We use cookies to ensure you get the best experience on our website
首页 发现 帮助
注册 登录
0ct0pu5
/
servnest
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
浏览代码

use tor control protocol to reload tor

to make servnest able to run in podman/docker containers
Miraty 9 月之前
父节点
d9ff87a833
当前提交
79c26cb104
共有 4 个文件被更改,包括 21 次插入17 次删除
分列视图 显示文件统计
  1. 2 2
      config.template.ini
  2. 17 8
      fn/ht.php
  3. 1 0
      init.php
  4. 1 7
      pg-act/ht/add-onion.php

+ 2 - 2
config.template.ini
查看文件 

@@ -44,11 +44,11 @@ subdomain_domain = "ht.servnest.test"
 
 tor_config_path = "/srv/servnest/tor-config"
 
 tor_keys_path = "/srv/servnest/tor-keys"
 
 tor_user = "tor"
 
-tor_reload_cmd = "/usr/bin/systemctl reload tor"
 
+tor_control_socket = "/run/tor-control/socket"
 
 onion_internal_host = "[::1]:9080"
 
 
 certbot_path = "/usr/bin/certbot"
 
-certbot_config_path = "/etc/letsencrypt/servnest.cli"
 
+certbot_config_path = "/etc/letsencrypt/servnest.ini"
 
 
 sudo_path = "/usr/bin/sudo"
 
 chgrp_path = "/usr/bin/chgrp"

+ 17 - 8
fn/ht.php
查看文件 

@@ -96,8 +96,23 @@ function htRelativeSymlink(string $target, string $name): void {
 
 		output(500, 'Unable to create symlink.');
 
 }
 
 
-function htDeleteSite(string $address, string $type, string $user_id): void {
 
+function reloadTor() { // Using Tor control protocol <https://spec.torproject.org/control-spec/>
 
+	$sock = stream_socket_client('unix://' . CONF['ht']['tor_control_socket']);
 
+	if ($sock === false)
 
+		output(500, 'Failed to connect to Tor control socket.', [$out]);
 
+	fwrite($sock, 'AUTHENTICATE' . CRLF);
 
+	if (($out = fgets($sock)) !== '250 OK' . CRLF)
 
+		output(500, 'Failed to authenticate to Tor control socket.', [$out]);
 
+	fwrite($sock, 'SIGNAL RELOAD' . CRLF);
 
+	if (($out = fgets($sock)) !== '250 OK' . CRLF)
 
+		output(500, 'Failed to reload Tor.', [$out]);
 
+	fwrite($sock, 'QUIT' . CRLF);
 
+	if (($out = fgets($sock)) !== '250 closing connection' . CRLF)
 
+		output(500, 'Failed to close connection to Tor control socket.', [$out]);
 
+	fclose($sock);
 
+}
 
 
+function htDeleteSite(string $address, string $type, string $user_id): void {
 
 	if ($type === 'onion') {
 
 		$dir = query('select', 'sites', [
 
 			'username' => $user_id,
 
@@ -110,13 +125,7 @@ function htDeleteSite(string $address, string $type, string $user_id): void {
 
 			output(500, 'Failed to delete Tor configuration.');
 
 
 		// Reload Tor
 
-		exescape([
 
-			CONF['ht']['sudo_path'],
 
-			'--',
 
-			...explode(' ', CONF['ht']['tor_reload_cmd']),
 
-		], result_code: $code);
 
-		if ($code !== 0)
 
-			output(500, 'Failed to reload Tor.');
 
+		reloadTor();
 
 
 		// Delete Tor keys
 
 		exescape([

+ 1 - 0
init.php
查看文件 

@@ -1,6 +1,7 @@
 
 <?php declare(strict_types=1);
 
 umask(0077);
 
 const LF = "\n";
 
+const CRLF = "\r\n";
 
 
 class KdigException extends Exception {};
 
 class NoDnssecException extends Exception {};

+ 1 - 7
pg-act/ht/add-onion.php
查看文件 

@@ -15,13 +15,7 @@ if (chmod($torConfFile, 0644) !== true)
 
 	output(500, 'Failed to give correct permissions to new Tor configuration file.');
 
 
 // Reload Tor
 
-exescape([
 
-	CONF['ht']['sudo_path'],
 
-	'--',
 
-	...explode(' ', CONF['ht']['tor_reload_cmd']),
 
-], result_code: $code);
 
-if ($code !== 0)
 
-	output(500, 'Failed to reload Tor.');
 
+reloadTor();
 
 
 usleep(10000);

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5