cosmic on tor

2022-02-26 17:04:47 +00:00 · 2022-02-26 17:04:47 +00:00 · 3d09e93587
parent 1275fbfba9
commit 3d09e93587
5 changed files with 79 additions and 1 deletions
--- a/atom.xml
+++ b/atom.xml
@ -4,7 +4,7 @@
  <title>tomasino@tilde.team</title>
  <link rel="alternate" href="gemini://tilde.team/~tomasino/"/>
  <link rel="self" href="gemini://tilde.team/~tomasino/atom.xml" />
-  <updated>2022-02-21T01:23:00Z</updated>
+  <updated>2022-02-26T16:41:00Z</updated>
  <id>gemini://tilde.team/~tomasino/</id>

  <author>
@ -12,6 +12,13 @@
    <uri>gemini://tilde.team/~tomasino/about.txt</uri>
  </author>

+  <entry>
+    <title>Cosmic on Tor</title>
+    <link href="gemini://tilde.team/~tomasino/journal/20220226-cosmic-on-tor.gmi"/>
+    <id>gemini://tilde.team/~tomasino/journal/20220226-cosmic-on-tor.gmi</id>
+    <updated>2022-02-26T16:41:00Z</updated>
+  </entry>
+
  <entry>
    <title>Sample CGI Application</title>
    <link href="gemini://tilde.team/~tomasino/journal/20220221-sample-cgi-application.gmi"/>
--- a/index.gmi
+++ b/index.gmi
@ -20,6 +20,7 @@
 => /~tomasino/journal/20211227-gemini-input.gmi 2021-12-27 Gemini Inputs
 => /~tomasino/journal/20220214-dane-and-tls.gmi 2022-02-14 DANE and TLS
 => /~tomasino/journal/20220221-sample-cgi-application.gmi 2022-02-21 Sample CGI Application
+=> /~tomasino/journal/20220226-cosmic-on-tor.gmi 2022-02-26 Cosmic on Tor

 ## Role Playing Games

--- a/journal/20220226-cosmic-on-tor.gmi
+++ b/journal/20220226-cosmic-on-tor.gmi
@ -0,0 +1,69 @@
+# Cosmic Voyage on Tor
+
+About two years ago I shared my technique for getting tilde.black's gemini server served over the tor network. You can read about that here:
+=> gemini://tilde.team/~tomasino/journal/20200706-gemini-on-tor.gmi Gemini on Tor
+
+I'm not sure why it took me so long to follow up with cosmic voyage. For a while I didn't have cosmic on gemini at all, and then it was sort of a hack of generated code I wasn't proud of. Now it's a nice, sophisticated portal to the gopher content. You can see the source here:
+=> https://tildegit.org/cosmic/cosmic-gemini Cosmic Voyage Gemini Server (tildegit)
+
+Want to try it? (from your client using a tor socks proxy)
+
+=> gemini://cosmiclbou7ypgww4lcs4an3z6otqoevqk6q5jcxml7v7geqml7dlyad.onion Cosmic Voyage on Tor
+
+Want to see a picture?
+
+=> cosmic-on-tor.png Picture of AV-98 running tilde.black over tor!
+
+## The jetforce wrapper
+
+Similar to how I handled tilde.black, I created a composite app for jetforce. This time I just passed each of the composite host names the same app to run, though. That app is significantly more complicated than the static directory serving tilde.black had, but the premise is the same. Then I used that composite app to start the gemini server, listen on IPV6 and IPV4, and pass in the cert info.
+
+``` jetforce server configuration
+from jetforce import GeminiServer
+from jetforce.app.composite import CompositeApplication
+from app import app
+
+composite_app = CompositeApplication(
+    {
+        "cosmic.voyage": app,
+        "cosmiclbou7ypgww4lcs4an3z6otqoevqk6q5jcxml7v7geqml7dlyad.onion": app,
+        None: app,
+    }
+)
+
+if __name__ == "__main__":
+    server = GeminiServer(composite_app, host="::", certfile="/etc/gemini/cosmic.voyage.crt", keyfile="/etc/gemini/cosmic.voyage.key")
+    server.run()
+```
+
+## Set up tor
+
+Adding the handler to tor is a one-liner. Just tell it to watch for port 1965.
+
+``` torrc line
+HiddenServicePort 1965 127.0.0.1:1965
+```
+
+## Testing
+
+It was actually a little tricky to find clients that would work over tor. My first attempt was with Amfora, which has a AMFORA_SOCKS5 environment variable that's supposed to enable use of the socks proxy. I couldn't find the syntax to make that work, though. 
+
+I had used Kristall to test tilde.black back in the day. Sadly that didn't work this time around. Kristall doesn't seem to have any menu config to select a proxy, so I went with the torsocks/torify approach. Running the latest Kristall via torsocks/torify results in the following core dump:
+
+``` Kristall crash log
+1645893418 WARNING torsocks[887149]: [syscall] Unsupported syscall number 39. Denying the call (in tsocks_syscall() at syscall.c:605)
+Assertion 'fclose_nointr(f) != -EBADF' failed at src/basic/fd-util.c:121, function safe_fclose(). Aborting.
+Aborted (core dumped)
+```
+
+Maybe xq will know what's going on there, but it's over my head.
+
+Bombadillo likewise didn't care much for the tor proxy, but AV-98 did the trick.
+
+Now the question is how many people out there are browsing gemini over tor? Any of our squeaky wheel security folks trying it? What about servers? Anyone else serving content over tor?
+
+
+Originally Published 2022-02-26 at: gemini://tilde.team/~tomasino/journal/20220226-cosmic-on-tor.gmi
+
+If you have questions or thoughts to add please send me a link to your response.
+=> /~tomasino/about.txt Contact Information
--- a/journal/cosmic-on-tor.png
+++ b/journal/cosmic-on-tor.png
--- a/journal/index.gmi
+++ b/journal/index.gmi
@ -25,3 +25,4 @@
 => /~tomasino/journal/20211227-gemini-input.gmi 2021-12-27 Gemini Inputs
 => /~tomasino/journal/20220214-dane-and-tls.gmi 2022-02-14 DANE and TLS
 => /~tomasino/journal/20220221-sample-cgi-application.gmi 2022-02-21 Sample CGI Application
+=> /~tomasino/journal/20220226-cosmic-on-tor.gmi 2022-02-26 Cosmic on Tor