Add tor hostnames for main website and peertube

This commit is contained in:
Ivan R. 2024-10-24 12:47:12 +05:00
parent 1bbcc7fbdd
commit 8f81c5ae60
Signed by: lumin
GPG key ID: E0937DC7CD6D3817
9 changed files with 46 additions and 5 deletions

View file

@ -30,14 +30,15 @@ frontend www
bind :80 bind :80
bind :443 ssl crt /usr/local/etc/haproxy/certs bind :443 ssl crt /usr/local/etc/haproxy/certs
acl host_mastodon_tor hdr(host) -i mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion acl has_domain hdr_sub(host) -i comfycamp.space
http-request redirect scheme https unless { ssl_fc } || host_mastodon_tor http-request redirect scheme https if !{ ssl_fc } has_domain
http-request set-header X-Forwarded-Proto http if !{ ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" if { ssl_fc } http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" if { ssl_fc } has_domain
acl host_mastodon hdr(host) -i m.comfycamp.space acl host_mastodon hdr(host) -i m.comfycamp.space
acl host_mastodon_tor hdr(host) -i mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
acl path_streaming_api path_beg /api/v1/streaming acl path_streaming_api path_beg /api/v1/streaming
use_backend mastodon_streaming if host_mastodon path_streaming_api use_backend mastodon_streaming if host_mastodon path_streaming_api
use_backend mastodon_streaming if host_mastodon_tor path_streaming_api use_backend mastodon_streaming if host_mastodon_tor path_streaming_api
@ -52,7 +53,8 @@ frontend www
use_backend minio if host_s3 use_backend minio if host_s3
acl host_peertube hdr(host) -i v.comfycamp.space acl host_peertube hdr(host) -i v.comfycamp.space
use_backend peertube if host_peertube acl host_peertube_tor hdr(host) -i vcomfyooxdbibyusen75qbzaunrjykw2cxkc6txm6qykkdv4z2danpid.onion
use_backend peertube if host_peertube || host_peertube_tor
acl host_authentik hdr(host) -i auth.comfycamp.space acl host_authentik hdr(host) -i auth.comfycamp.space
use_backend authentik if host_authentik use_backend authentik if host_authentik
@ -65,7 +67,8 @@ frontend www
use_backend nextcloud if host_nextcloud use_backend nextcloud if host_nextcloud
acl host_comfycamp hdr(host) -i comfycamp.space acl host_comfycamp hdr(host) -i comfycamp.space
use_backend comfycamp if host_comfycamp acl host_comfycamp_tor hdr(host) -i comfycgmgfvowbbw2ckkobuvk4cejo2e56uxrhznravxnrl7itftpkad.onion
use_backend comfycamp if host_comfycamp || host_comfycamp_tor
acl host_vaultwarden hdr(host) -i vault.comfycamp.space acl host_vaultwarden hdr(host) -i vault.comfycamp.space
use_backend vaultwarden if host_vaultwarden use_backend vaultwarden if host_vaultwarden
@ -93,6 +96,7 @@ frontend authentik_ldap
backend comfycamp backend comfycamp
mode http mode http
http-response set-header Onion-Location http://comfycgmgfvowbbw2ckkobuvk4cejo2e56uxrhznravxnrl7itftpkad.onion%[capture.req.uri]
server green comfycamp:4000 check server green comfycamp:4000 check
backend mastodon backend mastodon
@ -143,6 +147,7 @@ backend grafana
backend peertube backend peertube
mode http mode http
option forwardfor option forwardfor
http-response set-header Onion-Location http://vcomfyooxdbibyusen75qbzaunrjykw2cxkc6txm6qykkdv4z2danpid.onion%[capture.req.uri]
server s1 peertube:9000 server s1 peertube:9000
backend authentik backend authentik

View file

@ -0,0 +1 @@
comfycgmgfvowbbw2ckkobuvk4cejo2e56uxrhznravxnrl7itftpkad.onion

Binary file not shown.

View file

@ -0,0 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256
39626133396332383139633136313431306536623461363964666262346335366438373465636431
3236353561636430613936323539353933633666306139320a373761323366333535623661376462
36353936643266376634346633613035303862303335623966316331643065386338383834656261
3330363932366634320a323130303438373036373462393163316237323266366339373735613733
34656537663466376131313030313739336135376636373539653635616464393361323331656330
38303134393161333534306136616363373566323433643031626430613563306639313866326665
31376336333939616630373937633338643636656132306539633836313332396265623333623566
33623430356632363239656131323137383063343935633662373032366633323464383563316437
33323530343165623830376237323034303964393464363762636235306233663539

View file

@ -0,0 +1 @@
vcomfyooxdbibyusen75qbzaunrjykw2cxkc6txm6qykkdv4z2danpid.onion

Binary file not shown.

View file

@ -0,0 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256
39373130346332633837333639626538626535663532373434616335313233386139636266623764
3764363962343532396162336532353232346165313961360a633565313266653761653935366365
61336132363435313834316165353962646339333262656431313334386461343830363063303963
3130633331653534620a346536373937396336653434396563373830623062353535396231373333
33663638303963346362383033383437616565353934383561366362366135333163363035383663
63333834313263333433363765353863306263333165313962313131323931366335306235336334
31613764396263333134353864353330643539653930326433316532336336656336373261313439
63313033373465313338643163643232626232646139323362303137313232373461613034663664
39313261313162343832333634343036376666363434353931383830626435333633

View file

@ -10,6 +10,8 @@
- /etc/tor - /etc/tor
- /var/lib/tor - /var/lib/tor
- /var/lib/tor/mastodon - /var/lib/tor/mastodon
- /var/lib/tor/peertube
- /var/lib/tor/comfycamp
- name: Copy tor config - name: Copy tor config
become: true become: true
ansible.builtin.template: ansible.builtin.template:
@ -29,6 +31,12 @@
- mastodon/hostname - mastodon/hostname
- mastodon/hs_ed25519_public_key - mastodon/hs_ed25519_public_key
- mastodon/hs_ed25519_secret_key - mastodon/hs_ed25519_secret_key
- peertube/hostname
- peertube/hs_ed25519_public_key
- peertube/hs_ed25519_secret_key
- comfycamp/hostname
- comfycamp/hs_ed25519_public_key
- comfycamp/hs_ed25519_secret_key
register: tor_files register: tor_files
- name: Create tor network - name: Create tor network
become: true become: true

View file

@ -69,6 +69,12 @@ DataDirectory /var/lib/tor
HiddenServiceDir /var/lib/tor/mastodon/ HiddenServiceDir /var/lib/tor/mastodon/
HiddenServicePort 80 haproxy:80 HiddenServicePort 80 haproxy:80
HiddenServiceDir /var/lib/tor/peertube/
HiddenServicePort 80 haproxy:80
HiddenServiceDir /var/lib/tor/comfycamp/
HiddenServicePort 80 haproxy:80
################ This section is just for relays ##################### ################ This section is just for relays #####################
# #
## See https://www.torproject.org/docs/tor-doc-relay for details. ## See https://www.torproject.org/docs/tor-doc-relay for details.