diff options
| author | irregulator <irregulator@riseup.net> | 2014-05-28 17:35:12 +0300 |
|---|---|---|
| committer | elijah <elijah@riseup.net> | 2014-07-01 16:05:41 -0700 |
| commit | 791e22b136910ecfa204eb78be747baed2b02590 (patch) | |
| tree | 4f47b0ee88d8ebd07d62ae840854fc7e0c435fa1 /puppet/modules/site_obfsproxy/manifests | |
| parent | 08f4c51cbbf9a4307375278ab42d31aa65d57645 (diff) | |
Make obfsproxy daemon bind to specific address rather than 0.0.0.0
If obfsproxy is spawned alongside eip service, make it listen to
the gateway_adress IP. If obfsproxy is running standalone listen
to ip_address.
Diffstat (limited to 'puppet/modules/site_obfsproxy/manifests')
| -rw-r--r-- | puppet/modules/site_obfsproxy/manifests/init.pp | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/puppet/modules/site_obfsproxy/manifests/init.pp b/puppet/modules/site_obfsproxy/manifests/init.pp index 6509fec8..40b7fba8 100644 --- a/puppet/modules/site_obfsproxy/manifests/init.pp +++ b/puppet/modules/site_obfsproxy/manifests/init.pp @@ -11,15 +11,24 @@ class site_obfsproxy { $dest_ip = $obfsproxy['gateway_address'] $dest_port = '443' + if $::services =~ /\bopenvpn\b/ { + $openvpn = hiera('openvpn') + $bind_address = $openvpn['gateway_address'] + } + elsif $::services =~ /\bobfsproxy\b/ { + $bind_address = hiera('ip_address') + } + include site_apt::preferences::twisted include site_apt::preferences::obfsproxy class { 'obfsproxy': - transport => $transport, - port => $scram_port, - param => $scram_pass, - dest_ip => $dest_ip, - dest_port => $dest_port, + transport => $transport, + bind_address => $bind_address, + port => $scram_port, + param => $scram_pass, + dest_ip => $dest_ip, + dest_port => $dest_port, } include site_shorewall::obfsproxy |