Drop support for onion addresses v2

* Update `onions` tool to v0.7.0 * Update `tor` to `0.4.6.9`
2021-12-24 00:04:37 +01:00 · 2021-12-24 00:04:37 +01:00 · 2fc3b6eb84
commit 2fc3b6eb84
parent d0dd28733d
16 changed files with 568 additions and 831 deletions
--- a/README.md
+++ b/README.md
@ -2,6 +2,13 @@

 [![Build Status](https://travis-ci.org/cmehay/docker-tor-hidden-service.svg?branch=master)](https://travis-ci.org/cmehay/docker-tor-hidden-service)

+## Changelog
+
+* 23 dec 2021
+  * Update `onions` tool to v0.7.0:
+    * Drop support of onion v2 adresses as tor network does not accept them anymore
+  * Update `tor` to `0.4.6.9`
+
 ## Setup

 ### Setup hosts
@ -19,60 +26,34 @@ services:
      - world
      - again
    environment:
-        # Set mapping ports
-        SERVICE1_TOR_SERVICE_HOSTS: 80:hello:80,800:hello:80,8888:hello:80
-        # Set private key
-        SERVICE1_TOR_SERVICE_KEY: |
-            -----BEGIN RSA PRIVATE KEY-----
-            MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C
-            NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH
-            dnFnHEcsllSEqD1hPAAvMUWwSMJaNmBEFtl8DUMS9tPX5fWGX4w5Xx8dZwIDAQAB
-            AoGBAMb20jMHxaZHWg2qTRYYJa8LdHgS0BZxkWYefnBUbZn7dOz7mM+tddpX6raK
-            8OSqyQu3Tc1tB9GjPLtnVr9KfVwhUVM7YXC/wOZo+u72bv9+4OMrEK/R8xy30XWj
-            GePXEu95yArE4NucYphxBLWMMu2E4RodjyJpczsl0Lohcn4BAkEA+XPaEKnNA3AL
-            1DXRpSpaa0ukGUY/zM7HNUFMW3UP00nxNCpWLSBmrQ56Suy7iSy91oa6HWkDD/4C
-            k0HslnMW5wJBANdz4ehByMJZmJu/b5y8wnFSqep2jmJ1InMvd18BfVoBTQJwGMAr
-            +qwSwNXXK2YYl9VJmCPCfgN0o7h1AEzvdYECQAM5UxUqDKNBvHVmqKn4zShb1ugY
-            t1RfS8XNbT41WhoB96MT9P8qTwlniX8UZiwUrvNp1Ffy9n4raz8Z+APNwvsCQQC9
-            AuaOsReEmMFu8VTjNh2G+TQjgvqKmaQtVNjuOgpUKYv7tYehH3P7/T+62dcy7CRX
-            cwbLaFbQhUUUD2DCHdkBAkB6CbB+qhu67oE4nnBCXllI9EXktXgFyXv/cScNvM9Y
-            FDzzNAAfVc5Nmbmx28Nw+0w6pnpe/3m0Tudbq3nHdHfQ
-            -----END RSA PRIVATE KEY-----

        # hello and again will share the same onion v3 address
-        SERVICE2_TOR_SERVICE_HOSTS: 88:again:80,8000:world:80
-        SERVICE2_TOR_SERVICE_VERSION: '3'
+        SERVICE1_TOR_SERVICE_HOSTS: 88:hello:80,8000:world:80
+        # Optional as tor version 2 is not supported anymore
+        SERVICE1_TOR_SERVICE_VERSION: '3'
        # tor v3 address private key base 64 encoded
-        SERVICE2_TOR_SERVICE_KEY: |
+        SERVICE1_TOR_SERVICE_KEY: |
            PT0gZWQyNTUxOXYxLXNlY3JldDogdHlwZTAgPT0AAACArobDQYyZAWXei4QZwr++
            j96H1X/gq14NwLRZ2O5DXuL0EzYKkdhZSILY85q+kfwZH8z4ceqe7u1F+0pQi/sM

-  hello:
-    image: tutum/hello-world
-    hostname: hello
-
  world:
    image: tutum/hello-world
    hostname: world

-  again:
+  hello:
    image: tutum/hello-world
-    hostname: again
+    hostname: hello
 ```

 This configuration will output:

 ```
-service2: xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:88, xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:8000
-service1: 5azvyr7dvvr4cldn.onion:80, 5azvyr7dvvr4cldn.onion:800, 5azvyr7dvvr4cldn.onion:8888
+service1: xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:88, xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:8000
 ```

 `xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:88` will hit `again:80`.
 `xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:8000` will hit `wold:80`.

-`5azvyr7dvvr4cldn.onion:80` will hit `hello:80`.
-`5azvyr7dvvr4cldn.onion:800` will hit `hello:80` too.
-`5azvyr7dvvr4cldn.onion:8888` will hit `hello:80` again.

 #### Environment variables

@ -90,34 +71,17 @@ You can concatenate services using comas.

 ##### `{SERVICE}_TOR_SERVICE_VERSION`

-Can be `2` or `3`. Set the tor address type.
+Optionnal now, can only be `3`. Set the tor address type.

-`2` gives short addresses `5azvyr7dvvr4cldn.onion` and `3` long addresses `xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion`
+> **WARNING**: Version 2 is not supported anymore by tor network
+
+`2` was giving short addresses `5azvyr7dvvr4cldn.onion` and `3` gives long addresses `xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion`


 ##### `{SERVICE}_TOR_SERVICE_KEY`

 You can set the private key for the current service.

-Tor v2 addresses uses RSA PEM keys like:
-```
-----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C
-NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH
-dnFnHEcsllSEqD1hPAAvMUWwSMJaNmBEFtl8DUMS9tPX5fWGX4w5Xx8dZwIDAQAB
-AoGBAMb20jMHxaZHWg2qTRYYJa8LdHgS0BZxkWYefnBUbZn7dOz7mM+tddpX6raK
-8OSqyQu3Tc1tB9GjPLtnVr9KfVwhUVM7YXC/wOZo+u72bv9+4OMrEK/R8xy30XWj
-GePXEu95yArE4NucYphxBLWMMu2E4RodjyJpczsl0Lohcn4BAkEA+XPaEKnNA3AL
-1DXRpSpaa0ukGUY/zM7HNUFMW3UP00nxNCpWLSBmrQ56Suy7iSy91oa6HWkDD/4C
-k0HslnMW5wJBANdz4ehByMJZmJu/b5y8wnFSqep2jmJ1InMvd18BfVoBTQJwGMAr
-+qwSwNXXK2YYl9VJmCPCfgN0o7h1AEzvdYECQAM5UxUqDKNBvHVmqKn4zShb1ugY
-t1RfS8XNbT41WhoB96MT9P8qTwlniX8UZiwUrvNp1Ffy9n4raz8Z+APNwvsCQQC9
-AuaOsReEmMFu8VTjNh2G+TQjgvqKmaQtVNjuOgpUKYv7tYehH3P7/T+62dcy7CRX
-cwbLaFbQhUUUD2DCHdkBAkB6CbB+qhu67oE4nnBCXllI9EXktXgFyXv/cScNvM9Y
-FDzzNAAfVc5Nmbmx28Nw+0w6pnpe/3m0Tudbq3nHdHfQ
-----END RSA PRIVATE KEY-----
-```
-
 Tor v3 addresses uses ed25519 binary keys. It should be base64 encoded:
 ```
 PT0gZWQyNTUxOXYxLXNlY3JldDogdHlwZTAgPT0AAACArobDQYyZAWXei4QZwr++j96H1X/gq14NwLRZ2O5DXuL0EzYKkdhZSILY85q+kfwZH8z4ceqe7u1F+0pQi/sM
@ -153,12 +117,12 @@ A command line tool `onions` is available in container to get `.onion` url when
 ```sh
 # Get services
 $ docker exec -ti torhiddenproxy_tor_1 onions
-hello: vegm3d7q64gutl75.onion:80
-world: b2sflntvdne63amj.onion:80
+hello: xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:80
+world: .onion:80

 # Get json
 $ docker exec -ti torhiddenproxy_tor_1 onions --json
-{"hello": ["b2sflntvdne63amj.onion:80"], "world": ["vegm3d7q64gutl75.onion:80"]}
+{"hello": ["xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:80"], "world": ["ootceq7skq7qpvvwf2tajeboxovalco7z3ka44vxbtfdr2tfvx5ld7ad.onion:80"]}
 ```

 ### Auto reload
@ -175,8 +139,6 @@ Container version will follow tor release versions.

 This container uses [`pyentrypoint`](https://github.com/cmehay/pyentrypoint) to generate its setup.

-If you need to use the legacy version, please checkout the `legacy` branch or pull `goldy/tor-hidden-service:legacy`.
-
 ### pytor

 This containner uses [`pytor`](https://github.com/cmehay/pytor) to mannages tor cryptography, generate keys and compute onion urls.
@ -225,131 +187,3 @@ The following settings cannot me changer with this variable:
   - use `TOR_CONTROL_PASSWORD`
 - `state_file`:
   - use `VANGUARDS_STATE_FILE`
-
-# Legacy deprecated doc
-
-> **WARNING**: ALL THE DOC BELLOW IS LEGACY, IT'S STILL WORKING BUT IT'S NOT RECOMMENDED ANYMORE AND COULD BE DROPPED IN FUTURE RELEASES.
-
-### Create a tor hidden service with a link
-
-```sh
-# run a container with a network application
-$ docker run -d --name hello_world tutum/hello-world
-
-# and just link it to this container
-$ docker run -ti --link hello_world goldy/tor-hidden-service
-```
-
-The .onion URLs are displayed to stdout at startup.
-
-To keep onion keys, just mount volume `/var/lib/tor/hidden_service/`
-
-```sh
-$ docker run -ti --link something --volume /path/to/keys:/var/lib/tor/hidden_service/ goldy/tor-hidden-service
-```
-
-Look at the `docker-compose.yml` file to see how to use it.
-
-### Set private key
-
-Private key is settable by environment or by copying file in `hostname/private_key` in docker volume (`hostname` is the link name).
-
-It's easier to pass key in environment with `docker-compose`.
-
-```yaml
-    links:
-      - hello
-      - world
-    environment:
-        # Set private key
-        HELLO_KEY: |
-            -----BEGIN RSA PRIVATE KEY-----
-            MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C
-            NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH
-            dnFnHEcsllSEqD1hPAAvMUWwSMJaNmBEFtl8DUMS9tPX5fWGX4w5Xx8dZwIDAQAB
-            AoGBAMb20jMHxaZHWg2qTRYYJa8LdHgS0BZxkWYefnBUbZn7dOz7mM+tddpX6raK
-            8OSqyQu3Tc1tB9GjPLtnVr9KfVwhUVM7YXC/wOZo+u72bv9+4OMrEK/R8xy30XWj
-            GePXEu95yArE4NucYphxBLWMMu2E4RodjyJpczsl0Lohcn4BAkEA+XPaEKnNA3AL
-            1DXRpSpaa0ukGUY/zM7HNUFMW3UP00nxNCpWLSBmrQ56Suy7iSy91oa6HWkDD/4C
-            k0HslnMW5wJBANdz4ehByMJZmJu/b5y8wnFSqep2jmJ1InMvd18BfVoBTQJwGMAr
-            +qwSwNXXK2YYl9VJmCPCfgN0o7h1AEzvdYECQAM5UxUqDKNBvHVmqKn4zShb1ugY
-            t1RfS8XNbT41WhoB96MT9P8qTwlniX8UZiwUrvNp1Ffy9n4raz8Z+APNwvsCQQC9
-            AuaOsReEmMFu8VTjNh2G+TQjgvqKmaQtVNjuOgpUKYv7tYehH3P7/T+62dcy7CRX
-            cwbLaFbQhUUUD2DCHdkBAkB6CbB+qhu67oE4nnBCXllI9EXktXgFyXv/cScNvM9Y
-            FDzzNAAfVc5Nmbmx28Nw+0w6pnpe/3m0Tudbq3nHdHfQ
-            -----END RSA PRIVATE KEY-----
-
-```
-
-Options are set using the following pattern: `LINKNAME_KEY`
-
-### Setup port
-
-
-__Caution__: Using `PORT_MAP` with multiple ports on single service will cause `tor` to fail.
-
-Use link setting in environment with the following pattern: `LINKNAME_PORTS`.
-
-Like docker, first port is exposed port and the second one is service internal port.
-
-```yaml
-links:
-  - hello
-  - world
-  - hey
-environment:
-    # Set mapping ports
-    HELLO_PORTS: 80:80
-
-    # Multiple ports can be coma separated
-    WORLD_PORTS: 8000:80,8888:80,22:22
-
-    # Socket mapping is supported
-    HEY_PORTS: 80:unix:/var/run/socket.sock
-
-```
-
-__DEPRECATED:__
-By default, ports are the same as linked containers, but a default port can be mapped using `PORT_MAP` environment variable.
-
-#### Socket
-
-To increase security, it's possible to setup your service through socket between containers and turn off network in your app container. See `docker-compose.v2.sock.yml` for an example.
-
-__Warning__: Due to a bug in `tor` configuration parser, it's not possible to mix network link and socket link in the same `tor` configuration.
-
-### Group services
-
-Multiple services can be hosted behind the same onion address.
-
-```yaml
-links:
-  - hello
-  - world
-  - hey
-environment:
-    # Set mapping ports
-    HELLO_PORTS: 80:80
-
-    # Multiple ports can be coma separated
-    WORLD_PORTS: 8000:80,8888:80,22:22
-
-    # Socket mapping is supported
-    HEY_PORTS: 80:unix:/var/run/socket.sock
-
-    # hello and world will share the same onion address
-    # Service name can be any string as long there is not special char
-    HELLO_SERVICE_NAME: foo
-    WORLD_SERVICE_NAME: foo
-
-```
-
-__Warning__: Be carefull to not use the same exposed ports for grouped services.
-
-### Compose v2 support
-
-Links setting are required when using docker-compose v2. See `docker-compose.v2.yml` for example.
-
-### Copose v3 support and secrets
-
-Links setting are required when using docker-compose v3. See `docker-compose.v3.yml` for example.