Closed sr-gi closed 1 year ago
mariocynicys
commented
1 year ago Well, it makes sense to use the bind address + port of the public API. But in what case did something like this (tower unavailable through tor) happen? It's always the case that the tor interface is running in the same machine as the public API (or you tried redirect tor traffic to another tower?).
sr-gi
commented
1 year ago Well, it makes sense to use the bind address + port of the public API. But in what case did something like this (tower unavailable through tor) happen? It's always the case that the tor interface is running in the same machine as the public API (or you tried redirect tor traffic to another tower?).
This relates to how the Tor node tries to redirect the Tor traffic to the tower backend. Prior to this, our code was assuming that, if --torsupport was enabled, the clearnet API was offered in localhost, which is not true (notice the hardcoded 127.0.0.1 in the diff for where the http_api_endpoint is hosted). What tor.rs was doing was, basically, analogous to this (source):
HiddenServicePort 80 127.0.0.1:80The HiddenServicePort line specifies a virtual port (that is, the port that people visiting your Onion Service will be using), and in the above case it says that any traffic incoming to port 80 of your Onion Service should be redirected to 127.0.0.1:80 (which is where the web server from step 1 is listening).
But, as stated, the HTTP API was not being offered there.
sr-gi
commented
1 year ago @tee8z you may be interested in this.
Traffic routed trough Tor was being redirected to localhost indistinguishably of whether the public http API was being offered there or not. This made the tower unavailable (trough Tor) when it was being offered both in clearnet and Tor.