Conversation
Notices
-
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 20:34:54 JST 
† top dog :pedomustdie:
@mint @i @splitshockvirus @mint whats funny is poast ass with cloudflare is giving me a bunch of errors kek - likes this.
-
(mint@ryona.agency)'s status on Sunday, 28-May-2023 20:35:30 JST 
@dcc @mint @i @splitshockvirus Yeah, it's expected when you route *everything* outgoing through Tor. I've had a guide for Privoxy somewhere, lemme find it. -
スプリットショックウイルス † (splitshockvirus@pl.starnix.network)'s status on Sunday, 28-May-2023 20:36:27 JST 
スプリットショックウイルス †
@dcc @i @mint poast blocks Tor but not entirely -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 20:36:27 JST
@splitshockvirus @dcc @i I think it's just using Cloudflare's headers to filter it. Some newer exit nodes manage to slip through. -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 20:36:55 JST
@dcc @i @mint @splitshockvirus https://ryona.agency/notice/AOyOR9lhHEhvDtWavI -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 20:38:26 JST
@dcc @i @splitshockvirus Yeah, you need some proxy that sits before Tor and routes clearnet through your regular connection, and onion sites through Tor. Privoxy seems to be working fine for me, it's been a year. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 20:38:27 JST
† top dog :pedomustdie:
@splitshockvirus @i @mint so by having this config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050} poop ass gets to spam my error logs? :pepe_hype: -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 20:46:00 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus i see, i will set it up then :pepe_like: likes this. -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 20:55:23 JST
@dcc @i @splitshockvirus Show the config. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 20:55:24 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus im geting a Invalid header received from client. lol -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 20:58:01 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus user-manual /usr/share/doc/privoxy/user-manual
confdir /etc/privoxy
listen-address 127.0.0.1:7777
toggle 1
enable-remote-toggle 0
enable-edit-actions 0
enable-remote-http-toggle 0
max-client-connections 65535
buffer-limit 4096
logfile /dev/null
forward / .
forward-socks5t nfg3pbejnvp4xxppglvtj7trfwhkesnsj2cxmsjlvipqnjqpedacngyd.onion 127.0.0.1:9050 . -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 20:58:01 JST
@dcc @i @splitshockvirus Don't forward a single host, forward the whole zone.
forward / .
forward-socks5t .onion 127.0.0.1:9050 . -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 21:00:30 JST
@dcc @i @splitshockvirus Wait a minute, are you routing Privoxy's internal address through Tor? Why? -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:00:31 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus now the site is just dead kek -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:06:01 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus i copied your config from the thread you posted -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 21:06:01 JST
@dcc @i @splitshockvirus Let's start from the scratch and begin with Tor mirror, which does not equal Tor federation.
1. Find your nginx (or whatever you use) config for clearnet address of your instance.
2. Make a copy of it, edit it to listen on the port you defined in Tor config, change the hostname to your onion address and strip all mentions of SSL.
3. Restart nginx and see if it works.
You'd also need to do some rewrites for media, but that's to be done after the basic setup. -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 21:21:34 JST
@dcc @i @splitshockvirus Seems to be working now, albeit with local images and stuff still pointing to clearnet. Don't know how to set the rewrites in Cowboy, sorry, so figure that out yourself (in nginx it's done with mod_rewrite, just buffer the response for location /api/ and rewrite all mentions of https://annihilation.social with http://onionaddress). -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:21:35 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus o i see -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:29:13 JST
† top dog :pedomustdie:
@i @mint @splitshockvirus with it on the corret port im still geting geting that error Invalid header received from client. -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 21:29:13 JST
@dcc @i @splitshockvirus You sure it's your webserver running on that port and not the proxy? Because I've checked it once and it worked, but now it does send the invalid header. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:29:14 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus its not working for me lol -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:29:14 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus one sec -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 21:34:18 JST
@dcc @i @splitshockvirus ProxyPass is Cowboy's config? Don't pass it to Privoxy, pass it to Pleroma instead (should be at 127.0.0.1:4000 by default). -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:34:19 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus what i have now is this
HiddenServiceDir /var/lib/tor/pleroma_hidden_service/
HiddenServicePort 80 127.0.0.1:80
listen-address 127.0.0.1:7777
ProxyPass / http://127.0.0.1:7777/
config :pleroma, :http, proxy_url: "127.0.0.1:7777" -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 21:36:44 JST
@dcc @i @splitshockvirus Ah, I though you're using it as a server, but turns out it's what Pleroma itself uses as internal server. Regardless, point it to Pleroma. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:36:47 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus ah, im using apache kek -
:blank: (i@declin.eu)'s status on Sunday, 28-May-2023 21:37:05 JST 
:blank:
@dcc @splitshockvirus @mint neko'esque, apache needs to die already likes this. -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 21:37:56 JST
@dcc @i @splitshockvirus Actually, just show the Apache config for the main, clearnet domain. That'll make things easier. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:40:30 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus <VirtualHost *:443>
#CustomLog "/var/log/httpd/annihilation.social.log" common
ServerName annihilation.social
#ServerAlias nfg3pbejnvp4xxppglvtj7trfwhkesnsj2cxmsjlvipqnjqpedacngyd.onion
DocumentRoot /var/www/frenhost
# Uncomment the following to enable MediaProxy caching on disk
CacheRoot /tmp/pleroma-media-cache/
CacheDirLevels 1
CacheDirLength 2
CacheEnable disk /proxy
CacheLock on
CacheHeader on
CacheDetailHeader on
## 16MB max filesize for caching, configure as desired
CacheMaxFileSize 16000000
CacheDefaultExpire 86400
proxypass /joe.mp4 !
proxypass /anni.png !
proxypass /images/city.jpg http://annihilation.social/anni.png
RewriteEngine On
RewriteCond %{HTTP:Connection} Upgrade [NC]
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteRule /(.*) ws://127.0.0.1:7776/$1 [P,L]
#ProxyRequests must be off or you open your server to abuse as an open proxy
ProxyRequests off
ProxyPass / http://127.0.0.1:7776/
ProxyPassReverse / http://127.0.0.1:7776/
ProxyPreserveHost On
SSLCertificateFile /etc/letsencrypt/live/annihilation.social/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/annihilation.social/privkey.pem
ErrorLog /var/log/httpd/anni.error.log
CustomLog /var/log/httpd/anni.access.log combined
<Location /api/v1/pleroma/admin>
Require ip 23.24.204.110
</Location>
<Location /api/pleroma/admin>
Require ip 23.24.204.110
</Location>
</VirtualHost> likes this. -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 21:45:08 JST
@dcc @i @splitshockvirus This should probably work.
After that, change Tor config to point to 127.0.0.1:7755.
HiddenServicePort 80 127.0.0.1:7755
anni.tor -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 21:57:52 JST
@dcc @i @splitshockvirus It doesn't open at all right now for me. What happens if you curl -v 127.0.0.1:7755 from your server? -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:57:53 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus it seems to be redirng to https?? -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 21:57:53 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus when you go to nfg3pbejnvp4xxppglvtj7trfwhkesnsj2cxmsjlvipqnjqpedacngyd.onion does it say your using https? -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:03:42 JST
@dcc @i @splitshockvirus Which address? Looking at your config, Pleroma is at 7776 and Privoxy is at 7777. You shouldn't expose your Privoxy anywhere, and the config should expose Pleroma running locally at 7776 to the port 7755 which then is routed through Tor. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:03:43 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus nothing, the pleroma and listen-address should still be 7777 right? -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:07:58 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus i see, should i still should have the config :pleroma, :http, proxy_url: "127.0.0.1:7777" right? -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:07:58 JST
@dcc @i @splitshockvirus Yeah, it's for federation with onion instance. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:20:14 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus everything should be right -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:20:14 JST
@dcc @i @splitshockvirus Still getting SOCKS5 request failed. What does the output of `curl -v 127.0.0.1:7755/api/v1/instance`, `curl -v 127.0.0.1:7776/api/v1/instance` and `netstat -tulpn` show? -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:21:45 JST
@dcc @i @splitshockvirus Have you enabled the config and restarted Apache? Just making sure. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:21:46 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus nothing on 7755 and something ofc on 7776 -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:23:36 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus yes -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:23:36 JST
@dcc @i @splitshockvirus I forgot that Apache needs a list of explicitly defined ports. Add "Listen 127.0.0.1:7755" to /etc/apache2/ports.conf. Machismo likes this. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:27:54 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus hmm yes
Origin of the request: http://nfg3pbejnvp4xxppglvtj7trfwhkesnsj2cxmsjlvipqnjqpedacngyd.onion
This happens when you are attempting a socket connection to
a different host than the one configured in your config/
files. For example, in development the host is configured
to "localhost" but you may be trying to access it from
"127.0.0.1". To fix this issue, you may either:
why does this happen? -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:27:54 JST
@dcc @i @splitshockvirus Don't worry if you're connecting through curl. Seems to be working now on Tor proper.
Screenshot_20230528_162713.png -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:27:55 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus thier we go :pepe_hype: -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:28:43 JST
@dcc @i @splitshockvirus Images are still served through clearnet, but apparently you coudl rewrite then with mod_substitute. Try this config.
anni.tor -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:30:57 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus Unknown filter provider INFLATE -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:30:57 JST
@dcc @i @splitshockvirus Change INFLATE;SUBSTITUTE;DEFLATE to SUBSTITUTE and see if it helps. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:34:15 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus same issuse Unknown filter provider SUBSTITUTE
https://httpd.apache.org/docs/2.4/mod/mod_filter.html#addoutputfilterbytype -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:34:15 JST
@dcc @i @splitshockvirus Run a2enmod mod_substitute (a2enmod substitute if it fails). -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:36:26 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus thats amazing, thank you very much good sir likes this. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:36:27 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus just had to uncomment it lol -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:39:19 JST
@dcc @i @splitshockvirus No problem. I wouldn't use Apache in your place, but if that works for you, so be it. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:41:26 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus im going to guess you would say ngnix, tbh i want to move to light http but i dont think its feasible likes this. -
(mint@ryona.agency)'s status on Sunday, 28-May-2023 22:44:15 JST
@dcc @i @splitshockvirus It should be if there's a module for rewriting the response *body*, but I don't see it at least in the official wiki. -
† top dog :pedomustdie: (dcc@annihilation.social)'s status on Sunday, 28-May-2023 22:47:08 JST
† top dog :pedomustdie:
@mint @i @splitshockvirus i have a few other configs that seems to also be pains to move over to light http (searxng, peertube, ans how i proxy pass my matrix) likes this.
All 076萌SNS content and data are available under the 
