diff options
| author | Micah Anderson <micah@riseup.net> | 2017-04-24 14:38:32 -0400 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2017-04-25 16:58:41 -0400 |
| commit | ada9645de11d75701db8202f34de5c26a2b749c2 (patch) | |
| tree | 26f5239a2dd8c3e2ddefccee15839faeae7a16a2 | |
| parent | c393af8fd5321b8ddf547aed22f833899e56e20e (diff) | |
Add single-hop hidden service capability.
This cuts the number of hops for a tor onion service from 6 to 3,
speeding it up considerably. This removes the anonymity aspect of the
service, so it must be enabled intentionally, knowing that the server's
location no longer is hidden.
| -rw-r--r-- | provider_base/services/tor.json | 3 | ||||
| -rw-r--r-- | puppet/modules/site_static/manifests/hidden_service.pp | 7 | ||||
| -rw-r--r-- | puppet/modules/site_static/manifests/init.pp | 3 | ||||
| -rw-r--r-- | puppet/modules/site_tor/manifests/init.pp | 2 | ||||
| -rw-r--r-- | puppet/modules/site_webapp/manifests/hidden_service.pp | 5 |
5 files changed, 13 insertions, 7 deletions
diff --git a/provider_base/services/tor.json b/provider_base/services/tor.json index e80310fe..a0d44fef 100644 --- a/provider_base/services/tor.json +++ b/provider_base/services/tor.json @@ -9,7 +9,8 @@ "key_type": "RSA", "public_key": "= tor_public_key_path(:node_tor_pub_key, tor.hidden_service.key_type) if tor.hidden_service.active", "private_key": "= tor_private_key_path(:node_tor_priv_key, tor.hidden_service.key_type) if tor.hidden_service.active", - "address": "=> tor.hidden_service.active && onion_address(:node_tor_pub_key)" + "address": "=> tor.hidden_service.active && onion_address(:node_tor_pub_key)", + "single_hop": false } } } diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp index 8a10398a..b64a35bc 100644 --- a/puppet/modules/site_static/manifests/hidden_service.pp +++ b/puppet/modules/site_static/manifests/hidden_service.pp @@ -1,8 +1,11 @@ # create hidden service for static sites -class site_static::hidden_service { +class site_static::hidden_service ( $single_hop = false ) { include tor::daemon - tor::daemon::hidden_service { 'static': ports => [ '80 127.0.0.1:80'] } + tor::daemon::hidden_service { 'static': + ports => [ '80 127.0.0.1:80'], + single_hop => $single_hop + } file { '/var/lib/tor/webapp/': ensure => directory, diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index dd3f912d..8be791e5 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -74,8 +74,7 @@ class site_static { if $tor { $hidden_service = $tor['hidden_service'] $tor_domain = "${hidden_service['address']}.onion" - if $hidden_service['active'] { - include site_static::hidden_service + class { 'site_static::hidden_service': single_hop => $hidden_service['single_hop'] } # Currently, we only support a single hidden service address per server. # So if there is more than one domain configured, then we need to make sure diff --git a/puppet/modules/site_tor/manifests/init.pp b/puppet/modules/site_tor/manifests/init.pp index 2207a5a9..8a92a944 100644 --- a/puppet/modules/site_tor/manifests/init.pp +++ b/puppet/modules/site_tor/manifests/init.pp @@ -20,7 +20,7 @@ class site_tor { } include site_config::default - include tor::daemon + class { 'tor::daemon': ensure_version => latest } tor::daemon::relay { $nickname: port => 9001, address => $address, diff --git a/puppet/modules/site_webapp/manifests/hidden_service.pp b/puppet/modules/site_webapp/manifests/hidden_service.pp index 81d431cd..6651df86 100644 --- a/puppet/modules/site_webapp/manifests/hidden_service.pp +++ b/puppet/modules/site_webapp/manifests/hidden_service.pp @@ -11,7 +11,10 @@ class site_webapp::hidden_service { include apache::module::removeip include tor::daemon - tor::daemon::hidden_service { 'webapp': ports => [ '80 127.0.0.1:80'] } + tor::daemon::hidden_service { 'webapp': + ports => [ '80 127.0.0.1:80'], + single_hop => $hidden_service['single_hop'] + } file { '/var/lib/tor/webapp/': |