[metrics-bugs] #33536 [Internal Services/Tor Sysadmin Team]: Add aliases to apache config on check-01

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Mar 5 15:16:55 UTC 2020


#33536: Add aliases to apache config on check-01
-------------------------------------------------+-------------------------
 Reporter:  irl                                  |          Owner:  anarcat
     Type:  task                                 |         Status:  closed
 Priority:  Very High                            |      Milestone:
Component:  Internal Services/Tor Sysadmin Team  |        Version:
 Severity:  Critical                             |     Resolution:  fixed
 Keywords:                                       |  Actual Points:
Parent ID:  #33507                               |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------
Changes (by anarcat):

 * status:  accepted => closed
 * resolution:   => fixed


Comment:

 commitlog has the wrong ticket number, but that's basically it:

 {{{
 commit 71427b0c6265ddd74d36439060308e33e3dd297f (HEAD -> master)
 Author: Antoine Beaupré <anarcat at debian.org>
 Date:   Thu Mar 5 10:12:10 2020 -0500

     add another legacy alias for check.tpo (#33362)

 diff --git a/modules/profile/templates/check/vhost.erb
 b/modules/profile/templates/check/vhost.erb
 index e09fa448..0704de7b 100644
 --- a/modules/profile/templates/check/vhost.erb
 +++ b/modules/profile/templates/check/vhost.erb
 @@ -18,12 +18,19 @@ Use common-tor-vhost-https-redirect <%= @vhost_name %>
                  Require all granted
          </Directory>

 +        # XXX: update the ProxyPass exclusions below to match this list
 +        # TODO: figure out a better way than copy-paste here
          Alias /exit-addresses /srv/tordnsel.torproject.org/lists/latest
          Alias /lists /srv/tordnsel.torproject.org/lists
 +        Alias /torbulkexitlist /srv/tordnsel.torproject.org/lists/bulk
 +        Alias /cgi-bin/TorBulkExitList.py
 /srv/tordnsel.torproject.org/lists/bulk

          <IfModule mod_proxy.c>
 +                # XXX: should match above list
                  ProxyPass /exit-addresses !
                  ProxyPass /lists !
 +                ProxyPass /torbulkexitlist !
 +                ProxyPass /cgi-bin/TorBulkExitList.py !
                  ProxyPass / http://127.0.0.1:8080/
                  ProxyPassReverse / http://127.0.0.1:8080/
          </IfModule>
 }}}

 looking at
 [https://trac.torproject.org/projects/tor/ticket/33362#comment:4 this
 comment], i'll note there might also be gaps in the URLs here:

 {{{
 RewriteRule ^/$ /torcheck/ [PT]
 ProxyPass /api http://127.0.0.1:8000/api retry=10
 ProxyPass /torcheck/ http://127.0.0.1:8000/ retry=10
 }}}

 in other words:

  * `^/$` should be passed to the proxy engine as `/torcheck/`
  * `/torcheck/` (and below?) are passed to `http://127.0.0.1:8000/`
  * `/api` (and below?) are passed as above

 We do handle `^/$` but not specifically `/torcheck` or `/api`. I assume
 you have those covered, but because they seem really important and they
 are not explicitly mentioned in the config, i figured i'd mention it again
 just in case. :)

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33536#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the metrics-bugs mailing list