diff options
author | Micah Anderson <micah@riseup.net> | 2017-04-24 14:38:32 -0400 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2017-04-25 16:58:41 -0400 |
commit | ada9645de11d75701db8202f34de5c26a2b749c2 (patch) | |
tree | 26f5239a2dd8c3e2ddefccee15839faeae7a16a2 /puppet/modules/site_static | |
parent | c393af8fd5321b8ddf547aed22f833899e56e20e (diff) |
Add single-hop hidden service capability.
This cuts the number of hops for a tor onion service from 6 to 3,
speeding it up considerably. This removes the anonymity aspect of the
service, so it must be enabled intentionally, knowing that the server's
location no longer is hidden.
Diffstat (limited to 'puppet/modules/site_static')
-rw-r--r-- | puppet/modules/site_static/manifests/hidden_service.pp | 7 | ||||
-rw-r--r-- | puppet/modules/site_static/manifests/init.pp | 3 |
2 files changed, 6 insertions, 4 deletions
diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp index 8a10398a..b64a35bc 100644 --- a/puppet/modules/site_static/manifests/hidden_service.pp +++ b/puppet/modules/site_static/manifests/hidden_service.pp @@ -1,8 +1,11 @@ # create hidden service for static sites -class site_static::hidden_service { +class site_static::hidden_service ( $single_hop = false ) { include tor::daemon - tor::daemon::hidden_service { 'static': ports => [ '80 127.0.0.1:80'] } + tor::daemon::hidden_service { 'static': + ports => [ '80 127.0.0.1:80'], + single_hop => $single_hop + } file { '/var/lib/tor/webapp/': ensure => directory, diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index dd3f912d..8be791e5 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -74,8 +74,7 @@ class site_static { if $tor { $hidden_service = $tor['hidden_service'] $tor_domain = "${hidden_service['address']}.onion" - if $hidden_service['active'] { - include site_static::hidden_service + class { 'site_static::hidden_service': single_hop => $hidden_service['single_hop'] } # Currently, we only support a single hidden service address per server. # So if there is more than one domain configured, then we need to make sure |