This is a guide for altering or debugging issues with Moat. For more details on how Moat works and is deployed, see the Moat documentation.
Right now Moat is deployed on Microsoft Azure.
Troubleshooting the domain fronting configuration
Test if you can reach our meek server (which runs on polyanthum) through the Azure infrastructure:
$ wget -q -O - https://ajax.aspnetcdn.com/ --header 'Host: onion.azureedge.net' I’m just a happy little web server.
If you don't see this message, the problem is likely somewhere in Azure.
And the Fastly infrastructure:
$ wget -q -O - https://cdn.sstatic.net --header 'Host: moat.torproject.org.global.prod.fastly.net' I’m just a happy little web server.
If you don't see this message, the problem is likely somewhere in Fastly.
Take a look at our Azure CDN configuration in portal.azure.com or the Fastly account at fastly.com
Setting up a new domain front
If you are setting up a new domain front for Moat, you can point it towards either https://bridges.torproject.org/meek, or if the CDN does not allow you to forward to URLS, to https://moat.torproject.org.
You will also need to update the client side in Tor Browser. Moat is configured in tor-launcher. Once that has been updated, you can pull the latest changes in the Tor Browser build process.
Troubleshooting the Moat server
Moat consists of a meek server, some apache2 configs, and a BridgeDB distributor. The meek server listens on 127.0.0.1:2000 and is started by the run-meek script.
ProxyPass rules in
/etc/apache2/sites-available/bridges.torproject.org.conf on polyanthum to forward requests to https://bridges.torproject.org/meek and https://moat.torproject.org to http://127.0.0.1:2000/.
Useful apache logs can be found in
The BridgeDB Moat distributor listens on port 3881, as set in the BridgeDB configuration file
MOAT_HTTP_PORT = 3881 and a corresponding ProxyPass rule is set up to direct requests from the meek tunnel:
ProxyPass /moat/ http://127.0.0.1:3881/moat/