Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I would like to add support for self-configuring Tor and I2P Services to Gitea #15544

Closed
eyedeekay opened this issue Apr 19, 2021 · 2 comments
Closed

I would like to add support for self-configuring Tor and I2P Services to Gitea #15544

eyedeekay opened this issue Apr 19, 2021 · 2 comments
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@eyedeekay
Copy link
Contributor

  • Gitea version (or commit ref): 1.14.1
  • Git version: 2.31.0
  • Operating system: Debian GNU/Linux

It is currently possible, however a little difficult, to run Gitea safely as a service on privacy-protecting overlay networks like Tor and I2P. I would like to add the ability to host Gitea using Tor and I2P without additional configuration by using the existing libraries for both networks which implement the neccesary Go network interfaces, net.Listener, net.Addr, and net.Conn. This is of course beneficial to privacy-sensitive project hosting, but it also lowers the barrier for self-hosters in general since it can be easier and safer to host services in one's own residence when using Tor or I2P to obfuscate the location. Other benefits are easier HTTPS support for hidden services.

It would suggest possibly adding some flags to the command, perhaps --tor to indicate that it should run as a Tor service, --i2p to run as an I2P service. When using those, the gitea web interface should normally be inaccessible anywhere but the localhost to prevent correlating a non-anonymous and anonymous service. Therefore it should also have a --bridged to run as a non-private web service at the same time, as in a situation where a service wishes to exist on many networks at the same time and does not need to maintain anonymity. I believe that both --tor and --i2p should be strings and not booleans, which should reflect the respective control interfaces for their routers, for example --tor=127.0.0.1:9050 and --i2p=127.0.0.1:7656. Keys will then be generated, which will need to be stored somewhere. This could be specified with yet-another flag or with a config option. In the event that --i2p or --tor is specified, then an SSH listener for the respective service should be started automatically as well.

Adding this support is roughly one evening's worth of work at my best guess, and I'd like to add this feature in the near future.
@6543 6543 added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label May 17, 2021
@6543
Copy link
Member

6543 commented May 17, 2021

I dont think we should integrate it directly into gitea (tor/i2p)

Whatvare the concerns gitea, you can change config to make gitea obly listen to localhost via app.ini

@techknowlogick
Copy link
Member

It is possible to host behind tor/i2p, and if you'd like to bind to specific interface,etc.. please refer to docs on how to accomplish: https://docs.gitea.io/en-us/config-cheat-sheet/

@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@techknowlogick @eyedeekay @6543