From ddd0bb69e1d9ea98a0ea30717e9f25bcd50b41a3 Mon Sep 17 00:00:00 2001 From: MIYAGI Hikaru Date: Fri, 29 Jun 2018 22:36:02 +0900 Subject: [PATCH] Merge `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into `ALLOW_ACCESS_TO_HIDDEN_SERVICE` (#7901) If Mastodon accesses to the hidden service via transparent proxy, it's needed to avoid checking whether it's a private address, since `.onion` is resolved to a private address. I was previously using the `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` to provide that function. However, I realized that using `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` is redundant, since this specification is always used with `ALLOW_ACCESS_TO_HIDDEN_SERVICE`. Therefore, I decided to integrate the setting of `HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY` into` ALLOW_ACCESS_TO_HIDDEN_SERVICE`. --- .env.production.sample | 2 -- app/lib/request.rb | 2 +- config/initializers/http_client_proxy.rb | 1 - docker-compose.yml | 1 - 4 files changed, 1 insertion(+), 5 deletions(-) diff --git a/.env.production.sample b/.env.production.sample index 3047f75950..ebb0788781 100644 --- a/.env.production.sample +++ b/.env.production.sample @@ -229,5 +229,3 @@ STREAMING_CLUSTER_NUM=1 # http_proxy=http://gateway.local:8118 # Access control for hidden service. # ALLOW_ACCESS_TO_HIDDEN_SERVICE=true -# If you use transparent proxy to access to hidden service, uncomment following for skipping private address check. -# HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY=true diff --git a/app/lib/request.rb b/app/lib/request.rb index 397614fac9..576ed23ca0 100644 --- a/app/lib/request.rb +++ b/app/lib/request.rb @@ -154,7 +154,7 @@ class Request alias new open def thru_hidden_service?(host) - Rails.configuration.x.hidden_service_via_transparent_proxy && /\.(onion|i2p)$/.match(host) + Rails.configuration.x.access_to_hidden_service && /\.(onion|i2p)$/.match(host) end end end diff --git a/config/initializers/http_client_proxy.rb b/config/initializers/http_client_proxy.rb index 52c595c5d9..e607aff3c4 100644 --- a/config/initializers/http_client_proxy.rb +++ b/config/initializers/http_client_proxy.rb @@ -11,7 +11,6 @@ Rails.application.configure do end config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true' - config.x.hidden_service_via_transparent_proxy = ENV['HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY'] == 'true' end module Goldfinger diff --git a/docker-compose.yml b/docker-compose.yml index b31095a540..c54c73e44a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -83,7 +83,6 @@ services: ## Uncomment to enable federation with tor instances along with adding the following ENV variables ## http_proxy=http://privoxy:8118 ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true -## HIDDEN_SERVICE_VIA_TRANSPARENT_PROXY=true # tor: # build: https://github.com/usbsnowcrash/docker-tor.git # networks: