add multi-arch support, and decouple vanguards

Dockerfile

@@ -1,68 +1,47 @@
-FROM    python:3.10-alpine
+FROM python:3.11-alpine
 
-# if omitted, the versions are determined from the git tags
+ENV HOME=/var/lib/tor
-ARG     tor_version
+ENV VANGUARDS_CONFIG=/etc/tor/vanguards.conf
-ARG     torsocks_version
 
-ENV     HOME /var/lib/tor
+# Install runtime dependencies
-ENV     POETRY_VIRTUALENVS_CREATE=false
+# tor and torsocks are available in Alpine edge/community repos
+RUN apk add --no-cache \
+        tor \
+        torsocks \
+        libevent \
+        openssl \
+        ca-certificates \
+        libffi \
+    && mkdir -p /var/lib/tor/hidden_service/ \
+    && chown -R tor:root /var/lib/tor
 
-RUN     apk add --no-cache git bind-tools cargo libevent-dev openssl-dev gnupg gcc make automake ca-certificates autoconf musl-dev coreutils libffi-dev zlib-dev && \
+WORKDIR /usr/local/src/onions
-    mkdir -p /usr/local/src/ /var/lib/tor/ && \
-    git clone https://git.torproject.org/tor.git /usr/local/src/tor && \
-    cd /usr/local/src/tor && \
-    TOR_VERSION=${tor_version=$(git tag | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -1)} && \
-    git checkout tor-$TOR_VERSION && \
-    ./autogen.sh && \
-    ./configure \
-    --disable-asciidoc \
-    --sysconfdir=/etc \
-    --disable-unittests && \
-    make && make install && \
-    cd .. && \
-    rm -rf tor && \
-    pip3 install --upgrade pip poetry && \
-    apk del git libevent-dev openssl-dev gnupg cargo make automake autoconf musl-dev coreutils libffi-dev && \
-    apk add --no-cache libevent openssl
 
-RUN    apk add --no-cache git gcc make automake autoconf musl-dev libtool && \
+# Install Python dependencies
-    git clone https://git.torproject.org/torsocks.git /usr/local/src/torsocks && \
+COPY requirements.txt .
-    cd /usr/local/src/torsocks && \
+RUN apk add --no-cache --virtual .build-deps \
-    TORSOCKS_VERSION=${torsocks_version=$(git tag | grep -oE 'v[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -1)} && \
+        build-base \
-    git checkout $TORSOCKS_VERSION && \
+        openssl-dev \
-    ./autogen.sh && \
+        libffi-dev \
-    ./configure && \
+        cargo \
-    make && make install && \
+    && pip install --no-cache-dir -r requirements.txt \
-    cd .. && \
+    && apk del .build-deps
-    rm -rf torsocks && \
-    apk del git gcc make automake autoconf musl-dev libtool
 
-RUN     mkdir -p /etc/tor/
+# Install application
+COPY setup.py .
+COPY onions onions/
+RUN pip install --no-cache-dir .
 
-COPY    pyproject.toml /usr/local/src/onions/
+# Copy configuration and entrypoint
+COPY assets/entrypoint-config.yml /entrypoint-config.yml
+COPY assets/torrc /var/local/tor/torrc.tpl
+COPY assets/vanguards.conf.tpl /var/local/tor/vanguards.conf.tpl
+COPY assets/entrypoint.sh /entrypoint.sh
 
-RUN     cd /usr/local/src/onions && apk add --no-cache openssl-dev libffi-dev gcc libc-dev && \
+RUN chmod +x /entrypoint.sh
-    poetry install --no-dev --no-root && \
-    apk del libffi-dev gcc libc-dev openssl-dev
 
-COPY    onions /usr/local/src/onions/onions
+VOLUME ["/var/lib/tor/hidden_service/"]
-COPY    poetry.lock /usr/local/src/onions/
-RUN     cd /usr/local/src/onions && apk add --no-cache gcc libc-dev && \
-    poetry install --no-dev && \
-    apk del gcc libc-dev
 
-RUN     mkdir -p ${HOME}/.tor && \
+ENTRYPOINT ["/entrypoint.sh"]
-    addgroup -S -g 107 tor && \
-    adduser -S -G tor -u 104 -H -h ${HOME} tor
 
-COPY    assets/entrypoint-config.yml /
+CMD ["tor"]
-COPY    assets/torrc /var/local/tor/torrc.tpl
-COPY    assets/vanguards.conf.tpl /var/local/tor/vanguards.conf.tpl
-
-ENV     VANGUARDS_CONFIG /etc/tor/vanguards.conf
-
-VOLUME  ["/var/lib/tor/hidden_service/"]
-
-ENTRYPOINT ["pyentrypoint"]
-
-CMD     ["tor"]

assets/entrypoint.sh

@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# Defaults
+ENABLE_VANGUARDS=${ENABLE_VANGUARDS:-true}
+ENABLE_TOR=${ENABLE_TOR:-true}
+
+# If user specifically requests to disable Vanguards
+if [ "$ENABLE_VANGUARDS" = "false" ]; then
+    echo "Disabling Vanguards service..."
+    sed -i '/- vanguards/d' /entrypoint-config.yml
+fi
+
+# If user specifically requests to disable Tor (e.g. for sidecar mode)
+if [ "$ENABLE_TOR" = "false" ]; then
+    echo "Disabling Tor service..."
+    sed -i '/- tor/d' /entrypoint-config.yml
+    
+    # In sidecar mode, we don't want to auto-resolve the control port using local defaults.
+    # We remove the line that sets TOR_CONTROL_PORT via 'onions --resolve-control-port'
+    # so that the environment variable passed to the container is preserved.
+    sed -i '/TOR_CONTROL_PORT: onions --resolve-control-port/d' /entrypoint-config.yml
+fi
+
+# Pass control to pyentrypoint
+exec pyentrypoint "$@"

docker-build.sh

@@ -0,0 +1,15 @@
+#!/bin/sh
+# Build script for multi-architecture support
+# Requires docker buildx enabled
+
+IMAGE_NAME="cmehay/docker-tor-hidden-service"
+TAG="latest"
+
+echo "Building multi-arch image (linux/amd64, linux/arm64)..."
+
+# Note: To push to a registry, add '--push' and ensure you are logged in.
+# For local testing, you might need to build for a single arch or use '--load' (single arch).
+docker buildx build \
+  --platform linux/amd64,linux/arm64 \
+  -t "${IMAGE_NAME}:${TAG}" \
+  .

docker-compose.yml

@@ -0,0 +1,35 @@
+version: '3.8'
+
+services:
+  # Tor Service - Runs Tor only
+  tor:
+    build: .
+    image: docker-tor-hidden-service:latest
+    container_name: tor-service
+    restart: unless-stopped
+    environment:
+      - ENABLE_VANGUARDS=false
+      - TOR_CONTROL_PASSWORD=secure_password
+      # Expose control port on all interfaces for sidecar access
+      - TOR_CONTROL_PORT=0.0.0.0:9051
+    ports:
+      - "9051:9051" # Expose control port (ensure firewall protects this!)
+    volumes:
+      - tor-data:/var/lib/tor/hidden_service/
+
+  # Vanguards Service - Runs Vanguards only (Sidecar)
+  vanguards:
+    build: .
+    image: docker-tor-hidden-service:latest
+    container_name: vanguards-sidecar
+    restart: unless-stopped
+    environment:
+      - ENABLE_TOR=false
+      - TOR_CONTROL_PASSWORD=secure_password
+      - TOR_CONTROL_PORT=tor:9051
+    depends_on:
+      - tor
+    # network_mode: "service:tor" # Optional: if you want them to share network stack (localhost access)
+
+volumes:
+  tor-data:

requirements.txt

@@ -0,0 +1,9 @@
+cryptography>=3.4.7
+stem>=1.8.0
+PyYAML>=6.0
+vanguards>=0.3.1
+pyentrypoint>=0.8.0
+Jinja2>=3.0
+importlib-metadata>=4.0; python_version < "3.10"
+ipy>=1.00
+pytor>=0.1.9

setup.py

@@ -0,0 +1,14 @@
+from setuptools import setup, find_packages
+
+setup(
+    name='docker-tor-hidden-service',
+    version='0.7.1',
+    description='Display onion sites hosted',
+    author='Christophe Mehay',
+    packages=find_packages(),
+    entry_points={
+        'console_scripts': [
+            'onions=onions:main',
+        ],
+    },
+)