Add tor hostnames for main website and peertube
This commit is contained in:
parent
1bbcc7fbdd
commit
8f81c5ae60
9 changed files with 46 additions and 5 deletions
|
@ -30,14 +30,15 @@ frontend www
|
||||||
bind :80
|
bind :80
|
||||||
bind :443 ssl crt /usr/local/etc/haproxy/certs
|
bind :443 ssl crt /usr/local/etc/haproxy/certs
|
||||||
|
|
||||||
acl host_mastodon_tor hdr(host) -i mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
|
acl has_domain hdr_sub(host) -i comfycamp.space
|
||||||
|
|
||||||
http-request redirect scheme https unless { ssl_fc } || host_mastodon_tor
|
http-request redirect scheme https if !{ ssl_fc } has_domain
|
||||||
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
|
||||||
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
http-request set-header X-Forwarded-Proto https if { ssl_fc }
|
||||||
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" if { ssl_fc }
|
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" if { ssl_fc } has_domain
|
||||||
|
|
||||||
acl host_mastodon hdr(host) -i m.comfycamp.space
|
acl host_mastodon hdr(host) -i m.comfycamp.space
|
||||||
|
acl host_mastodon_tor hdr(host) -i mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
|
||||||
acl path_streaming_api path_beg /api/v1/streaming
|
acl path_streaming_api path_beg /api/v1/streaming
|
||||||
use_backend mastodon_streaming if host_mastodon path_streaming_api
|
use_backend mastodon_streaming if host_mastodon path_streaming_api
|
||||||
use_backend mastodon_streaming if host_mastodon_tor path_streaming_api
|
use_backend mastodon_streaming if host_mastodon_tor path_streaming_api
|
||||||
|
@ -52,7 +53,8 @@ frontend www
|
||||||
use_backend minio if host_s3
|
use_backend minio if host_s3
|
||||||
|
|
||||||
acl host_peertube hdr(host) -i v.comfycamp.space
|
acl host_peertube hdr(host) -i v.comfycamp.space
|
||||||
use_backend peertube if host_peertube
|
acl host_peertube_tor hdr(host) -i vcomfyooxdbibyusen75qbzaunrjykw2cxkc6txm6qykkdv4z2danpid.onion
|
||||||
|
use_backend peertube if host_peertube || host_peertube_tor
|
||||||
|
|
||||||
acl host_authentik hdr(host) -i auth.comfycamp.space
|
acl host_authentik hdr(host) -i auth.comfycamp.space
|
||||||
use_backend authentik if host_authentik
|
use_backend authentik if host_authentik
|
||||||
|
@ -65,7 +67,8 @@ frontend www
|
||||||
use_backend nextcloud if host_nextcloud
|
use_backend nextcloud if host_nextcloud
|
||||||
|
|
||||||
acl host_comfycamp hdr(host) -i comfycamp.space
|
acl host_comfycamp hdr(host) -i comfycamp.space
|
||||||
use_backend comfycamp if host_comfycamp
|
acl host_comfycamp_tor hdr(host) -i comfycgmgfvowbbw2ckkobuvk4cejo2e56uxrhznravxnrl7itftpkad.onion
|
||||||
|
use_backend comfycamp if host_comfycamp || host_comfycamp_tor
|
||||||
|
|
||||||
acl host_vaultwarden hdr(host) -i vault.comfycamp.space
|
acl host_vaultwarden hdr(host) -i vault.comfycamp.space
|
||||||
use_backend vaultwarden if host_vaultwarden
|
use_backend vaultwarden if host_vaultwarden
|
||||||
|
@ -93,6 +96,7 @@ frontend authentik_ldap
|
||||||
|
|
||||||
backend comfycamp
|
backend comfycamp
|
||||||
mode http
|
mode http
|
||||||
|
http-response set-header Onion-Location http://comfycgmgfvowbbw2ckkobuvk4cejo2e56uxrhznravxnrl7itftpkad.onion%[capture.req.uri]
|
||||||
server green comfycamp:4000 check
|
server green comfycamp:4000 check
|
||||||
|
|
||||||
backend mastodon
|
backend mastodon
|
||||||
|
@ -143,6 +147,7 @@ backend grafana
|
||||||
backend peertube
|
backend peertube
|
||||||
mode http
|
mode http
|
||||||
option forwardfor
|
option forwardfor
|
||||||
|
http-response set-header Onion-Location http://vcomfyooxdbibyusen75qbzaunrjykw2cxkc6txm6qykkdv4z2danpid.onion%[capture.req.uri]
|
||||||
server s1 peertube:9000
|
server s1 peertube:9000
|
||||||
|
|
||||||
backend authentik
|
backend authentik
|
||||||
|
|
1
roles/tor/files/comfycamp/hostname
Normal file
1
roles/tor/files/comfycamp/hostname
Normal file
|
@ -0,0 +1 @@
|
||||||
|
comfycgmgfvowbbw2ckkobuvk4cejo2e56uxrhznravxnrl7itftpkad.onion
|
BIN
roles/tor/files/comfycamp/hs_ed25519_public_key
Normal file
BIN
roles/tor/files/comfycamp/hs_ed25519_public_key
Normal file
Binary file not shown.
10
roles/tor/files/comfycamp/hs_ed25519_secret_key
Normal file
10
roles/tor/files/comfycamp/hs_ed25519_secret_key
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
39626133396332383139633136313431306536623461363964666262346335366438373465636431
|
||||||
|
3236353561636430613936323539353933633666306139320a373761323366333535623661376462
|
||||||
|
36353936643266376634346633613035303862303335623966316331643065386338383834656261
|
||||||
|
3330363932366634320a323130303438373036373462393163316237323266366339373735613733
|
||||||
|
34656537663466376131313030313739336135376636373539653635616464393361323331656330
|
||||||
|
38303134393161333534306136616363373566323433643031626430613563306639313866326665
|
||||||
|
31376336333939616630373937633338643636656132306539633836313332396265623333623566
|
||||||
|
33623430356632363239656131323137383063343935633662373032366633323464383563316437
|
||||||
|
33323530343165623830376237323034303964393464363762636235306233663539
|
1
roles/tor/files/peertube/hostname
Normal file
1
roles/tor/files/peertube/hostname
Normal file
|
@ -0,0 +1 @@
|
||||||
|
vcomfyooxdbibyusen75qbzaunrjykw2cxkc6txm6qykkdv4z2danpid.onion
|
BIN
roles/tor/files/peertube/hs_ed25519_public_key
Normal file
BIN
roles/tor/files/peertube/hs_ed25519_public_key
Normal file
Binary file not shown.
10
roles/tor/files/peertube/hs_ed25519_secret_key
Normal file
10
roles/tor/files/peertube/hs_ed25519_secret_key
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
$ANSIBLE_VAULT;1.1;AES256
|
||||||
|
39373130346332633837333639626538626535663532373434616335313233386139636266623764
|
||||||
|
3764363962343532396162336532353232346165313961360a633565313266653761653935366365
|
||||||
|
61336132363435313834316165353962646339333262656431313334386461343830363063303963
|
||||||
|
3130633331653534620a346536373937396336653434396563373830623062353535396231373333
|
||||||
|
33663638303963346362383033383437616565353934383561366362366135333163363035383663
|
||||||
|
63333834313263333433363765353863306263333165313962313131323931366335306235336334
|
||||||
|
31613764396263333134353864353330643539653930326433316532336336656336373261313439
|
||||||
|
63313033373465313338643163643232626232646139323362303137313232373461613034663664
|
||||||
|
39313261313162343832333634343036376666363434353931383830626435333633
|
|
@ -10,6 +10,8 @@
|
||||||
- /etc/tor
|
- /etc/tor
|
||||||
- /var/lib/tor
|
- /var/lib/tor
|
||||||
- /var/lib/tor/mastodon
|
- /var/lib/tor/mastodon
|
||||||
|
- /var/lib/tor/peertube
|
||||||
|
- /var/lib/tor/comfycamp
|
||||||
- name: Copy tor config
|
- name: Copy tor config
|
||||||
become: true
|
become: true
|
||||||
ansible.builtin.template:
|
ansible.builtin.template:
|
||||||
|
@ -29,6 +31,12 @@
|
||||||
- mastodon/hostname
|
- mastodon/hostname
|
||||||
- mastodon/hs_ed25519_public_key
|
- mastodon/hs_ed25519_public_key
|
||||||
- mastodon/hs_ed25519_secret_key
|
- mastodon/hs_ed25519_secret_key
|
||||||
|
- peertube/hostname
|
||||||
|
- peertube/hs_ed25519_public_key
|
||||||
|
- peertube/hs_ed25519_secret_key
|
||||||
|
- comfycamp/hostname
|
||||||
|
- comfycamp/hs_ed25519_public_key
|
||||||
|
- comfycamp/hs_ed25519_secret_key
|
||||||
register: tor_files
|
register: tor_files
|
||||||
- name: Create tor network
|
- name: Create tor network
|
||||||
become: true
|
become: true
|
||||||
|
|
|
@ -69,6 +69,12 @@ DataDirectory /var/lib/tor
|
||||||
HiddenServiceDir /var/lib/tor/mastodon/
|
HiddenServiceDir /var/lib/tor/mastodon/
|
||||||
HiddenServicePort 80 haproxy:80
|
HiddenServicePort 80 haproxy:80
|
||||||
|
|
||||||
|
HiddenServiceDir /var/lib/tor/peertube/
|
||||||
|
HiddenServicePort 80 haproxy:80
|
||||||
|
|
||||||
|
HiddenServiceDir /var/lib/tor/comfycamp/
|
||||||
|
HiddenServicePort 80 haproxy:80
|
||||||
|
|
||||||
################ This section is just for relays #####################
|
################ This section is just for relays #####################
|
||||||
#
|
#
|
||||||
## See https://www.torproject.org/docs/tor-doc-relay for details.
|
## See https://www.torproject.org/docs/tor-doc-relay for details.
|
||||||
|
|
Loading…
Reference in a new issue