No Description

dependabot[bot] 4fda3d1452 build(deps): bump docker/build-push-action from 6.3.0 to 6.4.1 (#93) 6 days ago
.github 4fda3d1452 build(deps): bump docker/build-push-action from 6.3.0 to 6.4.1 (#93) 6 days ago 191c37fcf0 install new `gettext-envsubst` package instead of `gettext` (to remove unused components from image) 1 year ago
Dockerfile e2fb23747c build(deps): bump alpine from 3.20.0 to 3.20.1 (#86) 1 month ago
Makefile f56fd5bc3e make: add target "docker-manifest-push" 2 years ago c29205fb47 readme: fix link 2 years ago
ansible-playbook.yml b5f31829c8 ansible playbook: upgrade image 3 years ago
docker-compose.yml a022c7878d docker-compose: remove ineffective/breaking (depending on compose version) option `tmpfs.mode` 2 years ago 869b5f4d10 fill torrc template with envsubst 3 years ago
torrc.template 14f8bdb506 added option to enable non-anonymous single hop mode 3 years ago

docker: hidden tor .onion service 🐳


docker hub:

signed tags:

defaults to creating a v3 service

example 1

$ sudo docker run --name onion_service \
    -e VIRTUAL_PORT=80 -e TARGET= \

example 2

$ sudo docker create --name onion_service \
    --env VERSION=3 \
    --env VIRTUAL_PORT=80 \
    --env TARGET= \
    --volume onion-key:/onion-service \
    --restart unless-stopped \
    --cap-drop all --security-opt no-new-privileges \

$ sudo docker start onion_service

optionally add --read-only --tmpfs /tmp:rw,size=4k to make the container's root filesystem read only

retrieve hostname

$ sudo docker exec onion_service cat /onion-service/hostname

single-hop mode

in single-hop mode connections from the onion service to introduction & rendezvous points will be direct and thus no longer anonymous:

$ sudo docker run -e NON_ANONYMOUS_SINGLE_HOP_MODE=1 …

useful to reduce latency (e.g. clearnet http servers setting alt-svc header)

show circuits

$ sudo docker exec onion_service \
    sh -c 'printf "AUTHENTICATE\nGETINFO circuit-status\nQUIT\n" | nc localhost 9051'

relay search:

docker-compose 🐙

  1. git clone
  2. edit docker-compose.yml
  3. sudo docker-compose up --build

further reading

onion service protocol overview

operational security


ways to publish onion services: