Use unix sockets for Onion=>nginx connections

DOCS/configuration.md

@@ -214,9 +214,9 @@ Network port where nginx listens. The common default port is `443`.
 
 IP address where nginx listens. May be the same as `ipv6_address` and `ipv4_address`, or `[::]` and `0.0.0.0` to listen on every address available.
 
-### `internal_onion_http_port`
+### `http_onion_socket`
 
-The port of `[::1]` set in Tor and nginx configuration files when creating an Onion service.
+Filesystem path to the unix socket created by nginx and listening for incoming Onion services connections. (Used in Tor and nginx configuration files when creating an Onion service.)
 
 ### `user_quota_testing`, `user_quota_approved`
 

config.ini

@@ -72,7 +72,7 @@ public_sftp_port = 2022
 https_port = 42443
 ipv6_listen_address = "::1"
 ipv4_listen_address = "127.0.0.1"
-internal_onion_http_port = 9080
+http_onion_socket = "/run/servnest/nginx.sock"
 
 user_quota_testing = 20971520
 user_quota_approved = 209715200

pg-act/ht/add-onion.php

@@ -7,7 +7,7 @@ rateLimit();
 
 // Add Tor config
 $torConf = 'HiddenServiceDir ' . CONF['ht']['tor_keys_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . '/
-HiddenServicePort 80 [::1]:' . CONF['ht']['internal_onion_http_port'] . '
+HiddenServicePort 80 unix:' . CONF['ht']['http_onion_socket'] . '
 ';
 if (file_put_contents(CONF['ht']['tor_config_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'], $torConf) === false)
 	output(500, 'Failed to write new Tor configuration.');
@@ -28,7 +28,7 @@ addSite($_SESSION['id'], $_POST['dir'], $onion, 'onion');
 
 // Add Nginx config
 $nginxConf = 'server {
-	listen [::1]:' . CONF['ht']['internal_onion_http_port'] . ';
+	listen unix:' . CONF['ht']['http_onion_socket'] . ';
 	server_name ' . $onion . ';
 	root ' . CONF['ht']['ht_path'] . '/' . $_SESSION['id'] . '/' . $_POST['dir'] . ';