socket.io and Tor problematic to run
-
Hi all!
I just want to say my two cents about socket.io and Tor , it's seems to me really a puzzle, because currently only version 3.1.2 works with Tor, but it took some time and adjustment to make it run.
Especially on Nginx side, i will not mention what i gone trough, but i think if the devs of nodebb clearly can point why they don't consider Tor as theirs major group of users than i would understand and appreciate the feedback.
Is this how the current development of nodebb would continue in the future?
If Tor not supported fully, well i must think about fork for the Tor case usage Nodebb, it's clearly not what i wish or have time for, but if the situation with Tor support not improve i will consider to do the fork of the NodeBB for Tor. -
@NikolaiPatrushev can you access our forum with tor browser without errors? Or is it happening here as well? v3.1.3 has a security fix that changes how we connect with socket.io https://github.com/NodeBB/NodeBB/pull/11573 essentially it uses the csrf_token during the initial connection. Not sure why that breaks tor browser and not others.
-
You mean this https://rrjybnxgjelnxsnq4jsctsznhhgugq4kmqy44qtl7eeqnn6u5o5yrwad.onion , this even not opening.
Ok i opened this forum in Tor browser https://community.nodebb.org and observe following:
https://community.nodebb.org/socket.io
?_csrf=7000da5c5eb90fcc61cbb668b84bc7d762c3d7bb76d1a9394168613a037a09d68ab1021e40d3edfa677f0ff96db394124f823085daf5e7806f76f50974aa1d .
In my case my forum does not generate csrf, so what should i do?
I looked the config.json, but there not description how to enable it.
Is this some special Nginx issue? Because i use it behind my forum in Tor and it works only with version 3.1.2.
I dont consider that devs decision to use socket.io make sense to me, personally i dont see a use case for such feature. -
You mean this https://rrjybnxgjelnxsnq4jsctsznhhgugq4kmqy44qtl7eeqnn6u5o5yrwad.onion , this even not opening.
This is not official NodeB-yo-B website in onion network, I created this onion mirror for the test and after finished terminated server.
https://community.nodebb.org/socket.io ?_csrf=7000da5c5eb90fcc61cbb668b84bc7d762c3d7bb76d1a9394168613a037a09d68ab1021e40d3edfa677f0ff96db394124f823085daf5e7806f76f50974aa1d
I was view and sign up on your forum in tor and don't have error with socket.
guest visit
after sing up
-
@brazzerstop It works, because i run version 3.1.2 and thanks for putting it out here , my original questions was , what about future versions , how i can generate the csrf token, because in 3.1.3 and upwards it would work only if csrf provided?
-
@NikolaiPatrushev hm, interesting... I think this forum works on version 3.1.4 and I get sockets error too.
-
when i run try.nodebb.org via my tor browser , everything seems ok
-
But I don't have socket errors on my forum with 3.1.4 version.
-
@NikolaiPatrushev said in socket.io and Tor problematic to run:
when i run try.nodebb.org via my tor browser , everything seems ok
I don't understand what the problem is, but my mistakes also disappeared...
-
@brazzerstop Do you run your forum in Tor? How do you generate those csrf tokens?
Soon, there will be out version 3.1.5 and then 3.2 , it would be interesting to know if my issues with socket.io addressed, i look into git and saw some commits , we just need to wait and test. -
It will be better if you will not wait. Ask questions to the Tor community, they know their browser better and can tell you how these errors could be caused and what nginx configuration can be used to fix it.
-
So finally i figure it out and i run latest version of nodebb, there were problems with my build!
Due to one outdated optional plugin shxxt, yes it did got messy , i back up my uploads directory and deleted whole nodebb directory and then done git clone from the latest upstream of v3.x branch, then copied old upload directory and json.config back, still i feel uneasy about whole socket.io stuff.
Besides of that i think that it will be good idea to make better control of plugins like some script which checks after new plugin build if nodebb.min.js generated , because in my case one of plugins did actually broken the build of nodebb.min.js , it wasn't generated at all and i didn't seen any warnings about it.
Yes the nodebb version 3.1.4 works in Tor too, but let me point that Nginx configuration still a potential source of errors and i spent some quality time setting this up, again and again -
You probably didn't need to completely reinstall but if it works it works.
A failed build should be reported when you click the "Rebuild and Restart" button.
There's not much we can do about nginx.
-
On the debate of WS vs Socket io :
The guy who wrote Socket io seems to have a track record of over complicating things ! ... he went on to make Nextjs ... Off topic but I am so glad NodeBB doesnt use React, or Nextjs!
Anyway socket io isnt as complex as Nextjs, so maybe its a closer call.
In general, my preference is for using fewer frameworks and libraries, rather than more.