Merge HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY into ALLOW_ACCESS_TO_HIDDEN_SERVICE (#7901)
				
					
				
			If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address. I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`.
This commit is contained in:
		
				
					committed by
					
						 Eugen Rochko
						Eugen Rochko
					
				
			
			
				
	
			
			
			
						parent
						
							cdb101340a
						
					
				
				
					commit
					ddd0bb69e1
				
			| @@ -229,5 +229,3 @@ STREAMING_CLUSTER_NUM=1 | |||||||
| # http_proxy=http://gateway.local:8118 | # http_proxy=http://gateway.local:8118 | ||||||
| # Access control for hidden service. | # Access control for hidden service. | ||||||
| # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true | # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true | ||||||
| # If you use transparent proxy to access to hidden service, uncomment following for skipping private address check. |  | ||||||
| # HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY=true |  | ||||||
|   | |||||||
| @@ -154,7 +154,7 @@ class Request | |||||||
|       alias new open |       alias new open | ||||||
|  |  | ||||||
|       def thru_hidden_service?(host) |       def thru_hidden_service?(host) | ||||||
|         Rails.configuration.x.hidden_service_via_transparent_proxy && /\.(onion|i2p)$/.match(host) |         Rails.configuration.x.access_to_hidden_service && /\.(onion|i2p)$/.match(host) | ||||||
|       end |       end | ||||||
|     end |     end | ||||||
|   end |   end | ||||||
|   | |||||||
| @@ -11,7 +11,6 @@ Rails.application.configure do | |||||||
|   end |   end | ||||||
|  |  | ||||||
|   config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true' |   config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true' | ||||||
|   config.x.hidden_service_via_transparent_proxy = ENV['HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY'] == 'true' |  | ||||||
| end | end | ||||||
|  |  | ||||||
| module Goldfinger | module Goldfinger | ||||||
|   | |||||||
| @@ -83,7 +83,6 @@ services: | |||||||
| ## Uncomment to enable federation with tor instances along with adding the following ENV variables | ## Uncomment to enable federation with tor instances along with adding the following ENV variables | ||||||
| ## http_proxy=http://privoxy:8118 | ## http_proxy=http://privoxy:8118 | ||||||
| ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true | ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true | ||||||
| ## HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY=true |  | ||||||
| #  tor: | #  tor: | ||||||
| #    build: https://github.com/usbsnowcrash/docker-tor.git | #    build: https://github.com/usbsnowcrash/docker-tor.git | ||||||
| #    networks: | #    networks: | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user