Refactor tor usage, set up new tor proxy on draco

2023-07-29 16:26:20 +02:00
parent b149264919
commit cb0fc27134
9 changed files with 91 additions and 6 deletions
--- a/site-cookbooks/kosmos-mastodon/metadata.rb
+++ b/site-cookbooks/kosmos-mastodon/metadata.rb
@@ -11,7 +11,6 @@ depends 'elasticsearch'
 depends 'java'
 depends 'firewall'
 depends 'redisio'
-depends 'tor-full'
 depends 'postgresql'
 depends 'kosmos-nodejs'
 depends 'kosmos_openresty'
--- a/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/nginx.rb
@@ -37,7 +37,8 @@ tls_cert_for server_name do
  action :create
 end

-onion_address = File.read("/var/lib/tor/web/hostname").strip rescue nil rescue nil
+tor_services = data_bag_item('credentials', 'tor')['services']
+onion_address = tor_services['web']['hostname']

 openresty_site server_name do
  template 'nginx_conf_mastodon.erb'
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_mastodon.erb
@@ -36,12 +36,12 @@ server {

 <% if @onion_address %>
 server {
-  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>80;
+  listen 127.0.0.1:80;
  server_name mastodon.<%= @onion_address %>;
  include <%= @shared_config_path %>;
 }
 server {
-  listen <%= "#{node['openresty']['listen_ip']}:" if node['openresty']['listen_ip'] %>443 ssl http2;
+  listen 127.0.0.1:443 ssl http2;
  server_name mastodon.<%= @onion_address %>;
  include <%= @shared_config_path %>;