kopia lustrzana https://github.com/alecmuffett/eotk
Merge pull request #93 from alecmuffett/20210510-remove-v2-onion-creation
remove v2 onion creationpull/94/head
commit
6eecd545c6
|
@ -1,10 +1,10 @@
|
|||
# -*- conf -*-
|
||||
# eotk (c) 2017 Alec Muffett
|
||||
# eotk (c) 2017-2021 Alec Muffett
|
||||
|
||||
set project digital-rights
|
||||
hardmap %NEW_ONION% openrightsgroup.org
|
||||
hardmap %NEW_ONION% eff.org
|
||||
hardmap %NEW_ONION% accessnow.org
|
||||
hardmap %NEW_ONION% digitalrights.ie
|
||||
hardmap %NEW_V3_ONION% openrightsgroup.org
|
||||
hardmap %NEW_V3_ONION% eff.org
|
||||
hardmap %NEW_V3_ONION% accessnow.org
|
||||
hardmap %NEW_V3_ONION% digitalrights.ie
|
||||
|
||||
# aside: privacy international already have privacyintyqcroe.onion
|
||||
|
|
|
@ -228,12 +228,12 @@ foreignmap facebookcorewwwi.onion facebook.com
|
|||
# hardmaps use tor daemon configs with onions hard-coded in them
|
||||
|
||||
set project hardexample
|
||||
hardmap %NEW_ONION% foo.local
|
||||
hardmap %NEW_ONION% bar.local
|
||||
hardmap %NEW_V3_ONION% foo.local
|
||||
hardmap %NEW_V3_ONION% bar.local
|
||||
|
||||
# softmaps use onionbalance software to loadbalance across workers
|
||||
|
||||
set project softexample
|
||||
softmap %NEW_ONION% example.com
|
||||
softmap %NEW_ONION% example.org
|
||||
softmap %NEW_ONION% example.net
|
||||
softmap %NEW_V3_ONION% example.com
|
||||
softmap %NEW_V3_ONION% example.org
|
||||
softmap %NEW_V3_ONION% example.net
|
||||
|
|
|
@ -2,5 +2,5 @@
|
|||
# eotk (c) 2017 Alec Muffett
|
||||
|
||||
set project human-rights
|
||||
hardmap %NEW_ONION% aclu.org
|
||||
hardmap %NEW_ONION% liberty-human-rights.org.uk
|
||||
hardmap %NEW_V3_ONION% aclu.org
|
||||
hardmap %NEW_V3_ONION% liberty-human-rights.org.uk
|
||||
|
|
|
@ -2,5 +2,5 @@
|
|||
# eotk (c) 2017 Alec Muffett
|
||||
|
||||
set project journalist-safety
|
||||
hardmap %NEW_ONION% cpj.org
|
||||
hardmap %NEW_ONION% mediadefence.org
|
||||
hardmap %NEW_V3_ONION% cpj.org
|
||||
hardmap %NEW_V3_ONION% mediadefence.org
|
||||
|
|
|
@ -211,9 +211,9 @@ Create a config file with a `.tconf` suffix - we'll pretend it's
|
|||
|
||||
```
|
||||
set project myproject
|
||||
hardmap %NEW_ONION% foo.com
|
||||
hardmap %NEW_ONION% foo.co.uk
|
||||
hardmap %NEW_ONION% foo.de
|
||||
hardmap %NEW_V3_ONION% foo.com
|
||||
hardmap %NEW_V3_ONION% foo.co.uk
|
||||
hardmap %NEW_V3_ONION% foo.de
|
||||
```
|
||||
|
||||
...and then run
|
||||
|
@ -290,7 +290,7 @@ So if your browser tells you that you are fetching content from
|
|||
`cdn7.dublin.ireland.europe.foo.co.jp`, you should add a line like:
|
||||
|
||||
```
|
||||
hardmap %NEW_ONION% foo.co.jp europe ireland.europe dublin.ireland.europe
|
||||
hardmap %NEW_V3_ONION% foo.co.jp europe ireland.europe dublin.ireland.europe
|
||||
```
|
||||
|
||||
...and EOTK should do the rest. All this is necessary purely for
|
||||
|
@ -329,9 +329,9 @@ avoid the actual "hostnames" as described above:
|
|||
|
||||
```
|
||||
set project fooproj
|
||||
hardmap %NEW_ONION% foo.com.au syd per
|
||||
hardmap %NEW_ONION% foo.net cdn
|
||||
hardmap %NEW_ONION% foo.aws.amazon.com
|
||||
hardmap %NEW_V3_ONION% foo.com.au syd per
|
||||
hardmap %NEW_V3_ONION% foo.net cdn
|
||||
hardmap %NEW_V3_ONION% foo.aws.amazon.com
|
||||
```
|
||||
|
||||
Onion mapping/translations will be applied for all sites in the same project.
|
||||
|
|
|
@ -326,7 +326,7 @@ in [the example template configuration file](../demo.d/example.tconf)
|
|||
These are used in Template Configuration (`.tconf`) files, and do not
|
||||
represent real environment variables.
|
||||
|
||||
* NEW_ONION
|
||||
* NEW_V3_ONION
|
||||
|
||||
Used only in template configs (`*.tconf` files) to show the point
|
||||
where a newly created onion address should be inserted.
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
exec perl -wx $0 "$@";
|
||||
#!perl
|
||||
# eotk (c) 2017-2020 Alec Muffett
|
||||
# eotk (c) 2017-2021 Alec Muffett
|
||||
|
||||
use Data::Dumper;
|
||||
|
||||
|
@ -532,7 +532,7 @@ sub DoProject {
|
|||
&SetEnv("nginx_timeout", 15);
|
||||
&SetEnv("nginx_tmpfile_size", "256m");
|
||||
&SetEnv("nginx_workers", "auto");
|
||||
&SetEnv("onion_version", "2");
|
||||
&SetEnv("onion_version", "3");
|
||||
&SetEnv("preserve_before", "~".&Nonce(128)."~");
|
||||
&SetEnv("preserve_after", "~");
|
||||
&SetEnv("preserve_preamble_re", "[>@\\\\s]");
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
#!/bin/sh
|
||||
exec perl -wx $0 "$@";
|
||||
#!perl
|
||||
# eotk (c) 2017-2020 Alec Muffett
|
||||
# eotk (c) 2017-2021 Alec Muffett
|
||||
|
||||
if (-t STDIN) { # stderr is already redirected...
|
||||
if (open(DOTS, ">/dev/tty")) {
|
||||
|
@ -18,14 +18,13 @@ sub GenOnion {
|
|||
sub Lookup {
|
||||
my $var = shift;
|
||||
|
||||
foreach $deprecated (qw(NEW_HARD_ONION NEW_SOFT_ONION)) {
|
||||
foreach $deprecated (qw(NEW_HARD_ONION NEW_SOFT_ONION NEW_ONION)) {
|
||||
die "Lookup: $deprecated is no longer supported syntax\n"
|
||||
if $var =~ /$deprecated/;
|
||||
if $var eq $deprecated;
|
||||
}
|
||||
|
||||
if ($var =~ /^NEW_(V3_)?ONION$/) {
|
||||
my $version = $1 ? 3 : 2;
|
||||
return &GenOnion($version);
|
||||
if ($var eq "NEW_V3_ONION") {
|
||||
return &GenOnion(3); # old syntax now deprecated
|
||||
}
|
||||
|
||||
if (defined($ENV{$var})) {
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
#!/bin/sh
|
||||
# eotk (c) 2017-2021 Alec Muffett
|
||||
|
||||
here=`pwd` # absolute pathnames are required by tor
|
||||
log=$here/__gok$$.log
|
||||
|
@ -17,11 +18,10 @@ HiddenServiceDir $dir
|
|||
HiddenServicePort 1 127.0.0.1:1
|
||||
EOF
|
||||
|
||||
if [ x$ONION_VERSION = x3 ] ; then
|
||||
echo HiddenServiceVersion 3 >> $dir/config
|
||||
else
|
||||
echo HiddenServiceVersion 2 >> $dir/config
|
||||
fi
|
||||
case "$ONION_VERSION" in
|
||||
3) echo HiddenServiceVersion 3 >> $dir/config ;;
|
||||
*) echo error: the only supported value for ONION_VERSION is 3 ; exit 1 ;;
|
||||
esac
|
||||
|
||||
tor -f $dir/config >$log 2>&1
|
||||
|
||||
|
@ -40,15 +40,10 @@ kill -TERM `cat $dir/tor.pid` # shut it down
|
|||
onion=`cat $dir/hostname`
|
||||
onion=`basename $onion .onion`
|
||||
|
||||
if [ x$ONION_VERSION = x3 ] ; then
|
||||
pfile=$onion.v3pub.key
|
||||
sfile=$onion.v3sec.key
|
||||
mv $dir/hs_ed25519_public_key $pfile || exit 1
|
||||
mv $dir/hs_ed25519_secret_key $sfile || exit 1
|
||||
else
|
||||
file=$onion.key
|
||||
mv $dir/private_key $file || exit 1
|
||||
fi
|
||||
pfile=$onion.v3pub.key
|
||||
sfile=$onion.v3sec.key
|
||||
mv $dir/hs_ed25519_public_key $pfile || exit 1
|
||||
mv $dir/hs_ed25519_secret_key $sfile || exit 1
|
||||
rm -r $dir $log || exit 1
|
||||
|
||||
echo $onion
|
||||
|
|
|
@ -6,7 +6,7 @@ exec perl -x $0 "$@";
|
|||
my %known =
|
||||
(
|
||||
# demo fakes
|
||||
'NEW_ONION' => 1,
|
||||
'NEW_V3_ONION' => 1,
|
||||
'SCRIPT_PAUSE' => 1,
|
||||
'' => 1, # an empty escape character
|
||||
|
||||
|
|
|
@ -15,7 +15,7 @@
|
|||
# X-DNS-Prefetch-Control - response security risk?
|
||||
# Via - request/response?
|
||||
|
||||
# eotk (c) 2019-2020 Alec Muffett
|
||||
# eotk (c) 2019-2021 Alec Muffett
|
||||
|
||||
# SECURITY NOTE: the contents of this file, when actualised, should
|
||||
# not be made world-readable nor published without redaction;
|
||||
|
@ -331,7 +331,7 @@ http {
|
|||
|
||||
o2d_search_and_replace = function (i)
|
||||
-- because onion addresses are matchable, this can be done in one pass...
|
||||
local o, num, errs = ngx.re.gsub(i, "(%LEFT_TLD_RE%)([a-z2-7]{16}(?:[a-z2-7]{40})?\\.onion)\\b", o2d_re_helper, "io")
|
||||
local o, num, errs = ngx.re.gsub(i, "(%LEFT_TLD_RE%)([a-z2-7]{56}\\.onion)\\b", o2d_re_helper, "io")
|
||||
if errs == nil and num == 0 then
|
||||
return i -- nothing was changed, so return the original
|
||||
end
|
||||
|
|
Ładowanie…
Reference in New Issue