From a369dd48a4ac22ad420e866e7f11883a41052fd7 Mon Sep 17 00:00:00 2001
From: wander <wander@unfilteredrealm.com>
Date: Sat, 7 Feb 2026 00:26:21 -0500
Subject: [PATCH] Enable network_mode: host to fix connectivity issues

---
 docker-compose.yml | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index dc39467..ddc252f 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,14 +4,18 @@ services:
     build: .
     image: docker-tor-hidden-service:latest
     container_name: tor-service
+    user: "0:0"
     restart: unless-stopped
+    network_mode: host
     environment:
       # Format: ExternalPort:ContainerName:InternalPort
-      - HIDDEN_SERVICE_HOSTS=80:web:80
+      # Since we are on host network, 'web' hostname won't resolve via Docker DNS.
+      # We must point to localhost if nginx is also on host network.
+      - HIDDEN_SERVICE_HOSTS=80:localhost:80
       - TOR_CONTROL_PASSWORD=secure_password
-    ports:
-      - "9051:9051"
-      - "9050:9050"
+    # ports:  <-- Not needed in host mode
+    #   - "9051:9051"
+    #   - "9050:9050"
     volumes:
       - ./tor-data:/var/lib/tor/:z
     depends_on:
@@ -22,6 +26,7 @@ services:
     image: nginx:alpine
     container_name: my-website
     restart: unless-stopped
+    network_mode: host
 
   # Vanguards Service - Sidecar
   vanguards:
@@ -30,8 +35,10 @@ services:
     container_name: vanguards-sidecar
     user: "0:0"
     restart: unless-stopped
+    network_mode: host
     # The 'vanguards' first word triggers the logic in your entrypoint.sh
-    command: vanguards --control_ip tor-service --control_port 9051 --control_pass secure_password
+    # Connect to localhost since we share the network stack
+    command: vanguards --control_ip localhost --control_port 9051 --control_pass secure_password
     depends_on:
       - tor
     volumes: