summaryrefslogtreecommitdiff
path: root/puppet/modules/site_static
diff options
context:
space:
mode:
authorelijah <elijah@riseup.net>2016-09-02 12:35:09 -0700
committerMicah Anderson <micah@riseup.net>2016-09-13 16:42:36 -0400
commita063280eab5e8749c74381aabbe641c30887e9f6 (patch)
tree45436172c746bc12517ae54a9b4838653ded18ed /puppet/modules/site_static
parent4ced0625250b82c725d6890e49cd24a20b856d40 (diff)
[bugfix] static sites: only enable hidden service by default if one domain is configured
The problem is that we have a single onion address per server, so if more than one domain is configured we need to make sure they don't both try to use the same onion address.
Diffstat (limited to 'puppet/modules/site_static')
-rw-r--r--puppet/modules/site_static/manifests/domain.pp1
-rw-r--r--puppet/modules/site_static/manifests/init.pp8
-rw-r--r--puppet/modules/site_static/templates/apache.conf.erb2
3 files changed, 10 insertions, 1 deletions
diff --git a/puppet/modules/site_static/manifests/domain.pp b/puppet/modules/site_static/manifests/domain.pp
index b26cc9e3..6cf2c653 100644
--- a/puppet/modules/site_static/manifests/domain.pp
+++ b/puppet/modules/site_static/manifests/domain.pp
@@ -4,6 +4,7 @@ define site_static::domain (
$key,
$cert,
$tls_only=true,
+ $use_hidden_service=false,
$locations=undef,
$aliases=undef,
$apache_config=undef) {
diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp
index 824619b4..dd3f912d 100644
--- a/puppet/modules/site_static/manifests/init.pp
+++ b/puppet/modules/site_static/manifests/init.pp
@@ -77,6 +77,14 @@ class site_static {
if $hidden_service['active'] {
include site_static::hidden_service
}
+ # Currently, we only support a single hidden service address per server.
+ # So if there is more than one domain configured, then we need to make sure
+ # we don't enable the hidden service for every domain.
+ if size(keys($domains)) == 1 {
+ $always_use_hidden_service = true
+ } else {
+ $always_use_hidden_service = false
+ }
}
create_resources(site_static::domain, $domains)
diff --git a/puppet/modules/site_static/templates/apache.conf.erb b/puppet/modules/site_static/templates/apache.conf.erb
index af9a520d..dd04ca43 100644
--- a/puppet/modules/site_static/templates/apache.conf.erb
+++ b/puppet/modules/site_static/templates/apache.conf.erb
@@ -74,7 +74,7 @@
Require all granted
</Directory>
-<%- if @tor -%>
+<%- if @tor && (@always_use_hidden_service || @use_hidden_service) -%>
##
## Tor
##