onion service -> obfs4 bridge

Dockerfile

@@ -1,18 +1,17 @@
-FROM alpine:3.8
+# https://pkgs.alpinelinux.org/packages?name=obfs4proxy&arch=x86_64
+FROM alpine:3.10
 
-RUN apk add --no-cache tor
-
-RUN adduser -S onion
-RUN mkdir -m u=rwx,g=,o= /onion-service && chown onion /onion-service
-VOLUME /onion-service
+RUN adduser -S onion \
+    && apk add --no-cache tor \
+    && apk add --no-cache obfs4proxy \
+        --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing
 
+ENV OR_PORT=
+ENV PT_PORT=
+ENV CONTACT_INFO=
 COPY torrc.template /
 RUN chmod a+r /torrc.template
 
-ENV VERSION 3
-ENV VIRTUAL_PORT 80
-ENV TARGET 127.0.0.1:8080
-
 COPY entrypoint.sh /
 RUN chmod a+rx /entrypoint.sh
 ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -1,37 +1,21 @@
-# docker: hidden tor .onion service 🐳
+# docker: tor obfs4 bridge 🐳
 
-repo: https://github.com/fphammerle/docker-onion-service
+ansible port of https://dip.torproject.org/torproject/anti-censorship/docker-obfs4-bridge
 
-docker hub: https://hub.docker.com/r/fphammerle/onion-service
+## usage
 
-defaults to creating a [v3](https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions) service
+select a random `$OR_PORT` and `$PT_PORT`
 
-## example 1
+(see `/proc/sys/net/ipv4/ip_local_port_range` for range)
 
 ```sh
-$ docker run --name onion-service \
-    -e VIRTUAL_PORT=80 -e TARGET=1.2.3.4:8080 \
-    fphammerle/onion-service
+docker run --name tor_obfs4_bridge \
+    -e OR_PORT=42218 -p 42218:42218 \
+    -e PT_PORT=51804 -p 51804:51804 \
+    -e CONTACT_INFO=admin@optional.com \
+    fphammerle/tor-obfs4-bridge
 ```
 
-## example 2
+# further reading
 
-```sh
-$ docker create --name onion-service \
-    --env VERSION=3 \
-    --env VIRTUAL_PORT=80 \
-    --env TARGET=1.2.3.4:8080 \
-    --volume onion-key:/onion-service \
-    --restart unless-stopped \
-    --cap-drop all --security-opt no-new-privileges \
-    fphammerle/onion-service:latest
-
-$ docker start onion-service
-```
-
-## retrieve hostname
-
-```sh
-$ docker exec onion-service cat /onion-service/hostname
-abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrst.onion
-```
+https://community.torproject.org/relay/setup/bridge/

entrypoint.sh

@@ -1,10 +1,15 @@
 #!/bin/sh
 
-set -ex
+set -e
 
-sed -e "s#{version}#$VERSION#" \
-    -e "s#{virtual_port}#$VIRTUAL_PORT#" \
-    -e "s#{target}#$TARGET#" \
+[ -z "$OR_PORT" ] && echo '$OR_PORT undefined' && exit 1
+[ -z "$PT_PORT" ] && echo '$PT_PORT undefined' && exit 1
+
+set -x
+
+sed -e "s#{OR_PORT}#$OR_PORT#" \
+    -e "s#{PT_PORT}#$PT_PORT#" \
+    -e "s#{CONTACT_INFO}#$CONTACT_INFO#" \
     /torrc.template >/tmp/torrc
 
 exec "$@"

torrc.template

@@ -3,7 +3,11 @@ Log notice stdout
 # disable socks proxy
 SOCKSPort 0
 
-# https://www.torproject.org/docs/tor-onion-service
-HiddenServiceDir /onion-service
-HiddenServiceVersion {version}
-HiddenServicePort {virtual_port} {target}
+BridgeRelay 1
+ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
+ExtORPort auto
+ORPort {OR_PORT}
+ServerTransportListenAddr obfs4 0.0.0.0:{PT_PORT}
+
+Nickname FPHmmrleObfs4Bridge
+ContactInfo {CONTACT_INFO}