Make mastodon available in tor

2024-10-15 00:24:44 +05:00 · 2024-10-15 00:24:44 +05:00 · b6bf3fe01f
commit b6bf3fe01f
parent f09891ef0d
4 changed files with 13 additions and 5 deletions
--- a/roles/haproxy/files/haproxy.cfg
+++ b/roles/haproxy/files/haproxy.cfg
@ -29,11 +29,14 @@ frontend www
    mode http
    bind :80
    bind :443 ssl crt /usr/local/etc/haproxy/certs
-    http-request redirect scheme https unless { ssl_fc }
+
+    acl host_mastodon_tor hdr(host) -i mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion
+
+    http-request redirect scheme https if !{ ssl_fc } !host_mastodon_tor
    http-request set-header X-Forwarded-Proto https if { ssl_fc }
    http-request set-header X-Forwarded-Proto http if !{ ssl_fc }

-    acl acl_mastodon hdr(host) -i m.comfycamp.space
+    acl host_mastodon hdr(host) -i m.comfycamp.space
    acl acl_s3 hdr(host) -i s3.comfycamp.space
    acl acl_comfycamp hdr(host) -i comfycamp.space
    acl acl_vaultwarden hdr(host) -i vault.comfycamp.space
@ -44,8 +47,9 @@ frontend www
    acl matrix-path path_beg /_matrix
    acl matrix-path path_beg /_synapse/client

-    use_backend mastodon_streaming if acl_mastodon { path_beg /api/v1/streaming }
-    use_backend mastodon if acl_mastodon
+    use_backend mastodon_streaming if host_mastodon { path_beg /api/v1/streaming }
+    use_backend mastodon_streaming if host_mastodon_tor { path_beg /api/v1/streaming }
+    use_backend mastodon if host_mastodon || host_mastodon_tor
    use_backend minio if acl_s3
    use_backend matrix if matrix-host matrix-path
    use_backend minio_console if acl_minio
@ -67,6 +71,8 @@ backend comfycamp
 backend mastodon
    mode http
    option forwardfor
+    http-response set-header Referrer-Policy same-origin
+    http-response set-header Onion-Location http://mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion%[capture.req.uri]
    server green mastodon-web:3000 check

 backend mastodon_streaming
--- a/roles/mastodon/templates/mastodon.env.j2
+++ b/roles/mastodon/templates/mastodon.env.j2
@ -1,4 +1,5 @@
 LOCAL_DOMAIN={{ local_domain }}
+ALTERNATE_DOMAINS=mcomfyzeyibt2unmkttoxa2li2dzpsljcp3sasrioqsks4ayrl5kk2ad.onion

 REDIS_HOST=redis-mastodon
 REDIS_PORT=6379
--- a/roles/tor/tasks/main.yml
+++ b/roles/tor/tasks/main.yml
@ -41,6 +41,7 @@
    image: git.comfycamp.space/lumin/homelab-tor:v0.0.2
    networks:
      - name: tor
+      - name: haproxy
    volumes:
      - /etc/tor:/etc/tor:ro
      - /var/lib/tor:/var/lib/tor
--- a/roles/tor/templates/torrc.j2
+++ b/roles/tor/templates/torrc.j2
@ -67,7 +67,7 @@ DataDirectory /var/lib/tor
 ## address y:z.

 HiddenServiceDir /var/lib/tor/mastodon/
-HiddenServicePort 80 127.0.0.1:80
+HiddenServicePort 80 haproxy:80

 ################ This section is just for relays #####################
 #