-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[REQUEST] enable control port access (already possible?) #76
Comments
Hi @coffeel0ver, thanks for your kind words.
I already developed tor-controller/controllers/tor/tor_configmap.go Lines 74 to 82 in f60092b
You can enable Tor's control port in OnionService and OnionBalancedService using the extraConfig attribute. Examples: # OnionService
apiVersion: tor.k8s.torproject.org/v1alpha2
kind: OnionService
metadata:
name: onionservice-controlport-enabled
spec:
version: 3
rules: [...]
extraConfig: |
ControlPort 0.0.0.0:9051
HashedControlPassword yourhashedpasswordhere # OnionBalancedService
apiVersion: tor.k8s.torproject.org/v1alpha2
kind: OnionBalancedService
metadata:
name: onionbalancedservice-controlport-enabled
spec:
backends: 3
template:
spec:
version: 3
rules: [...]
extraConfig: |
ControlPort 0.0.0.0:9051
HashedControlPassword yourhashedpasswordhere
I currently don't take donations for any of my projects. But if you still do want to contribute you can donate to Tor project instead https://donate.torproject.org so that all of us can keep using Tor network : ) Regards, |
Hey @bugfest let me explain the problem a bit more in detail: As you are using the following definition for the OnionService:
tor is returning this error:
With the current torfile it is not possible to set a ControlPort via extraConfig option in the yaml, since the torfile already contains ControlPort 0 before the extraConfig is appended. Could you please edit the torfile and remove the ControlPort from this file? ControlPort should be disabled by tor by default (no need to explicitly define it in the torfile). Aside from that it's not exposed, without a service anyways. Could you please make this small edit, otherwise it won't be able to use the |
Hi @coffeel0ver, I'll work on this feature as soon as I can. In the mean time, good news is I found a way to override this setting via ExtraConfig, as per
I got it working with the following:
Can you double check this unblocks your issue? Regards, |
Hi @bugfest;
I can confirm this works!
Thank you for the workaround, maybe you can place this into the next version, think it's easier and more handy to understand instead ofgoing this way.
Thanks and all the best;
…--
7. Apr. 2024, 13:23 von ***@***.***:
Hi > @coffeel0ver <https://github.com/coffeel0ver>> , I'll work on this feature as soon as I can. In the mean time, good news is I found a way to override this setting via ExtraConfig, as per > torrc> manual page:
>
>
> THE CONFIGURATION FILE FORMAT
> (...)
> Alternatively, you might want to remove every instance of an option in the configuration file, and not replace it at all: you might want to say on the command line that you want no SocksPorts at all. To do that, prefix the option name with a forward slash (/). You can use the plus sign (+) and the forward slash (/) in the configuration file and on the command line.
>
>
>
I got it working with the following:
...spec: ... extraConfig: | /ControlPort +ControlPort 0.0.0.0:9051 HashedControlPassword 16:8716E5455708558C60352B1BB3609AC392D0F3619D4056D276B1B39641
Can you double check this unblocks your issue?
Regards,
BF
—
Reply to this email directly, > view it on GitHub <#76 (comment)>> , or > unsubscribe <https://github.com/notifications/unsubscribe-auth/BBI5BDZKMU5G6BAZYW3MGPTY4EUBZAVCNFSM6AAAAABFAHQHWOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDANBRGQZTKNZYGM>> .
You are receiving this because you were mentioned.> Message ID: > <bugfest/tor-controller/issues/76/2041435783> @> github> .> com>
|
First of all thank you @bugfest for this repo.
I would like to use the control port on an OnionService to be able to kill specific onion curcuits to prevent flooding attacks.
I haven't found a way to enable control port for an OnionService/OnionBalancedService in the documentation.
Is there a way to to enable it and allow connection from other apps inside the cluster?
If not, could you please add this feature? It won't break any of the functions itself from my point of view.
Is there a donations page for this project?
Thanks in advance!
The text was updated successfully, but these errors were encountered: