Re-enable and improve Tor access for kosmos.social

2 years ago · 05cd38a5b9
parent d1929fcc9c
commit 05cd38a5b9
3 changed files with 15 additions and 1 deletions
--- a/site-cookbooks/kosmos-mastodon/attributes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb
@ -8,5 +8,5 @@ node.default["kosmos-mastodon"]["sidekiq_threads"] = 25
 node.default["kosmos-mastodon"]["elasticsearch"]["allocated_memory"] = "1536m"

 node.override["tor"]["HiddenServices"]["mastodon"] = {
-  "HiddenServicePorts" => ["80 127.0.0.1:80"]
+  "HiddenServicePorts" => ["80 127.0.0.1:80", "443 127.0.0.1:443"]
 }
--- a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
@ -6,6 +6,7 @@
 mastodon_path = node["kosmos-mastodon"]["directory"]
 server_name   = node["kosmos-mastodon"]["server_name"]

+node.override['nginx']['server_names_hash_bucket_size'] = 128
 include_recipe "kosmos-nginx"

 directory "#{node['nginx']['dir']}/snippets" do
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
@ -24,3 +24,16 @@ server {
  add_header Strict-Transport-Security "max-age=31536000";
 }
 <% end %>
+
+<% if @onion_address %>
+server {
+  listen 443 ssl http2;
+  server_name mastodon.<%= @onion_address %>;
+  include <%= @shared_config_path %>;
+
+  ssl_certificate     <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+
+  add_header Strict-Transport-Security "max-age=31536000";
+}
+<% end %>