(tor) Add support for ControlPort and CookieAuthentication

Allow to configure Tor to be controlled by other applications, so they can manage hidden services and such.
2021-07-01 15:32:28 +02:00 · 2021-07-01 15:32:28 +02:00 · 9f0b5f0e64
parent 37873fb881
commit 9f0b5f0e64
2 changed files with 4 additions and 2 deletions
--- a/site-cookbooks/tor-full/README.md
+++ b/site-cookbooks/tor-full/README.md
@ -32,6 +32,8 @@ The following platform families are supported:
 * `node['tor']['MinLogLevel']` - The minimum log level to log. Possible values include debug, info, notice, warn, and err.
 * `node['tor']['LogDestination']` - Where logs should be written. Valid values include a path to a file or "syslog"
 * `node['tor']['SocksPorts']` - List of 'address:port' to open tor socks proxy on. Defaults to disabled
+* `node['tor']['ControlPort']` - The port on which Tor will listen for local connections from Tor controller applications
+* `node['tor']['CookieAuthentication']` - Enable this (`true`) when using ControlPort

 ### Hidden Services config section

--- a/site-cookbooks/tor-full/templates/default/torrc.erb
+++ b/site-cookbooks/tor-full/templates/default/torrc.erb
@ -65,11 +65,11 @@ DataDirectory <%= node['tor']['DataDirectory'] %>

 ## The port on which Tor will listen for local connections from Tor
 ## controller applications, as documented in control-spec.txt.
-#ControlPort 9051
+<% if node['tor']['ControlPort'] %>ControlPort <%= node['tor']['ControlPort'] %><% else %>#ControlPort 9051<% end %>
 ## If you enable the controlport, be sure to enable one of these
 ## authentication methods, to prevent attackers from accessing it.
 #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
-#CookieAuthentication 1
+<% if node['tor']['CookieAuthentication'] %>CookieAuthentication 1<% else %>#CookieAuthentication 1<% end %>

 ############### This section is just for location-hidden services ###