wander/tor-container
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: wander:a15bd524a0923d117cf88adefb49c206b4c87eaf
Branches Tags
wander:master
..
compare: wander:e075e900cf18316e375a1d961bd9310a04b1dd0e
Branches Tags
wander:master

No commits in common. "a15bd524a0923d117cf88adefb49c206b4c87eaf" and "e075e900cf18316e375a1d961bd9310a04b1dd0e" have entirely different histories.
a15bd524a0 ... e075e900cf

3 changed files with 13 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

27
assets/entrypoint.sh
View file

@ -7,22 +7,11 @@ if [ "$1" = "vanguards" ]; then
echo "Starting Vanguards Sidecar Mode..." echo "Starting Vanguards Sidecar Mode..."
shift # remove 'vanguards' from the arguments shift # remove 'vanguards' from the arguments
# Extract TARGET_HOST from arguments (looking for --control_ip) # Extract the hostname from the arguments?
TARGET_HOST="tor-service" # Default fallback # For now, we assume 'tor-service' as per the standard docker-compose setup
TARGET_HOST="tor-service"
TARGET_PORT=9051 TARGET_PORT=9051
# Simple argument parsing to find control_ip
next_is_ip=0
for arg in "$@"; do
if [ "$next_is_ip" -eq 1 ]; then
TARGET_HOST="$arg"
next_is_ip=0
fi
if [ "$arg" = "--control_ip" ]; then
next_is_ip=1
fi
done
echo "Waiting for Tor Control Port at $TARGET_HOST:$TARGET_PORT..." echo "Waiting for Tor Control Port at $TARGET_HOST:$TARGET_PORT..."
# Use Python to wait for the port (more reliable than Alpine's nc) # Use Python to wait for the port (more reliable than Alpine's nc)
python3 -c "import socket, time; python3 -c "import socket, time;
@ -83,7 +72,7 @@ if [ -n "$TOR_CONTROL_PASSWORD" ]; then
exit 1 exit 1
fi fi
echo "ControlPort 127.0.0.1:9051" >> "$TOR_CONFIG" echo "ControlPort 0.0.0.0:9051" >> "$TOR_CONFIG"
echo "HashedControlPassword $HASHED_PASSWORD" >> "$TOR_CONFIG" echo "HashedControlPassword $HASHED_PASSWORD" >> "$TOR_CONFIG"
echo "Control Password set." echo "Control Password set."
else else
@ -133,15 +122,7 @@ fi
# 4. Ownership Fix (Crucial for Docker volumes) # 4. Ownership Fix (Crucial for Docker volumes)
mkdir -p "$DATA_DIR/hidden_service/" mkdir -p "$DATA_DIR/hidden_service/"
# Ensure the current user owns the data directory (Fix for Podman/Docker permission mismatch)
if [ "$(id -u)" = "0" ]; then
chown -R tor:root "$DATA_DIR" chown -R tor:root "$DATA_DIR"
else
# Non-root (e.g. Podman rootless or user:1000), we just hope we have write access
# or that the volume was mounted with correct permissions.
# But let's try to be helpful if we are root-ish.
:
fi
chmod 700 "$DATA_DIR" chmod 700 "$DATA_DIR"
chmod 700 "$DATA_DIR/hidden_service/" chmod 700 "$DATA_DIR/hidden_service/"

26
docker-compose.yml
View file

@ -4,20 +4,16 @@ services:
build: . build: .
image: docker-tor-hidden-service:latest image: docker-tor-hidden-service:latest
container_name: tor-service container_name: tor-service
user: "0:0"
restart: unless-stopped restart: unless-stopped
network_mode: host
environment: environment:
# Format: ExternalPort:ContainerName:InternalPort # Format: ExternalPort:ContainerName:InternalPort
# Since we are on host network, 'web' hostname won't resolve via Docker DNS. - HIDDEN_SERVICE_HOSTS=80:web:80
# We must point to localhost if nginx is also on host network.
- HIDDEN_SERVICE_HOSTS=80:localhost:80
- TOR_CONTROL_PASSWORD=secure_password - TOR_CONTROL_PASSWORD=secure_password
# ports: <-- Not needed in host mode ports:
# - "9051:9051" - "9051:9051"
# - "9050:9050" - "9050:9050"
volumes: volumes:
- ./tor-data:/var/lib/tor/:z - tor-data:/var/lib/tor/
depends_on: depends_on:
- web - web
@ -26,25 +22,19 @@ services:
image: nginx:alpine image: nginx:alpine
container_name: my-website container_name: my-website
restart: unless-stopped restart: unless-stopped
network_mode: host
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
# Vanguards Service - Sidecar # Vanguards Service - Sidecar
vanguards: vanguards:
build: . build: .
image: docker-tor-hidden-service:latest image: docker-tor-hidden-service:latest
container_name: vanguards-sidecar container_name: vanguards-sidecar
user: "0:0"
restart: unless-stopped restart: unless-stopped
network_mode: host
# The 'vanguards' first word triggers the logic in your entrypoint.sh # The 'vanguards' first word triggers the logic in your entrypoint.sh
# Connect to localhost since we share the network stack command: vanguards --control_ip tor-service --control_port 9051 --control_pass secure_password
command: vanguards --control_ip localhost --control_port 9051 --control_pass secure_password
depends_on: depends_on:
- tor - tor
volumes: volumes:
- ./tor-data:/var/lib/tor/:z - tor-data:/var/lib/tor/
volumes: volumes:
tor-data-new: tor-data:

24
nginx/default.conf
View file

@ -1,24 +0,0 @@
server {
listen 80;
server_name localhost;
# Basic error logging
error_log /var/log/nginx/error.log warn;
location / {
# CHANGE THIS to your actual Netbird Service IP and Port
# Example: proxy_pass http://100.64.0.10:5000;
proxy_pass http://100.x.x.x:5000;
# Standard Proxy Headers required for most apps
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket Support (if needed later)
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}