4 年之前 · ebe1fc1364
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
				 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
			
 
				 
			
 
				 ## [Unreleased]
			
 
				+### Changed
			
 
				+- healthcheck: probe [network-liveness](https://gitweb.torproject.org/torspec.git/tree/control-spec.txt)
			
 
				+  instead of tcp scanning via socks proxy
			
 
				+- changed log level of `control` domain to `warn`
			
 
				+  (to avoid log spam by healthcheck connecting to control listener)
			
 
				+- added message domains to log messages
			
 
				+
			
 
				+### Removed
			
 
				+- disabled socks proxy
			
 
				+- `netcat-openbsd` package
			
 
				+  (busybox implementation sufficient for new healthcheck)
			
 
				 
			
 
				 ## [2.0.0] - 2020-10-01
			
 
				 ### Added
			
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,10 +1,7 @@
 
				 FROM alpine:3.12
			
 
				 
			
 
				-ARG NETCAT_PACKAGE_VERSION=1.130-r1
			
 
				 ARG TOR_PACKAGE_VERSION=0.4.3.5-r0
			
 
				-RUN apk add --no-cache \
			
 
				-        netcat-openbsd=$NETCAT_PACKAGE_VERSION \
			
 
				-        tor=$TOR_PACKAGE_VERSION \
			
 
				+RUN apk add --no-cache tor=$TOR_PACKAGE_VERSION \
			
 
				     && mkdir -m u=rwx,g=,o= /onion-service \
			
 
				     && chown tor /onion-service
			
 
				 VOLUME /var/lib/tor
			
@@ -26,6 +23,7 @@ ENTRYPOINT ["/entrypoint.sh"]
 
				 USER tor
			
 
				 CMD ["tor", "-f", "/tmp/torrc"]
			
 
				 
			
 
				+# https://gitweb.torproject.org/torspec.git/tree/control-spec.txt
			
 
				 HEALTHCHECK CMD \
			
 
				-    nc -x localhost:9050 -z "$(cat /onion-service/hostname)" "$VIRTUAL_PORT" \
			
 
				-    || exit 1
			
 
				+    printf "AUTHENTICATE\nGETINFO network-liveness\nQUIT\n" | nc localhost 9051 \
			
 
				+        | grep -q network-liveness=up || exit 1
			
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -2,6 +2,7 @@
 
				 
			
 
				 set -eux
			
 
				 
			
 
				+# alternative: https://pkgs.alpinelinux.org/contents?file=envsubst&path=&name=&branch=v3.12
			
 
				 sed -e "s#{version}#$VERSION#" \
			
 
				     -e "s#{virtual_port}#$VIRTUAL_PORT#" \
			
 
				     -e "s#{target}#$TARGET#" \
			
--- a/torrc.template
+++ b/torrc.template
@@ -1,4 +1,7 @@
 
				-Log notice stdout
			
 
				+# hide healthchecks:
			
 
				+# > [notice] {CONTROL} New control connection opened from 127.0.0.1.
			
 
				+Log [~control]notice warn stdout
			
 
				+LogMessageDomains 1
			
 
				 
			
 
				 # default: ~/.tor
			
 
				 DataDirectory /var/lib/tor
			
@@ -6,8 +9,7 @@ DataDirectory /var/lib/tor
 
				 # https://gitweb.torproject.org/torspec.git/tree/control-spec.txt
			
 
				 ControlPort localhost:9051
			
 
				 
			
 
				-# healthcheck
			
 
				-SocksPort 9050
			
 
				+SocksPort 0
			
 
				 
			
 
				 # https://www.torproject.org/docs/tor-onion-service
			
 
				 HiddenServiceDir /onion-service