70 lines
3.3 KiB
Plaintext
70 lines
3.3 KiB
Plaintext
# Cosmic Voyage on Tor
|
|
|
|
About two years ago I shared my technique for getting tilde.black's gemini server served over the tor network. You can read about that here:
|
|
=> gemini://tilde.team/~tomasino/journal/20200706-gemini-on-tor.gmi Gemini on Tor
|
|
|
|
I'm not sure why it took me so long to follow up with cosmic voyage. For a while I didn't have cosmic on gemini at all, and then it was sort of a hack of generated code I wasn't proud of. Now it's a nice, sophisticated portal to the gopher content. You can see the source here:
|
|
=> https://tildegit.org/cosmic/cosmic-gemini Cosmic Voyage Gemini Server (tildegit)
|
|
|
|
Want to try it? (from your client using a tor socks proxy)
|
|
|
|
=> gemini://cosmiclbou7ypgww4lcs4an3z6otqoevqk6q5jcxml7v7geqml7dlyad.onion Cosmic Voyage on Tor
|
|
|
|
Want to see a picture?
|
|
|
|
=> cosmic-on-tor.png Picture of AV-98 running tilde.black over tor!
|
|
|
|
## The jetforce wrapper
|
|
|
|
Similar to how I handled tilde.black, I created a composite app for jetforce. This time I just passed each of the composite host names the same app to run, though. That app is significantly more complicated than the static directory serving tilde.black had, but the premise is the same. Then I used that composite app to start the gemini server, listen on IPV6 and IPV4, and pass in the cert info.
|
|
|
|
``` jetforce server configuration
|
|
from jetforce import GeminiServer
|
|
from jetforce.app.composite import CompositeApplication
|
|
from app import app
|
|
|
|
composite_app = CompositeApplication(
|
|
{
|
|
"cosmic.voyage": app,
|
|
"cosmiclbou7ypgww4lcs4an3z6otqoevqk6q5jcxml7v7geqml7dlyad.onion": app,
|
|
None: app,
|
|
}
|
|
)
|
|
|
|
if __name__ == "__main__":
|
|
server = GeminiServer(composite_app, host="::", certfile="/etc/gemini/cosmic.voyage.crt", keyfile="/etc/gemini/cosmic.voyage.key")
|
|
server.run()
|
|
```
|
|
|
|
## Set up tor
|
|
|
|
Adding the handler to tor is a one-liner. Just tell it to watch for port 1965.
|
|
|
|
``` torrc line
|
|
HiddenServicePort 1965 127.0.0.1:1965
|
|
```
|
|
|
|
## Testing
|
|
|
|
It was actually a little tricky to find clients that would work over tor. My first attempt was with Amfora, which has a AMFORA_SOCKS5 environment variable that's supposed to enable use of the socks proxy. I couldn't find the syntax to make that work, though.
|
|
|
|
I had used Kristall to test tilde.black back in the day. Sadly that didn't work this time around. Kristall doesn't seem to have any menu config to select a proxy, so I went with the torsocks/torify approach. Running the latest Kristall via torsocks/torify results in the following core dump:
|
|
|
|
``` Kristall crash log
|
|
1645893418 WARNING torsocks[887149]: [syscall] Unsupported syscall number 39. Denying the call (in tsocks_syscall() at syscall.c:605)
|
|
Assertion 'fclose_nointr(f) != -EBADF' failed at src/basic/fd-util.c:121, function safe_fclose(). Aborting.
|
|
Aborted (core dumped)
|
|
```
|
|
|
|
Maybe xq will know what's going on there, but it's over my head.
|
|
|
|
Bombadillo likewise didn't care much for the tor proxy, but AV-98 did the trick.
|
|
|
|
Now the question is how many people out there are browsing gemini over tor? Any of our squeaky wheel security folks trying it? What about servers? Anyone else serving content over tor?
|
|
|
|
|
|
Originally Published 2022-02-26 at: gemini://tilde.team/~tomasino/journal/20220226-cosmic-on-tor.gmi
|
|
|
|
If you have questions or thoughts to add please send me a link to your response.
|
|
=> /~tomasino/about.txt Contact Information
|