Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into `ALLOW_ACCESS_TO_HIDDEN_SERVICE` (#7901)
If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address. I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`.
This commit is contained in:
parent
cdb101340a
commit
ddd0bb69e1
|
@ -229,5 +229,3 @@ STREAMING_CLUSTER_NUM=1
|
||||||
# http_proxy=http://gateway.local:8118
|
# http_proxy=http://gateway.local:8118
|
||||||
# Access control for hidden service.
|
# Access control for hidden service.
|
||||||
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
||||||
# If you use transparent proxy to access to hidden service, uncomment following for skipping private address check.
|
|
||||||
# HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY=true
|
|
||||||
|
|
|
@ -154,7 +154,7 @@ class Request
|
||||||
alias new open
|
alias new open
|
||||||
|
|
||||||
def thru_hidden_service?(host)
|
def thru_hidden_service?(host)
|
||||||
Rails.configuration.x.hidden_service_via_transparent_proxy && /\.(onion|i2p)$/.match(host)
|
Rails.configuration.x.access_to_hidden_service && /\.(onion|i2p)$/.match(host)
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -11,7 +11,6 @@ Rails.application.configure do
|
||||||
end
|
end
|
||||||
|
|
||||||
config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
|
config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
|
||||||
config.x.hidden_service_via_transparent_proxy = ENV['HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY'] == 'true'
|
|
||||||
end
|
end
|
||||||
|
|
||||||
module Goldfinger
|
module Goldfinger
|
||||||
|
|
|
@ -83,7 +83,6 @@ services:
|
||||||
## Uncomment to enable federation with tor instances along with adding the following ENV variables
|
## Uncomment to enable federation with tor instances along with adding the following ENV variables
|
||||||
## http_proxy=http://privoxy:8118
|
## http_proxy=http://privoxy:8118
|
||||||
## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
||||||
## HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY=true
|
|
||||||
# tor:
|
# tor:
|
||||||
# build: https://github.com/usbsnowcrash/docker-tor.git
|
# build: https://github.com/usbsnowcrash/docker-tor.git
|
||||||
# networks:
|
# networks:
|
||||||
|
|
Reference in New Issue