/default/torrc.erb b/site-cookbooks/tor-full/templates/default/torrc.erb
index f5dd682..ca07818 100644
--- a/site-cookbooks/tor-full/templates/default/torrc.erb
+++ b/site-cookbooks/tor-full/templates/default/torrc.erb
@@ -65,11 +65,11 @@ DataDirectory <%= node['tor']['DataDirectory'] %>
 
 ## The port on which Tor will listen for local connections from Tor
 ## controller applications, as documented in control-spec.txt.
-#ControlPort 9051
+<% if node['tor']['ControlPort'] %>ControlPort <%= node['tor']['ControlPort'] %><% else %>#ControlPort 9051<% end %>
 ## If you enable the controlport, be sure to enable one of these
 ## authentication methods, to prevent attackers from accessing it.
 #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
-#CookieAuthentication 1
+<% if node['tor']['CookieAuthentication'] %>CookieAuthentication 1<% else %>#CookieAuthentication 1<% end %>
 
 ############### This section is just for location-hidden services ###