idk/reseed-tools
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

HTTPS-enabled onion reseeds

Browse Source
This commit is contained in:
idk
2019-06-27 19:49:05 -04:00
parent 6a606bda4d
commit 57065323c4
6 changed files with 144 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -32,6 +32,12 @@ i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=yo
i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion
``` ```
### Without a webserver, standalone, automatic OnionV3 with TLS support
```
i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld --onion
```
If this is your first time running a reseed server (ie. you don't have any existing keys), If this is your first time running a reseed server (ie. you don't have any existing keys),
you can simply run the command and follow the prompts to create the appropriate keys, crl and certificates. you can simply run the command and follow the prompts to create the appropriate keys, crl and certificates.
Afterwards an HTTPS reseed server will start on the default port and generate 6 files in your current directory Afterwards an HTTPS reseed server will start on the default port and generate 6 files in your current directory

39
cmd/reseed.go
View File

@@ -124,6 +124,10 @@ func reseedAction(c *cli.Context) {
var tlsCert, tlsKey string var tlsCert, tlsKey string
tlsHost := c.String("tlsHost") tlsHost := c.String("tlsHost")
if c.Bool("onion") {
tlsHost = "onion"
}
if tlsHost != "" { if tlsHost != "" {
tlsKey = c.String("tlsKey") tlsKey = c.String("tlsKey")
// if no key is specified, default to the host.pem in the current dir // if no key is specified, default to the host.pem in the current dir
@@ -208,6 +212,23 @@ func reseedAction(c *cli.Context) {
if err != nil { if err != nil {
log.Fatalln(err.Error()) log.Fatalln(err.Error())
} else { } else {
if tlsCert != "" && tlsKey != "" {
log.Fatalln(
server.ListenAndServeOnionTLS(
nil,
&tor.ListenConf{
LocalPort: port,
Key: ed25519.PrivateKey(ok),
RemotePorts: []int{443},
Version3: true,
NonAnonymous: c.Bool("singleOnion"),
DiscardKey: false,
},
tlsCert, tlsKey,
c.String("onionKey"),
),
)
}else{
log.Fatalln( log.Fatalln(
server.ListenAndServeOnion( server.ListenAndServeOnion(
nil, nil,
@@ -223,7 +244,24 @@ func reseedAction(c *cli.Context) {
), ),
) )
} }
}
} else if os.IsNotExist(err) { } else if os.IsNotExist(err) {
if tlsCert != "" && tlsKey != "" {
log.Fatalln(
server.ListenAndServeOnionTLS(
nil,
&tor.ListenConf{
LocalPort: port,
RemotePorts: []int{443},
Version3: true,
NonAnonymous: c.Bool("singleOnion"),
DiscardKey: false,
},
tlsCert, tlsKey,
c.String("onionKey"),
),
)
}else{
log.Fatalln( log.Fatalln(
server.ListenAndServeOnion( server.ListenAndServeOnion(
nil, nil,
@@ -237,6 +275,7 @@ func reseedAction(c *cli.Context) {
c.String("onionKey"), c.String("onionKey"),
), ),
) )
}
} else { } else {
} }

3
history.txt
View File

@@ -1,3 +1,6 @@
2019-06-27
* automatically configuring Tor Onionv3 Server
2019-04-21 2019-04-21
* app.Version = "0.1.7" * app.Version = "0.1.7"
* enabling TLS 1.3 *only* * enabling TLS 1.3 *only*

48
reseed/server.go
View File

@@ -15,10 +15,10 @@ import (
"github.com/cretz/bine/tor" "github.com/cretz/bine/tor"
"github.com/cretz/bine/torutil/ed25519" "github.com/cretz/bine/torutil/ed25519"
"github.com/throttled/throttled"
"github.com/throttled/throttled/store"
"github.com/gorilla/handlers" "github.com/gorilla/handlers"
"github.com/justinas/alice" "github.com/justinas/alice"
"github.com/throttled/throttled"
"github.com/throttled/throttled/store"
) )
const ( const (
@@ -122,8 +122,50 @@ func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error {
return srv.Serve(tlsListener) return srv.Serve(tlsListener)
} }
func (srv *Server) ListenAndServeOnionTLS(startConf *tor.StartConf, listenConf *tor.ListenConf, certFile, keyFile, onionKey string) error {
log.Println("Starting and registering OnionV3 HTTPS service, please wait a couple of minutes...")
tor, err := tor.Start(nil, startConf)
if err != nil {
return err
}
defer tor.Close()
listenCtx, listenCancel := context.WithTimeout(context.Background(), 3*time.Minute)
defer listenCancel()
if srv.TLSConfig == nil {
srv.TLSConfig = &tls.Config{}
}
if srv.TLSConfig.NextProtos == nil {
srv.TLSConfig.NextProtos = []string{"http/1.1"}
}
srv.OnionListener, err = tor.Listen(listenCtx, listenConf)
if err != nil {
return err
}
srv.Addr = srv.OnionListener.ID
// var err error
srv.TLSConfig.Certificates = make([]tls.Certificate, 1)
srv.TLSConfig.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return err
}
err = ioutil.WriteFile(onionKey, []byte(srv.OnionListener.Key.(ed25519.KeyPair).PrivateKey()), 0644)
if err != nil {
return err
}
log.Printf("Onionv3 server started on https://%v.onion\n", srv.OnionListener.ID)
tlsListener := tls.NewListener(srv.OnionListener, srv.TLSConfig)
return srv.Serve(tlsListener)
}
func (srv *Server) ListenAndServeOnion(startConf *tor.StartConf, listenConf *tor.ListenConf, onionKey string) error { func (srv *Server) ListenAndServeOnion(startConf *tor.StartConf, listenConf *tor.ListenConf, onionKey string) error {
log.Println("Starting and registering onion service, please wait a couple of minutes...") log.Println("Starting and registering OnionV3 service, please wait a couple of minutes...")
tor, err := tor.Start(nil, startConf) tor, err := tor.Start(nil, startConf)
if err != nil { if err != nil {
return err return err