Support listening on UDS provided by Tor #23

Open
opened 1 year ago by dingrite · 0 comments
dingrite commented 1 year ago

For applications such as cwtch this module needlessly listens on and potentially exposes a local tcp port.

Tor supports mapping an .onion:port to a unix domain socket:
https://2019.www.torproject.org/docs/tor-manual.html.en

HiddenServicePort VIRTPORT [TARGET]
Configure a virtual port VIRTPORT for a hidden service. You may use this option multiple times; each time applies to the service using the most recent HiddenServiceDir. By default, this option maps the virtual port to the same port on 127.0.0.1 over TCP. You may override the target port, address, or both by specifying a target of addr, port, addr:port, or unix:path. (You can specify an IPv6 target as [addr]:port. Unix paths may be quoted, and may use standard C escapes.) You may also have multiple lines with the same VIRTPORT: when a user connects to that VIRTPORT, one of the TARGETs from those lines will be chosen at random. Note that address-port pairs have to be comma-separated.

eg:

HiddenServicePort 80 unix:/var/run/nginx.sock

For applications such as cwtch this module needlessly listens on and potentially exposes a local tcp port. Tor supports mapping an .onion:port to a unix domain socket: https://2019.www.torproject.org/docs/tor-manual.html.en HiddenServicePort VIRTPORT [TARGET] Configure a virtual port VIRTPORT for a hidden service. You may use this option multiple times; each time applies to the service using the most recent HiddenServiceDir. By default, this option maps the virtual port to the same port on 127.0.0.1 over TCP. You may override the target port, address, or both by specifying a target of addr, port, addr:port, **or unix:path**. (You can specify an IPv6 target as [addr]:port. Unix paths may be quoted, and may use standard C escapes.) You may also have multiple lines with the same VIRTPORT: when a user connects to that VIRTPORT, one of the TARGETs from those lines will be chosen at random. Note that address-port pairs have to be comma-separated. eg: HiddenServicePort 80 unix:/var/run/nginx.sock
Sign in to join this conversation.
No Milestone
No Assignees
1 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.