Browse Source

added option to enable non-anonymous single hop mode

Fabian Peter Hammerle 1 week ago
parent
commit
14f8bdb506
6 changed files with 21 additions and 2 deletions
  1. 2 0
      CHANGELOG.md
  2. 1 0
      Dockerfile
  3. 12 0
      README.md
  4. 2 1
      ansible-playbook.yml
  5. 2 1
      docker-compose.yml
  6. 2 0
      torrc.template

+ 2 - 0
CHANGELOG.md

@@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 ### Added
+- option `NON_ANONYMOUS_SINGLE_HOP_MODE=1` to enable non-anonymous single hop mode
+  (direct circuits to introduction & rendezvous points)
 - ansible playbook: limit container's cpu usage
 
 ### Changed

+ 1 - 0
Dockerfile

@@ -21,6 +21,7 @@ RUN chmod -c a+rX /torrc.template /entrypoint.sh
 ENV VERSION 3
 ENV VIRTUAL_PORT 80
 ENV TARGET 1.2.3.4:8080
+ENV NON_ANONYMOUS_SINGLE_HOP_MODE 0
 ENTRYPOINT ["/entrypoint.sh"]
 
 USER tor

+ 12 - 0
README.md

@@ -40,6 +40,18 @@ to make the container's root filesystem read only
 $ sudo docker exec onion_service cat /onion-service/hostname
 abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrst.onion
 ```
+
+## single-hop mode
+
+in single-hop mode connections from the onion service
+to introduction & rendezvous points will be direct
+and thus no longer anonymous:
+```sh
+$ sudo docker run -e NON_ANONYMOUS_SINGLE_HOP_MODE=1 …
+```
+
+useful to reduce latency (e.g. clearnet http servers setting `alt-svc` header)
+
 ## show circuits
 
 ```sh

+ 2 - 1
ansible-playbook.yml

@@ -7,8 +7,9 @@
       # tag docker/2.0.0-tor0.4.3.5-amd64
       image: docker.io/fphammerle/onion-service@sha256:4e64c5ddc1115b9c2fb1d6ea6ce6ac3cf77fbfb048257d9c8c3c71b4765611fb
       env:
-        VIRTUAL_PORT: 80
+        VIRTUAL_PORT: '80'
         TARGET: 1.2.3.4:8080
+        #NON_ANONYMOUS_SINGLE_HOP_MODE: '1'
       volumes:
       - onion_service_data:/var/lib/tor
       - onion_service_key:/onion-service

+ 2 - 1
docker-compose.yml

@@ -24,7 +24,8 @@ services:
     read_only: yes
     environment:
       VIRTUAL_PORT: 80
-      TARGET: 1.2.3.4:8080
+      TARGET: 1.1.1.1:80
+      #NON_ANONYMOUS_SINGLE_HOP_MODE: 1
     cap_drop: [ALL]
     security_opt: [no-new-privileges]
     cpus: 0.5

+ 2 - 0
torrc.template

@@ -15,6 +15,8 @@ SocksPort 0
 HiddenServiceDir /onion-service
 HiddenServiceVersion $VERSION
 HiddenServicePort $VIRTUAL_PORT $TARGET
+HiddenServiceSingleHopMode $NON_ANONYMOUS_SINGLE_HOP_MODE
+HiddenServiceNonAnonymousMode $NON_ANONYMOUS_SINGLE_HOP_MODE
 
 # try to
 HardwareAccel 1