Browse Source

onion service -> tor socks & dns proxy

Fabian Peter Hammerle 5 years ago
parent
commit
0488f0b019
7 changed files with 74 additions and 62 deletions
  1. 12 0
      CHANGELOG.md
  2. 23 17
      Dockerfile
  3. 17 26
      README.md
  4. 15 0
      docker-compose.yml
  5. 0 10
      entrypoint.sh
  6. 7 0
      torrc
  7. 0 9
      torrc.template

+ 12 - 0
CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+### Added
+- Tor Socks5 & DNS proxy
+
+[Unreleased]: https://github.com/fphammerle/docker-tor-proxy/compare/1.0.0...HEAD
+[0.1.0]: https://github.com/fphammerle/docker-tor-proxy/releases/tag/1.0.0

+ 23 - 17
Dockerfile

@@ -1,22 +1,28 @@
-FROM alpine:3.8
+FROM alpine:3.10
 
-RUN apk add --no-cache tor
+ARG CURL_PACKAGE_VERSION=7.66.0-r0
+ARG BIND_TOOLS_PACKAGE_VERSION=9.14.3-r0
+ARG TOR_PACKAGE_VERSION=0.4.1.6-r0
+ARG TOR_PACKAGE_REPOSITORY=http://dl-cdn.alpinelinux.org/alpine/edge/community
+RUN adduser -S onion \
+    && apk add --no-cache \
+        curl=$CURL_PACKAGE_VERSION \
+        bind-tools=$BIND_TOOLS_PACKAGE_VERSION `# dig` \
+    && apk add --no-cache --repository $TOR_PACKAGE_REPOSITORY \
+        tor=$TOR_PACKAGE_VERSION
 
-RUN adduser -S onion
-RUN mkdir -m u=rwx,g=,o= /onion-service && chown onion /onion-service
-VOLUME /onion-service
+# RUN apk add --no-cache man less \
+#     && apk add --no-cache tor-doc=$TOR_PACKAGE_VERSION \
+#        --repository $TOR_PACKAGE_REPOSITORY
+# ENV PAGER=less
 
-COPY torrc.template /
-RUN chmod a+r /torrc.template
+EXPOSE 9050/tcp
+EXPOSE 53/udp
+COPY torrc /etc/tor/torrc
 
-ENV VERSION 3
-ENV VIRTUAL_PORT 80
-ENV TARGET 127.0.0.1:8080
+CMD ["tor"]
 
-COPY entrypoint.sh /
-RUN chmod a+rx /entrypoint.sh
-ENTRYPOINT ["/entrypoint.sh"]
-
-USER onion
-
-CMD ["tor", "-f", "/tmp/torrc"]
+HEALTHCHECK CMD \
+    curl --silent --socks5 localhost:9050 https://google.com > /dev/null \
+    && [ ! -z "$(dig +notcp +short one.one.one.one @localhost)" ] \
+    || exit 1

+ 17 - 26
README.md

@@ -1,37 +1,28 @@
-# docker: hidden tor .onion service 🐳
+# docker: tor socks & dns proxy 🐳
 
-repo: https://github.com/fphammerle/docker-onion-service
+docker hub: https://hub.docker.com/r/fphammerle/tor-proxy
 
-docker hub: https://hub.docker.com/r/fphammerle/onion-service
-
-defaults to creating a [v3](https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions) service
-
-## example 1
+signed tags: https://github.com/fphammerle/tor-proxy/tags
 
 ```sh
-$ docker run --name onion-service \
-    -e VIRTUAL_PORT=80 -e TARGET=1.2.3.4:8080 \
-    fphammerle/onion-service
+$ docker run --rm --name tor-proxy \
+    -p 127.0.0.1:9050:9050/tcp \
+    -p 127.0.0.1:53:53/udp \
+    fphammerle/tor-proxy
 ```
 
-## example 2
-
+or after cloning the repository:
 ```sh
-$ docker create --name onion-service \
-    --env VERSION=3 \
-    --env VIRTUAL_PORT=80 \
-    --env TARGET=1.2.3.4:8080 \
-    --volume onion-key:/onion-service \
-    --restart unless-stopped \
-    --cap-drop all --security-opt no-new-privileges \
-    fphammerle/onion-service:latest
-
-$ docker start onion-service
+$ docker-compose up
 ```
 
-## retrieve hostname
-
+test proxies:
 ```sh
-$ docker exec onion-service cat /onion-service/hostname
-abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrst.onion
+$ curl --socks5 localhost:9050 ipinfo.io
+$ torsocks wget -O - ipinfo.io
+$ torsocks lynx -dump https://check.torproject.org/
+$ dig @localhost fabian.hammerle.me
+$ ssh -o 'ProxyCommand nc -x localhost:9050 -v %h %p' abcdefghi.onion
+# no anonymity!
+$ chromium-browser --proxy-server=socks5://localhost:9050 ipinfo.io
 ```

+ 15 - 0
docker-compose.yml

@@ -0,0 +1,15 @@
+version: '2.2'
+
+services:
+  tor_proxy:
+    build: .
+    image: fphammerle/tor-proxy
+    ports:
+    - '127.0.0.1:9050:9050/tcp'
+    - '127.0.0.1:53:53/udp'
+    security_opt: ['no-new-privileges']
+    restart: unless-stopped
+    cpus: 0.5
+    mem_limit: 128m
+
+# https://docs.docker.com/compose/compose-file/compose-file-v2/

+ 0 - 10
entrypoint.sh

@@ -1,10 +0,0 @@
-#!/bin/sh
-
-set -ex
-
-sed -e "s#{version}#$VERSION#" \
-    -e "s#{virtual_port}#$VIRTUAL_PORT#" \
-    -e "s#{target}#$TARGET#" \
-    /torrc.template >/tmp/torrc
-
-exec "$@"

+ 7 - 0
torrc

@@ -0,0 +1,7 @@
+Log notice stdout
+
+SocksPort 0.0.0.0:9050
+DNSPort 0.0.0.0:53
+
+# try to
+HardwareAccel 1

+ 0 - 9
torrc.template

@@ -1,9 +0,0 @@
-Log notice stdout
-
-# disable socks proxy
-SOCKSPort 0
-
-# https://www.torproject.org/docs/tor-onion-service
-HiddenServiceDir /onion-service
-HiddenServiceVersion {version}
-HiddenServicePort {virtual_port} {target}