[bug] Issues with tor federation — akkoma trying to connect to hidden services through https #399
Labels
No labels
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
No milestone
No project
No assignees
3 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: AkkomaGang/akkoma#399
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Your setup
OTP
Extra details
Debian 11
Version
No response
PostgreSQL version
No response
What were you trying to do?
I've tried to set up tor/onion federation as described in https://docs.akkoma.dev/stable/configuration/onion_federation/ . I have a self-hosted clearnet instance, and i created a tor-only instance as well to test this. However, I've ran into a lot of problems, mostly with outgoing connections to hidden services. Akkoma only supports http proxies (not socks), but tor doesn't include a full http proxy for outgoing connections. I was getting errors because of this when trying to e.g. search a user that was on a hidden service. I switched to proxying through privoxy (http -> socks5), and that fixed those errors, but akkoma is still doing behavior that makes hidden service federation difficult. When searching for a user, e.g. @abc@abc.onion, akkoma will try to look up the
/.well-known/host-meta
through https, which won't work for hidden services because they run over http. I think this causes the proxy to give a 503 error. for example,this makes me unable to search for / federate with users on hidden services. I'm not really sure what to do to fix this.
What did you expect to happen?
Akkoma should connect to hidden services (*.onion) over http
What actually happened?
Akkoma attempts to connect to hidden services over https
Logs
No response
Severity
I cannot use it as easily as I'd like
Have you searched for this issue?
Am I correct that this is only when searching for a user unknown to the instance using the format
username@instance.tld
?(I.e. using the format
http://instance.onion/users/username
does work. And fetching posts by their url also works. And once the user is known to the instanceusername@instance.tld
probably also works.)Because then I believe the problem is just that akkoma is hardcoded to fetch over https when querying webfinger. (Maybe we should add a fallback to try http when https fails for webfinger?)
If you want to try socks5, you can try to replace
config :pleroma, :http, proxy_url: "http://localhost:9080"
withconfig :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}
. The latter is how the docs used to say how to do it. I'm unsure why it changed though, so maybe there's problems I don't know about.iirc i tried to fetch it over the
http://x.onion/users/username
and it did fetch their user page correctly but i think still tried to fetch the webfinger over https.the socks5 thing doesnt work, and i saw somewhere in the pull requests that they had removed support for socks5.. i think they probably just removed the module from the build or something though so maybe just adding it would work? im not sure.
I know it's been a while since this issue was made, but I'd really like to encourage work to be done on this specific issue. I personally have interest in running Akkoma with Tor support so if there's anything I can do to help make it happen, I'd love to hear it. I don't really understand Elixir so uhh, I might not be of much help though.