idk/reseed-tools
1
0
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity

only allow TLS+onion

Browse Source
This commit is contained in:
idk
2019-06-27 20:52:12 -04:00
parent 57065323c4
commit c754995b8f
3 changed files with 71 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@@ -26,16 +26,10 @@ i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --port=8443
i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld
``` ```
### Without a webserver, standalone, automatic OnionV3
```
i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion
```
### Without a webserver, standalone, automatic OnionV3 with TLS support ### Without a webserver, standalone, automatic OnionV3 with TLS support
``` ```
i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --tlsHost=your-domain.tld --onion i2p-tools reseed --signer=you@mail.i2p --netdb=/home/i2p/.i2p/netDb --onion
``` ```
If this is your first time running a reseed server (ie. you don't have any existing keys), If this is your first time running a reseed server (ie. you don't have any existing keys),

134
cmd/reseed.go
View File

@@ -124,9 +124,11 @@ func reseedAction(c *cli.Context) {
var tlsCert, tlsKey string var tlsCert, tlsKey string
tlsHost := c.String("tlsHost") tlsHost := c.String("tlsHost")
if c.Bool("onion") { if c.Bool("onion") {
tlsHost = "onion" if tlsHost == "" {
} tlsHost = "onion"
}
}
if tlsHost != "" { if tlsHost != "" {
tlsKey = c.String("tlsKey") tlsKey = c.String("tlsKey")
@@ -195,7 +197,7 @@ func reseedAction(c *cli.Context) {
if c.Duration("stats") != 0 { if c.Duration("stats") != 0 {
go func() { go func() {
var mem runtime.MemStats var mem runtime.MemStats
for _ = range time.Tick(c.Duration("stats")) { for range time.Tick(c.Duration("stats")) {
runtime.ReadMemStats(&mem) runtime.ReadMemStats(&mem)
log.Printf("TotalAllocs: %d Kb, Allocs: %d Kb, Mallocs: %d, NumGC: %d", mem.TotalAlloc/1024, mem.Alloc/1024, mem.Mallocs, mem.NumGC) log.Printf("TotalAllocs: %d Kb, Allocs: %d Kb, Mallocs: %d, NumGC: %d", mem.TotalAlloc/1024, mem.Alloc/1024, mem.Mallocs, mem.NumGC)
} }
@@ -212,70 +214,70 @@ func reseedAction(c *cli.Context) {
if err != nil { if err != nil {
log.Fatalln(err.Error()) log.Fatalln(err.Error())
} else { } else {
if tlsCert != "" && tlsKey != "" { if tlsCert != "" && tlsKey != "" {
log.Fatalln( log.Fatalln(
server.ListenAndServeOnionTLS( server.ListenAndServeOnionTLS(
nil, nil,
&tor.ListenConf{ &tor.ListenConf{
LocalPort: port, LocalPort: port,
Key: ed25519.PrivateKey(ok), Key: ed25519.PrivateKey(ok),
RemotePorts: []int{443}, RemotePorts: []int{443},
Version3: true, Version3: true,
NonAnonymous: c.Bool("singleOnion"), NonAnonymous: c.Bool("singleOnion"),
DiscardKey: false, DiscardKey: false,
}, },
tlsCert, tlsKey, tlsCert, tlsKey,
c.String("onionKey"), c.String("onionKey"),
), ),
) )
}else{ } else {
log.Fatalln( log.Fatalln(
server.ListenAndServeOnion( server.ListenAndServeOnion(
nil, nil,
&tor.ListenConf{ &tor.ListenConf{
LocalPort: port, LocalPort: port,
Key: ed25519.PrivateKey(ok), Key: ed25519.PrivateKey(ok),
RemotePorts: []int{80}, RemotePorts: []int{80},
Version3: true, Version3: true,
NonAnonymous: c.Bool("singleOnion"), NonAnonymous: c.Bool("singleOnion"),
DiscardKey: false, DiscardKey: false,
}, },
c.String("onionKey"), c.String("onionKey"),
), ),
) )
} }
} }
} else if os.IsNotExist(err) { } else if os.IsNotExist(err) {
if tlsCert != "" && tlsKey != "" { if tlsCert != "" && tlsKey != "" {
log.Fatalln( log.Fatalln(
server.ListenAndServeOnionTLS( server.ListenAndServeOnionTLS(
nil, nil,
&tor.ListenConf{ &tor.ListenConf{
LocalPort: port, LocalPort: port,
RemotePorts: []int{443}, RemotePorts: []int{443},
Version3: true, Version3: true,
NonAnonymous: c.Bool("singleOnion"), NonAnonymous: c.Bool("singleOnion"),
DiscardKey: false, DiscardKey: false,
}, },
tlsCert, tlsKey, tlsCert, tlsKey,
c.String("onionKey"), c.String("onionKey"),
), ),
) )
}else{ } else {
log.Fatalln( log.Fatalln(
server.ListenAndServeOnion( server.ListenAndServeOnion(
nil, nil,
&tor.ListenConf{ &tor.ListenConf{
LocalPort: port, LocalPort: port,
RemotePorts: []int{80}, RemotePorts: []int{80},
Version3: true, Version3: true,
NonAnonymous: c.Bool("singleOnion"), NonAnonymous: c.Bool("singleOnion"),
DiscardKey: false, DiscardKey: false,
}, },
c.String("onionKey"), c.String("onionKey"),
), ),
) )
} }
} else { } else {
} }

4
reseed/server.go
View File

@@ -140,11 +140,11 @@ func (srv *Server) ListenAndServeOnionTLS(startConf *tor.StartConf, listenConf *
if srv.TLSConfig.NextProtos == nil { if srv.TLSConfig.NextProtos == nil {
srv.TLSConfig.NextProtos = []string{"http/1.1"} srv.TLSConfig.NextProtos = []string{"http/1.1"}
} }
srv.OnionListener, err = tor.Listen(listenCtx, listenConf) srv.OnionListener, err = tor.Listen(listenCtx, listenConf)
if err != nil { if err != nil {
return err return err
} }
srv.Addr = srv.OnionListener.ID srv.Addr = srv.OnionListener.ID
// var err error // var err error
srv.TLSConfig.Certificates = make([]tls.Certificate, 1) srv.TLSConfig.Certificates = make([]tls.Certificate, 1)