Home Explore Help
Sign In
fphammerle
/
docker-onion-service
mirror of https://github.com/fphammerle/docker-onion-service
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

healthcheck: probe network-liveness instead of tcp scanning

Fabian Peter Hammerle 4 years ago
parent
bffedd5a55
commit
ebe1fc1364
4 changed files with 21 additions and 9 deletions
Split View Show Diff Stats
  1. 11 0
      CHANGELOG.md
  2. 4 6
      Dockerfile
  3. 1 0
      entrypoint.sh
  4. 5 3
      torrc.template

+ 11 - 0
CHANGELOG.md
View File 

@@ -5,6 +5,17 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
 ## [Unreleased]
 
+### Changed
 
+- healthcheck: probe [network-liveness](https://gitweb.torproject.org/torspec.git/tree/control-spec.txt)
 
+  instead of tcp scanning via socks proxy
 
+- changed log level of `control` domain to `warn`
 
+  (to avoid log spam by healthcheck connecting to control listener)
 
+- added message domains to log messages
 
+
 
+### Removed
 
+- disabled socks proxy
 
+- `netcat-openbsd` package
 
+  (busybox implementation sufficient for new healthcheck)
 
 
 ## [2.0.0] - 2020-10-01
 
 ### Added

+ 4 - 6
Dockerfile
View File 

@@ -1,10 +1,7 @@
 
 FROM alpine:3.12
 
 
-ARG NETCAT_PACKAGE_VERSION=1.130-r1
 
 ARG TOR_PACKAGE_VERSION=0.4.3.5-r0
 
-RUN apk add --no-cache \
 
-        netcat-openbsd=$NETCAT_PACKAGE_VERSION \
 
-        tor=$TOR_PACKAGE_VERSION \
 
+RUN apk add --no-cache tor=$TOR_PACKAGE_VERSION \
 
     && mkdir -m u=rwx,g=,o= /onion-service \
 
     && chown tor /onion-service
 
 VOLUME /var/lib/tor
 
@@ -26,6 +23,7 @@ ENTRYPOINT ["/entrypoint.sh"]
 
 USER tor
 
 CMD ["tor", "-f", "/tmp/torrc"]
 
 
+# https://gitweb.torproject.org/torspec.git/tree/control-spec.txt
 
 HEALTHCHECK CMD \
 
-    nc -x localhost:9050 -z "$(cat /onion-service/hostname)" "$VIRTUAL_PORT" \
 
-    || exit 1
 
+    printf "AUTHENTICATE\nGETINFO network-liveness\nQUIT\n" | nc localhost 9051 \
 
+        | grep -q network-liveness=up || exit 1

+ 1 - 0
entrypoint.sh
View File 

@@ -2,6 +2,7 @@
 
 
 set -eux
 
 
+# alternative: https://pkgs.alpinelinux.org/contents?file=envsubst&path=&name=&branch=v3.12
 
 sed -e "s#{version}#$VERSION#" \
 
     -e "s#{virtual_port}#$VIRTUAL_PORT#" \
 
     -e "s#{target}#$TARGET#" \

+ 5 - 3
torrc.template
View File 

@@ -1,4 +1,7 @@
 
-Log notice stdout
 
+# hide healthchecks:
 
+# > [notice] {CONTROL} New control connection opened from 127.0.0.1.
 
+Log [~control]notice warn stdout
 
+LogMessageDomains 1
 
 
 # default: ~/.tor
 
 DataDirectory /var/lib/tor
 
@@ -6,8 +9,7 @@ DataDirectory /var/lib/tor
 
 # https://gitweb.torproject.org/torspec.git/tree/control-spec.txt
 
 ControlPort localhost:9051
 
 
-# healthcheck
 
-SocksPort 9050
 
+SocksPort 0
 
 
 # https://www.torproject.org/docs/tor-onion-service
 
 HiddenServiceDir /onion-service