dependabot[bot] 3c432b9d51 build(deps): bump docker/build-push-action from 6.9.0 to 6.10.0 (#108) | 4 days ago | |
---|---|---|
.github | 4 days ago | |
CHANGELOG.md | 1 year ago | |
Dockerfile | 1 month ago | |
Makefile | 2 years ago | |
README.md | 2 years ago | |
ansible-playbook.yml | 4 years ago | |
docker-compose.yml | 2 years ago | |
entrypoint.sh | 4 years ago | |
torrc.template | 4 years ago |
repo: https://github.com/fphammerle/docker-onion-service
docker hub: https://hub.docker.com/r/fphammerle/onion-service/tags
signed tags: https://github.com/fphammerle/docker-onion-service/tags
defaults to creating a v3 service
$ sudo docker run --name onion_service \
-e VIRTUAL_PORT=80 -e TARGET=1.2.3.4:8080 \
fphammerle/onion-service
$ sudo docker create --name onion_service \
--env VERSION=3 \
--env VIRTUAL_PORT=80 \
--env TARGET=1.2.3.4:8080 \
--volume onion-key:/onion-service \
--restart unless-stopped \
--cap-drop all --security-opt no-new-privileges \
fphammerle/onion-service:latest
$ sudo docker start onion_service
optionally add --read-only --tmpfs /tmp:rw,size=4k
to make the container's root filesystem read only
$ sudo docker exec onion_service cat /onion-service/hostname
abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrst.onion
in single-hop mode connections from the onion service to introduction & rendezvous points will be direct and thus no longer anonymous:
$ sudo docker run -e NON_ANONYMOUS_SINGLE_HOP_MODE=1 …
useful to reduce latency (e.g. clearnet http servers setting alt-svc
header)
$ sudo docker exec onion_service \
sh -c 'printf "AUTHENTICATE\nGETINFO circuit-status\nQUIT\n" | nc localhost 9051'
relay search: https://metrics.torproject.org/rs.html
git clone https://github.com/fphammerle/docker-onion-service
docker-compose.yml
sudo docker-compose up --build
onion service protocol overview
ways to publish onion services: