From eedec4b226b310d5a08a869fc8efa9061c0de50a Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Fri, 2 Mar 2018 18:21:54 +0100 Subject: added improvised onion service site --- contrib/k8s-emc/onion-hack/stream-site-cm.yml | 61 +++++++++++++++ contrib/k8s-emc/onion-hack/stream-site-deploy.yml | 93 +++++++++++++++++++++++ contrib/k8s-emc/onion-hack/stream-site-secret.yml | 14 ++++ 3 files changed, 168 insertions(+) create mode 100644 contrib/k8s-emc/onion-hack/stream-site-cm.yml create mode 100644 contrib/k8s-emc/onion-hack/stream-site-deploy.yml create mode 100644 contrib/k8s-emc/onion-hack/stream-site-secret.yml diff --git a/contrib/k8s-emc/onion-hack/stream-site-cm.yml b/contrib/k8s-emc/onion-hack/stream-site-cm.yml new file mode 100644 index 0000000..556bfe3 --- /dev/null +++ b/contrib/k8s-emc/onion-hack/stream-site-cm.yml @@ -0,0 +1,61 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: emc + name: stream-site-public-onion + labels: + app: nginx + type: stream-site + stream: public-onion +data: + torrc: | + ## Set DataDirectory + DataDirectory /var/lib/tor + + ## Do not act as a SOCKS proxy + SOCKSPort 0 + + ## Publish a hidden service + HiddenServiceDir /srv/onion_service/ + HiddenServicePort 80 127.0.0.1:8080 + + HiddenServiceNonAnonymousMode 1 + HiddenServiceSingleHopMode 1 + nginx.conf: | + worker_processes 4; + pid /srv/nginx.pid; + error_log /dev/stderr notice; + + events { + worker_connections 768; + # multi_accept on; + } + + http { + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + + server_names_hash_bucket_size 64; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + access_log /dev/null; + + server { + listen 127.0.0.1:8080 default_server; + + server_name _; + + root /srv/www; + + location /js/config.js { + alias /srv/config/config.js; + } + } + } + config.js: | + var config = {"resolutions": {"1080p25": {"width": 1920, "height": 1080, "rate": "25/1"}, "720p25": {"width": 1280, "height": 720, "rate": "25/1"}, "480p25": {"width": 854, "height": 480, "rate": "25/1"}, "360p25": {"width": 640, "height": 360, "rate": "25/1"}, "240p25": {"width": 426, "height": 240, "rate": "25/1"}}, "profiles": {"full": {"video": "1080p25", "audio": 160}, "high": {"video": "720p25", "audio": 160}, "medium": {"video": "480p25", "audio": 128}, "low": {"video": "360p25", "audio": 96}, "mini": {"video": "240p25", "audio": 64}, "rec": {"video": "1080p25", "audio": 0}}, "muxes": {"av-orig": {"video": "sdi-orig:video", "audio": "sdi-orig:audio", "formats": {"flash": ["high", "medium", "low", "mini"], "webm": ["high", "medium", "low", "mini"]}}, "audio-orig": {"audio": "sdi-orig:audio", "formats": {"ogg": ["high", "medium", "low", "mini"], "mp3": ["high", "medium", "low", "mini"]}}}, "streamBaseUrl": "http://elevatexfonbiisp.onion:8000"}; diff --git a/contrib/k8s-emc/onion-hack/stream-site-deploy.yml b/contrib/k8s-emc/onion-hack/stream-site-deploy.yml new file mode 100644 index 0000000..8ae9b14 --- /dev/null +++ b/contrib/k8s-emc/onion-hack/stream-site-deploy.yml @@ -0,0 +1,93 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: emc + name: stream-site-public-onion + labels: + app: nginx + type: stream-site + stream: public-onion +spec: + replicas: 1 + selector: + matchLabels: + app: nginx + type: stream-site + stream: public-onion + strategy: + type: Recreate + revisionHistoryLimit: 5 + template: + metadata: + labels: + app: nginx + type: stream-site + stream: public-onion + spec: + nodeName: emc-00 + securityContext: + runAsUser: 998 + fsGroup: 998 + initContainers: + - name: prepare-onion + image: busybox + command: ['sh', '-c', 'mkdir /srv/onion_service && cp /secrets/onion_service/* /srv/onion_service && chown -R 998:998 /var/lib/tor /srv/onion_service && chmod 0750 /var/lib/tor && chmod 0700 /srv/onion_service'] + securityContext: + runAsUser: 0 + volumeMounts: + - name: home + mountPath: /srv + - name: onion-lib + mountPath: /var/lib/tor + - name: onion-service + mountPath: /secrets/onion_service/ + containers: + - name: nginx + image: spreadspace/nginx-streaming:4 + imagePullPolicy: Always + args: + - nginx + - -c + - /srv/config/nginx.conf + - -g + - "daemon off;" + volumeMounts: + - name: home + mountPath: /srv + - name: nginx-lib + mountPath: /var/lib/nginx + - name: config + mountPath: /srv/config + - name: www + mountPath: /srv/www + - name: onion-service + image: spreadspace/onion-service:master-23 + imagePullPolicy: Always + args: [ '/usr/bin/tor', '-f', '/srv/config/torrc', '--RunAsDaemon', '0' ] + volumeMounts: + - name: home + mountPath: /srv + - name: onion-lib + mountPath: /var/lib/tor + - name: config + mountPath: /srv/config + volumes: + - name: home + emptyDir: + medium: Memory + - name: onion-lib + emptyDir: + medium: Memory + - name: nginx-lib + emptyDir: + medium: Memory + - name: config + configMap: + name: stream-site-public-onion + - name: www + hostPath: + type: Directory + path: /srv/www/emc18 + - name: onion-service + secret: + secretName: stream-site-public-onion diff --git a/contrib/k8s-emc/onion-hack/stream-site-secret.yml b/contrib/k8s-emc/onion-hack/stream-site-secret.yml new file mode 100644 index 0000000..00ca264 --- /dev/null +++ b/contrib/k8s-emc/onion-hack/stream-site-secret.yml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Secret +metadata: + namespace: emc + name: stream-site-public-onion + labels: + app: nginx + type: stream-site + stream: public-onion +type: Opaque +data: + hostname: "" + private_key: "" + onion_service_non_anonymous: "" -- cgit v1.2.3