diff options
author | irregulator <irregulator@riseup.net> | 2014-05-28 17:35:12 +0300 |
---|---|---|
committer | elijah <elijah@riseup.net> | 2014-07-01 16:05:41 -0700 |
commit | 791e22b136910ecfa204eb78be747baed2b02590 (patch) | |
tree | 4f47b0ee88d8ebd07d62ae840854fc7e0c435fa1 | |
parent | 08f4c51cbbf9a4307375278ab42d31aa65d57645 (diff) |
Make obfsproxy daemon bind to specific address rather than 0.0.0.0
If obfsproxy is spawned alongside eip service, make it listen to
the gateway_adress IP. If obfsproxy is running standalone listen
to ip_address.
-rwxr-xr-x | puppet/modules/obfsproxy/files/obfsproxy_init | 2 | ||||
-rw-r--r-- | puppet/modules/obfsproxy/manifests/init.pp | 1 | ||||
-rw-r--r-- | puppet/modules/obfsproxy/templates/etc_conf.erb | 1 | ||||
-rw-r--r-- | puppet/modules/site_obfsproxy/manifests/init.pp | 19 |
4 files changed, 17 insertions, 6 deletions
diff --git a/puppet/modules/obfsproxy/files/obfsproxy_init b/puppet/modules/obfsproxy/files/obfsproxy_init index 629fea9f..69dbab41 100755 --- a/puppet/modules/obfsproxy/files/obfsproxy_init +++ b/puppet/modules/obfsproxy/files/obfsproxy_init @@ -32,7 +32,7 @@ else fi DAEMONARGS=" --log-min-severity=$LOG --log-file=$LOGFILE --data-dir=$DATDIR \ - $TRANSPORT $PARAM --dest=$DEST_IP:$DEST_PORT server 0.0.0.0:$PORT" + $TRANSPORT $PARAM --dest=$DEST_IP:$DEST_PORT server $BINDADDR:$PORT" start_obfsproxy() { start-stop-daemon --start --quiet --oknodo -m --pidfile $PIDFILE \ diff --git a/puppet/modules/obfsproxy/manifests/init.pp b/puppet/modules/obfsproxy/manifests/init.pp index ddb198bb..35d47d13 100644 --- a/puppet/modules/obfsproxy/manifests/init.pp +++ b/puppet/modules/obfsproxy/manifests/init.pp @@ -1,5 +1,6 @@ class obfsproxy ( $transport, + $bind_address, $port, $param, $dest_ip, diff --git a/puppet/modules/obfsproxy/templates/etc_conf.erb b/puppet/modules/obfsproxy/templates/etc_conf.erb index d9938e1a..10f6a7f7 100644 --- a/puppet/modules/obfsproxy/templates/etc_conf.erb +++ b/puppet/modules/obfsproxy/templates/etc_conf.erb @@ -8,4 +8,5 @@ PARAM=--password=<%= @param %> PARAM=<%= @param %> <% end %> LOG=<%= @log_level %> +BINDADDR=<%= @bind_address %> diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp index 6509fec8..40b7fba8 100644 --- a/puppet/modules/site_obfsproxy/manifests/init.pp +++ b/puppet/modules/site_obfsproxy/manifests/init.pp @@ -11,15 +11,24 @@ class site_obfsproxy { $dest_ip = $obfsproxy['gateway_address'] $dest_port = '443' + if $::services =~ /\bopenvpn\b/ { + $openvpn = hiera('openvpn') + $bind_address = $openvpn['gateway_address'] + } + elsif $::services =~ /\bobfsproxy\b/ { + $bind_address = hiera('ip_address') + } + include site_apt::preferences::twisted include site_apt::preferences::obfsproxy class { 'obfsproxy': - transport => $transport, - port => $scram_port, - param => $scram_pass, - dest_ip => $dest_ip, - dest_port => $dest_port, + transport => $transport, + bind_address => $bind_address, + port => $scram_port, + param => $scram_pass, + dest_ip => $dest_ip, + dest_port => $dest_port, } include site_shorewall::obfsproxy |