From ada9645de11d75701db8202f34de5c26a2b749c2 Mon Sep 17 00:00:00 2001 From: Micah Anderson Date: Mon, 24 Apr 2017 14:38:32 -0400 Subject: Add single-hop hidden service capability. This cuts the number of hops for a tor onion service from 6 to 3, speeding it up considerably. This removes the anonymity aspect of the service, so it must be enabled intentionally, knowing that the server's location no longer is hidden. --- puppet/modules/site_static/manifests/hidden_service.pp | 7 +++++-- puppet/modules/site_static/manifests/init.pp | 3 +-- 2 files changed, 6 insertions(+), 4 deletions(-) (limited to 'puppet/modules/site_static/manifests') diff --git a/puppet/modules/site_static/manifests/hidden_service.pp b/puppet/modules/site_static/manifests/hidden_service.pp index 8a10398a..b64a35bc 100644 --- a/puppet/modules/site_static/manifests/hidden_service.pp +++ b/puppet/modules/site_static/manifests/hidden_service.pp @@ -1,8 +1,11 @@ # create hidden service for static sites -class site_static::hidden_service { +class site_static::hidden_service ( $single_hop = false ) { include tor::daemon - tor::daemon::hidden_service { 'static': ports => [ '80 127.0.0.1:80'] } + tor::daemon::hidden_service { 'static': + ports => [ '80 127.0.0.1:80'], + single_hop => $single_hop + } file { '/var/lib/tor/webapp/': ensure => directory, diff --git a/puppet/modules/site_static/manifests/init.pp b/puppet/modules/site_static/manifests/init.pp index dd3f912d..8be791e5 100644 --- a/puppet/modules/site_static/manifests/init.pp +++ b/puppet/modules/site_static/manifests/init.pp @@ -74,8 +74,7 @@ class site_static { if $tor { $hidden_service = $tor['hidden_service'] $tor_domain = "${hidden_service['address']}.onion" - if $hidden_service['active'] { - include site_static::hidden_service + class { 'site_static::hidden_service': single_hop => $hidden_service['single_hop'] } # Currently, we only support a single hidden service address per server. # So if there is more than one domain configured, then we need to make sure -- cgit v1.2.3