summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2016-09-02 12:35:09 -0700
committerMicah Anderson <micah@riseup.net>2016-09-13 16:42:36 -0400
commita063280eab5e8749c74381aabbe641c30887e9f6 (patch)
tree45436172c746bc12517ae54a9b4838653ded18ed
parent4ced0625250b82c725d6890e49cd24a20b856d40 (diff)
[bugfix] static sites: only enable hidden service by default if one domain is configured
The problem is that we have a single onion address per server, so if more than one domain is configured we need to make sure they don't both try to use the same onion address.
-rw-r--r--puppet/modules/site_static/manifests/domain.pp1
-rw-r--r--puppet/modules/site_static/manifests/init.pp8
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb2
3 files changed, 10 insertions, 1 deletions
diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp
index b26cc9e3..6cf2c653 100644
--- a/puppet/modules/site_static/manifests/domain.pp
+++ b/puppet/modules/site_static/manifests/domain.pp
@@ -4,6 +4,7 @@ define site_static::domain (
$key,
$cert,
$tls_only=true,
+ $use_hidden_service=false,
$locations=undef,
$aliases=undef,
$apache_config=undef) {
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 824619b4..dd3f912d 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -77,6 +77,14 @@ class site_static {
if $hidden_service['active'] {
include site_static::hidden_service
}
+ # Currently, we only support a single hidden service address per server.
+ # So if there is more than one domain configured, then we need to make sure
+ # we don't enable the hidden service for every domain.
+ if size(keys($domains)) == 1 {
+ $always_use_hidden_service = true
+ } else {
+ $always_use_hidden_service = false
+ }
}
create_resources(site_static::domain, $domains)
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index af9a520d..dd04ca43 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -74,7 +74,7 @@
Require all granted
</Directory>
-<%- if @tor -%>
+<%- if @tor && (@always_use_hidden_service || @use_hidden_service) -%>
##
## Tor
##