From 08edca726e255700bb8dac7160d03e0c4c0a3c98 Mon Sep 17 00:00:00 2001 From: kexkey Date: Fri, 17 Jan 2020 13:31:00 -0500 Subject: [PATCH] Added different v3 onion addresses for traefik, bitcoin and ln --- cyphernodeconf_docker/lib/app.js | 30 ++++++++++--- cyphernodeconf_docker/lib/torgen.js | 16 +++---- .../prompters/100_lightning.js | 2 +- .../schema/config-v0.2.3.json | 8 ++-- .../templates/bitcoin/bitcoin.conf | 2 +- .../templates/installer/config.sh | 2 + .../templates/installer/testdeployment.sh | 2 +- .../templates/installer/testfeatures.sh | 2 +- .../templates/lightning/c-lightning/config | 4 +- .../lightning/c-lightning/entrypoint.sh | 2 +- cyphernodeconf_docker/templates/tor/torrc | 12 ++++-- cyphernodeconf_docker/torifyables.json | 4 +- dist/setup.sh | 43 ++++++++++++++++--- 13 files changed, 92 insertions(+), 37 deletions(-) diff --git a/cyphernodeconf_docker/lib/app.js b/cyphernodeconf_docker/lib/app.js index 77d72c9..60ab3be 100644 --- a/cyphernodeconf_docker/lib/app.js +++ b/cyphernodeconf_docker/lib/app.js @@ -274,8 +274,10 @@ module.exports = class App { // Tor... if( this.isChecked( 'features', 'tor' ) ) { - const torgen = new TorGen(this.destinationPath( path.join( destinationDirName, 'tor/hidden_service' ) )); - this.sessionData.tor_hostname = await torgen.generateTorFiles(); + const torgen = new TorGen(); + this.sessionData.tor_traefik_hostname = await torgen.generateTorFiles(this.destinationPath( path.join( destinationDirName, 'tor/traefik/hidden_service' ) )); + this.sessionData.tor_ln_hostname = await torgen.generateTorFiles(this.destinationPath( path.join( destinationDirName, 'tor/ln/hidden_service' ) )); + this.sessionData.tor_bitcoin_hostname = await torgen.generateTorFiles(this.destinationPath( path.join( destinationDirName, 'tor/bitcoin/hidden_service' ) )); } // creates keys if they don't exist or we say so. @@ -428,8 +430,9 @@ module.exports = class App { prune_size: this.config.data.bitcoin_prune_size, expose: this.config.data.bitcoin_expose, uacomment: this.config.data.bitcoin_uacomment, - torified: this.torifyables.find(data => data.value === 'tor_bitcoinnode').checked, - clearnet: this.isChecked('clearnet', 'clearnet_bitcoinnode') + torified: this.torifyables.find(data => data.value === 'tor_bitcoin').checked, + clearnet: this.isChecked('clearnet', 'clearnet_bitcoinnode'), + tor_hostname: this.sessionData.tor_bitcoin_hostname } }, { @@ -482,6 +485,16 @@ module.exports = class App { host: 'broker', networks: ['cyphernodenet', 'cyphernodeappsnet'], docker: 'eclipse-mosquitto:'+this.config.docker_versions['eclipse-mosquitto'] + }, + { + name: 'Traefik', + label: 'traefik', + host: 'traefik', + networks: ['cyphernodeappsnet'], + docker: 'cyphernode/traefik:'+this.config.docker_versions['cyphernode/traefik'], + extra: { + tor_hostname: this.sessionData.tor_traefik_hostname, + } } ]; @@ -493,7 +506,9 @@ module.exports = class App { networks: ['cyphernodenet', 'cyphernodeappsnet'], docker: "cyphernode/tor:" + this.config.docker_versions['cyphernode/tor'], extra: { - hostname: this.sessionData.tor_hostname, + traefik_hostname: this.sessionData.tor_traefik_hostname, + ln_hostname: this.sessionData.tor_ln_hostname, + bitcoin_hostname: this.sessionData.tor_bitcoin_hostname, } }, otsclient: { @@ -513,8 +528,9 @@ module.exports = class App { expose: this.config.data.lightning_expose, external_ip: this.config.data.lightning_external_ip, implementation: this.config.data.lightning_implementation, - torified: this.torifyables.find(data => data.value === 'tor_lnnode').checked, - clearnet: this.isChecked('clearnet', 'clearnet_lnnode') + torified: this.torifyables.find(data => data.value === 'tor_ln').checked, + clearnet: this.isChecked('clearnet', 'clearnet_lnnode'), + tor_hostname: this.sessionData.tor_ln_hostname } } } diff --git a/cyphernodeconf_docker/lib/torgen.js b/cyphernodeconf_docker/lib/torgen.js index dbb7189..bfe66d3 100644 --- a/cyphernodeconf_docker/lib/torgen.js +++ b/cyphernodeconf_docker/lib/torgen.js @@ -5,21 +5,19 @@ const chalk = require('chalk'); module.exports = class TorGen { - constructor( path ) { - this.path = path || './' - } + async generateTorFiles(path) { + path = path || './' - async generateTorFiles() { - if( !fs.existsSync(this.path) ) { + if( !fs.existsSync(path) ) { console.log(chalk.green( 'Creating Tor Hidden Service directory...' )); - fs.mkdirSync(this.path, { recursive: true }); + fs.mkdirSync(path, { recursive: true }); } - if( !fs.existsSync(this.path + '/hostname') ) { + if( !fs.existsSync(path + '/hostname') ) { console.log(chalk.green( 'Generating Tor Hidden Service secret key, public key and hostname...' )); - const torgenbin = spawn('./torgen/torgen', [this.path]); + const torgenbin = spawn('./torgen/torgen', [path]); try { await stringio.onExit( torgenbin ); } catch( err ) { @@ -32,7 +30,7 @@ module.exports = class TorGen { } try { - var data = fs.readFileSync(this.path + '/hostname', 'utf8'); + var data = fs.readFileSync(path + '/hostname', 'utf8'); // Remove the LF at the end of the host name return data.slice(0, -1); } catch (err) { diff --git a/cyphernodeconf_docker/prompters/100_lightning.js b/cyphernodeconf_docker/prompters/100_lightning.js index 6c81a8d..9c27578 100644 --- a/cyphernodeconf_docker/prompters/100_lightning.js +++ b/cyphernodeconf_docker/prompters/100_lightning.js @@ -57,7 +57,7 @@ module.exports = { Next question is asked when lightning_annouce is YES and (not Tor or (Tor and LN clearnet)). */ { - when: (props) => { return featureCondition(props) && props.lightning_announce && (props.torifyables.indexOf('tor_lnnode') == -1 || props.clearnet.indexOf('clearnet_lnnode') != -1) }, + when: (props) => { return featureCondition(props) && props.lightning_announce && (props.torifyables.indexOf('tor_ln') == -1 || props.clearnet.indexOf('clearnet_lnnode') != -1) }, type: 'input', name: 'lightning_external_ip', default: utils.getDefault( 'lightning_external_ip' ), diff --git a/cyphernodeconf_docker/schema/config-v0.2.3.json b/cyphernodeconf_docker/schema/config-v0.2.3.json index 4e68691..28589ec 100644 --- a/cyphernodeconf_docker/schema/config-v0.2.3.json +++ b/cyphernodeconf_docker/schema/config-v0.2.3.json @@ -205,8 +205,8 @@ "type": "string", "enum": [ "tor_hiddenservice", - "tor_bitcoinnode", - "tor_lnnode", + "tor_bitcoin", + "tor_ln", "tor_otsoperations", "tor_otswebhooks", "tor_addrwatcheswebhooks", @@ -216,8 +216,8 @@ "default": "", "examples": [ "tor_hiddenservice", - "tor_bitcoinnode", - "tor_lnnode", + "tor_bitcoin", + "tor_l", "tor_otsoperations", "tor_otswebhooks", "tor_addrwatcheswebhooks", diff --git a/cyphernodeconf_docker/templates/bitcoin/bitcoin.conf b/cyphernodeconf_docker/templates/bitcoin/bitcoin.conf index fbcd4ba..92e0705 100644 --- a/cyphernodeconf_docker/templates/bitcoin/bitcoin.conf +++ b/cyphernodeconf_docker/templates/bitcoin/bitcoin.conf @@ -17,7 +17,7 @@ zmqpubrawtx=tcp://0.0.0.0:18502 listen=1 -<% if ( torifyables.indexOf('tor_bitcoinnode') !== -1 ) { %> +<% if ( torifyables.indexOf('tor_bitcoin') !== -1 ) { %> #tor proxy=tor:9050 <% if ( clearnet.indexOf('clearnet_bitcoinnode') == -1 ) { %> diff --git a/cyphernodeconf_docker/templates/installer/config.sh b/cyphernodeconf_docker/templates/installer/config.sh index f462565..66865df 100644 --- a/cyphernodeconf_docker/templates/installer/config.sh +++ b/cyphernodeconf_docker/templates/installer/config.sh @@ -13,6 +13,8 @@ TOR_DATAPATH=<%= tor_datapath %> TOR_OTS_WEBHOOKS=<%= (torifyables.indexOf('tor_otswebhooks') != -1)?'true':'false' %> TOR_ADDR_WATCH_WEBHOOKS=<%= (torifyables.indexOf('tor_addrwatcheswebhooks') != -1)?'true':'false' %> TOR_TXID_WATCH_WEBHOOKS=<%= (torifyables.indexOf('tor_txidwatcheswebhooks') != -1)?'true':'false' %> +TOR_BITCOIN=<%= (torifyables.indexOf('tor_bitcoin') != -1)?'true':'false' %> +TOR_LN=<%= (torifyables.indexOf('tor_ln') != -1)?'true':'false' %> <% } %> DOCKER_MODE=<%= docker_mode %> RUN_AS_USER=<%= run_as_different_user?username:'' %> diff --git a/cyphernodeconf_docker/templates/installer/testdeployment.sh b/cyphernodeconf_docker/templates/installer/testdeployment.sh index 946bc48..5f47102 100644 --- a/cyphernodeconf_docker/templates/installer/testdeployment.sh +++ b/cyphernodeconf_docker/templates/installer/testdeployment.sh @@ -81,6 +81,6 @@ printf "\r\n" printf "\033[0;95m<% cns.forEach(cn => { %><%= ('https://' + cn + ':' + traefik_https_port + '/welcome\\r\\n') %><% }) %>\033[0m\r\n" <% if ( features.indexOf('tor') !== -1 ) { %> printf "\033[0;92mYou can also use Tor Browser and navigate to your onion address:\r\n" -printf "\033[0;95mhttps://${TOR_HOSTNAME}:<%= traefik_https_port %>/welcome\033[0m\r\n\r\n" +printf "\033[0;95mhttps://${TOR_TRAEFIK_HOSTNAME}:<%= traefik_https_port %>/welcome\033[0m\r\n\r\n" <% } %> printf "\033[0;92mUse 'admin' as the username with the configuration password you selected at the beginning of the configuration process.\r\n\r\n\033[0m" diff --git a/cyphernodeconf_docker/templates/installer/testfeatures.sh b/cyphernodeconf_docker/templates/installer/testfeatures.sh index 77863c5..083e581 100644 --- a/cyphernodeconf_docker/templates/installer/testfeatures.sh +++ b/cyphernodeconf_docker/templates/installer/testfeatures.sh @@ -441,5 +441,5 @@ echo "${result}" > /gatekeeper/installation.json echo "EXIT_STATUS=${finalreturncode}" > /dist/exitStatus.sh <% if (features.indexOf('tor') != -1) { %> -echo "TOR_HOSTNAME=$(cat /dist/cyphernode/tor/hidden_service/hostname)" >> /dist/exitStatus.sh +echo "TOR_TRAEFIK_HOSTNAME=$(cat /dist/.cyphernodeconf/tor/traefik/hidden_service/hostname)" >> /dist/exitStatus.sh <% } %> diff --git a/cyphernodeconf_docker/templates/lightning/c-lightning/config b/cyphernodeconf_docker/templates/lightning/c-lightning/config index b431b91..cd6a646 100644 --- a/cyphernodeconf_docker/templates/lightning/c-lightning/config +++ b/cyphernodeconf_docker/templates/lightning/c-lightning/config @@ -16,7 +16,7 @@ rgb=<%= lightning_nodecolor %> addr=0.0.0.0:9735 -<% if ( torifyables.indexOf('tor_lnnode') !== -1 ) { %> +<% if ( torifyables.indexOf('tor_ln') !== -1 ) { %> # Tor # proxy=tor:9050 this has to be made at execution time because of getaddrinfo and alpine not being friends, see entrypoint.sh <% if ( clearnet.indexOf('clearnet_lnnode') == -1 ) { %> @@ -26,7 +26,7 @@ disable-dns <% } %> <% if (lightning_announce) { %> # Announcing Tor address -announce-addr=<%= locals.tor_hostname %>:9735 +announce-addr=<%= locals.tor_ln_hostname %>:9735 <% if ( clearnet.indexOf('clearnet_lnnode') !== -1 ) { %> <% if( locals.lightning_external_ip ) { %> # Announcing clearnet address diff --git a/cyphernodeconf_docker/templates/lightning/c-lightning/entrypoint.sh b/cyphernodeconf_docker/templates/lightning/c-lightning/entrypoint.sh index cd3342d..c446a71 100755 --- a/cyphernodeconf_docker/templates/lightning/c-lightning/entrypoint.sh +++ b/cyphernodeconf_docker/templates/lightning/c-lightning/entrypoint.sh @@ -2,7 +2,7 @@ while [ ! -f "/bitcoin_monitor/up" ]; do echo "bitcoin not ready" ; sleep 10 ; done -<% if ( torifyables.indexOf('tor_lnnode') !== -1 ) { %> +<% if ( torifyables.indexOf('tor_ln') !== -1 ) { %> while [ -z "${TORIP}" ]; do echo "tor not ready" ; TORIP=$(getent hosts tor | awk '{ print $1 }') ; sleep 10 ; done echo "Tor ready at IP ${TORIP}" diff --git a/cyphernodeconf_docker/templates/tor/torrc b/cyphernodeconf_docker/templates/tor/torrc index 1e74e73..1912775 100644 --- a/cyphernodeconf_docker/templates/tor/torrc +++ b/cyphernodeconf_docker/templates/tor/torrc @@ -1,12 +1,18 @@ <% if ( torifyables.indexOf('tor_hiddenservice') !== -1 ) { %> -HiddenServiceDir /tor/hidden_service/ +HiddenServiceDir /tor/traefik/hidden_service/ HiddenServiceVersion 3 HiddenServicePort <%= traefik_http_port %> traefik:<%= traefik_http_port %> HiddenServicePort <%= traefik_https_port %> traefik:<%= traefik_https_port %> -<% if ( torifyables.indexOf('tor_lnnode') !== -1 && lightning_expose ) { %> +<% if ( torifyables.indexOf('tor_ln') !== -1 && lightning_expose ) { %> + +HiddenServiceDir /tor/ln/hidden_service/ +HiddenServiceVersion 3 HiddenServicePort 9735 lightning:9735 <% } %> -<% if ( torifyables.indexOf('tor_bitcoinnode') !== -1 && bitcoin_expose) { %> +<% if ( torifyables.indexOf('tor_bitcoin') !== -1 && bitcoin_expose) { %> + +HiddenServiceDir /tor/bitcoin/hidden_service/ +HiddenServiceVersion 3 HiddenServicePort 8333 bitcoin:8333 <% } %> <% } %> diff --git a/cyphernodeconf_docker/torifyables.json b/cyphernodeconf_docker/torifyables.json index 93da55d..b6eefc2 100644 --- a/cyphernodeconf_docker/torifyables.json +++ b/cyphernodeconf_docker/torifyables.json @@ -5,11 +5,11 @@ }, { "name": "Bitcoin Node", - "value": "tor_bitcoinnode" + "value": "tor_bitcoin" }, { "name": "LN Node", - "value": "tor_lnnode" + "value": "tor_ln" }, { "name": "OTS stamp, upgrade and verify", diff --git a/dist/setup.sh b/dist/setup.sh index 1e32255..c54331a 100755 --- a/dist/setup.sh +++ b/dist/setup.sh @@ -401,15 +401,48 @@ install_docker() { if [[ $FEATURE_TOR == true ]]; then if [ ! -d $TOR_DATAPATH ]; then step " create $TOR_DATAPATH" - sudo_if_required mkdir -p $TOR_DATAPATH/hidden_service - sudo_if_required chmod 700 $TOR_DATAPATH/hidden_service + sudo_if_required mkdir -p $TOR_DATAPATH + sudo_if_required chmod 700 $TOR_DATAPATH next fi + if [ ! -d $TOR_DATAPATH/traefik ]; then + step " create $TOR_DATAPATH/traefik" + sudo_if_required mkdir -p $TOR_DATAPATH/traefik/hidden_service + sudo_if_required chmod 700 $TOR_DATAPATH/traefik/hidden_service + next + fi + if [[ $TOR_LN == true ]]; then + if [ ! -d $TOR_DATAPATH/ln ]; then + step " create $TOR_DATAPATH/ln" + sudo_if_required mkdir -p $TOR_DATAPATH/ln/hidden_service + sudo_if_required chmod 700 $TOR_DATAPATH/ln/hidden_service + next + fi + fi + if [[ $TOR_BITCOIN == true ]]; then + if [ ! -d $TOR_DATAPATH/bitcoin ]; then + step " create $TOR_DATAPATH/bitcoin" + sudo_if_required mkdir -p $TOR_DATAPATH/bitcoin/hidden_service + sudo_if_required chmod 700 $TOR_DATAPATH/bitcoin/hidden_service + next + fi + fi copy_file $cyphernodeconf_filepath/tor/torrc $TOR_DATAPATH/torrc 1 $SUDO_REQUIRED - copy_file $cyphernodeconf_filepath/tor/hidden_service/hs_ed25519_secret_key $TOR_DATAPATH/hidden_service/hs_ed25519_secret_key 1 $SUDO_REQUIRED - copy_file $cyphernodeconf_filepath/tor/hidden_service/hs_ed25519_public_key $TOR_DATAPATH/hidden_service/hs_ed25519_public_key 1 $SUDO_REQUIRED - copy_file $cyphernodeconf_filepath/tor/hidden_service/hostname $TOR_DATAPATH/hidden_service/hostname 1 $SUDO_REQUIRED + copy_file $cyphernodeconf_filepath/tor/traefik/hidden_service/hs_ed25519_secret_key $TOR_DATAPATH/traefik/hidden_service/hs_ed25519_secret_key 1 $SUDO_REQUIRED + copy_file $cyphernodeconf_filepath/tor/traefik/hidden_service/hs_ed25519_public_key $TOR_DATAPATH/traefik/hidden_service/hs_ed25519_public_key 1 $SUDO_REQUIRED + copy_file $cyphernodeconf_filepath/tor/traefik/hidden_service/hostname $TOR_DATAPATH/traefik/hidden_service/hostname 1 $SUDO_REQUIRED + + if [[ $TOR_LN == true ]]; then + copy_file $cyphernodeconf_filepath/tor/ln/hidden_service/hs_ed25519_secret_key $TOR_DATAPATH/ln/hidden_service/hs_ed25519_secret_key 1 $SUDO_REQUIRED + copy_file $cyphernodeconf_filepath/tor/ln/hidden_service/hs_ed25519_public_key $TOR_DATAPATH/ln/hidden_service/hs_ed25519_public_key 1 $SUDO_REQUIRED + copy_file $cyphernodeconf_filepath/tor/ln/hidden_service/hostname $TOR_DATAPATH/ln/hidden_service/hostname 1 $SUDO_REQUIRED + fi + if [[ $TOR_BITCOIN == true ]]; then + copy_file $cyphernodeconf_filepath/tor/bitcoin/hidden_service/hs_ed25519_secret_key $TOR_DATAPATH/bitcoin/hidden_service/hs_ed25519_secret_key 1 $SUDO_REQUIRED + copy_file $cyphernodeconf_filepath/tor/bitcoin/hidden_service/hs_ed25519_public_key $TOR_DATAPATH/bitcoin/hidden_service/hs_ed25519_public_key 1 $SUDO_REQUIRED + copy_file $cyphernodeconf_filepath/tor/bitcoin/hidden_service/hostname $TOR_DATAPATH/bitcoin/hidden_service/hostname 1 $SUDO_REQUIRED + fi fi