💾 Archived View for tilde.team › ~tomasino › journal › 20220226-cosmic-on-tor.gmi captured on 2024-12-17 at 11:05:07. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-03-01)

-=-=-=-=-=-=-

Cosmic Voyage on Tor

About two years ago I shared my technique for getting tilde.black's gemini server served over the tor network. You can read about that here:

Gemini on Tor

I'm not sure why it took me so long to follow up with cosmic voyage. For a while I didn't have cosmic on gemini at all, and then it was sort of a hack of generated code I wasn't proud of. Now it's a nice, sophisticated portal to the gopher content. You can see the source here:

Cosmic Voyage Gemini Server (tildegit)

Want to try it? (from your client using a tor socks proxy)

Cosmic Voyage on Tor

Want to see a picture?

Picture of AV-98 running tilde.black over tor!

The jetforce wrapper

Similar to how I handled tilde.black, I created a composite app for jetforce. This time I just passed each of the composite host names the same app to run, though. That app is significantly more complicated than the static directory serving tilde.black had, but the premise is the same. Then I used that composite app to start the gemini server, listen on IPV6 and IPV4, and pass in the cert info.

from jetforce import GeminiServer
from jetforce.app.composite import CompositeApplication
from app import app

composite_app = CompositeApplication(
    {
        "cosmic.voyage": app,
        "cosmiclbou7ypgww4lcs4an3z6otqoevqk6q5jcxml7v7geqml7dlyad.onion": app,
        None: app,
    }
)

if __name__ == "__main__":
    server = GeminiServer(composite_app, host="::", certfile="/etc/gemini/cosmic.voyage.crt", keyfile="/etc/gemini/cosmic.voyage.key")
    server.run()

Set up tor

Adding the handler to tor is a one-liner. Just tell it to watch for port 1965.

HiddenServicePort 1965 127.0.0.1:1965

Testing

It was actually a little tricky to find clients that would work over tor. My first attempt was with Amfora, which has a AMFORA_SOCKS5 environment variable that's supposed to enable use of the socks proxy. I couldn't find the syntax to make that work, though.

I had used Kristall to test tilde.black back in the day. Sadly that didn't work this time around. Kristall doesn't seem to have any menu config to select a proxy, so I went with the torsocks/torify approach. Running the latest Kristall via torsocks/torify results in the following core dump:

1645893418 WARNING torsocks[887149]: [syscall] Unsupported syscall number 39. Denying the call (in tsocks_syscall() at syscall.c:605)
Assertion 'fclose_nointr(f) != -EBADF' failed at src/basic/fd-util.c:121, function safe_fclose(). Aborting.
Aborted (core dumped)

Maybe xq will know what's going on there, but it's over my head.

Bombadillo likewise didn't care much for the tor proxy, but AV-98 did the trick.

Now the question is how many people out there are browsing gemini over tor? Any of our squeaky wheel security folks trying it? What about servers? Anyone else serving content over tor?

Originally Published 2022-02-26 at: gemini://tilde.team/~tomasino/journal/20220226-cosmic-on-tor.gmi

If you have questions or thoughts to add please send me a link to your response.

Contact Information