assets/entrypoint.sh

@@ -7,22 +7,11 @@ if [ "$1" = "vanguards" ]; then
     echo "Starting Vanguards Sidecar Mode..."
     shift # remove 'vanguards' from the arguments
     
-    # Extract TARGET_HOST from arguments (looking for --control_ip)
-    TARGET_HOST="tor-service" # Default fallback
+    # Extract the hostname from the arguments? 
+    # For now, we assume 'tor-service' as per the standard docker-compose setup
+    TARGET_HOST="tor-service"
     TARGET_PORT=9051
 
-    # Simple argument parsing to find control_ip
-    next_is_ip=0
-    for arg in "$@"; do
-        if [ "$next_is_ip" -eq 1 ]; then
-            TARGET_HOST="$arg"
-            next_is_ip=0
-        fi
-        if [ "$arg" = "--control_ip" ]; then
-            next_is_ip=1
-        fi
-    done
-
     echo "Waiting for Tor Control Port at $TARGET_HOST:$TARGET_PORT..."
     # Use Python to wait for the port (more reliable than Alpine's nc)
     python3 -c "import socket, time;
@@ -83,7 +72,7 @@ if [ -n "$TOR_CONTROL_PASSWORD" ]; then
         exit 1
     fi
     
-    echo "ControlPort 127.0.0.1:9051" >> "$TOR_CONFIG"
+    echo "ControlPort 0.0.0.0:9051" >> "$TOR_CONFIG"
     echo "HashedControlPassword $HASHED_PASSWORD" >> "$TOR_CONFIG"
     echo "Control Password set."
 else
@@ -133,15 +122,7 @@ fi
 
 # 4. Ownership Fix (Crucial for Docker volumes)
 mkdir -p "$DATA_DIR/hidden_service/"
-# Ensure the current user owns the data directory (Fix for Podman/Docker permission mismatch)
-if [ "$(id -u)" = "0" ]; then
-    chown -R tor:root "$DATA_DIR"
-else
-    # Non-root (e.g. Podman rootless or user:1000), we just hope we have write access
-    # or that the volume was mounted with correct permissions.
-    # But let's try to be helpful if we are root-ish.
-    :
-fi
+chown -R tor:root "$DATA_DIR"
 chmod 700 "$DATA_DIR"
 chmod 700 "$DATA_DIR/hidden_service/"
 

docker-compose.yml

@@ -4,20 +4,16 @@ services:
     build: .
     image: docker-tor-hidden-service:latest
     container_name: tor-service
-    user: "0:0"
     restart: unless-stopped
-    network_mode: host
     environment:
       # Format: ExternalPort:ContainerName:InternalPort
-      # Since we are on host network, 'web' hostname won't resolve via Docker DNS.
-      # We must point to localhost if nginx is also on host network.
-      - HIDDEN_SERVICE_HOSTS=80:localhost:80
+      - HIDDEN_SERVICE_HOSTS=80:web:80
       - TOR_CONTROL_PASSWORD=secure_password
-    # ports:  <-- Not needed in host mode
-    #   - "9051:9051"
-    #   - "9050:9050"
+    ports:
+      - "9051:9051" 
+      - "9050:9050" 
     volumes:
-      - ./tor-data:/var/lib/tor/:z
+      - tor-data:/var/lib/tor/
     depends_on:
       - web
 
@@ -26,25 +22,19 @@ services:
     image: nginx:alpine
     container_name: my-website
     restart: unless-stopped
-    network_mode: host
-    volumes:
-      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
 
   # Vanguards Service - Sidecar
   vanguards:
     build: .
     image: docker-tor-hidden-service:latest
     container_name: vanguards-sidecar
-    user: "0:0"
     restart: unless-stopped
-    network_mode: host
     # The 'vanguards' first word triggers the logic in your entrypoint.sh
-    # Connect to localhost since we share the network stack
-    command: vanguards --control_ip localhost --control_port 9051 --control_pass secure_password
+    command: vanguards --control_ip tor-service --control_port 9051 --control_pass secure_password
     depends_on:
       - tor
     volumes:
-      - ./tor-data:/var/lib/tor/:z
+      - tor-data:/var/lib/tor/
 
 volumes:
-  tor-data-new:
+  tor-data:

nginx/default.conf

@@ -1,24 +0,0 @@
-server {
-    listen 80;
-    server_name localhost;
-
-    # Basic error logging
-    error_log /var/log/nginx/error.log warn;
-
-    location / {
-        # CHANGE THIS to your actual Netbird Service IP and Port
-        # Example: proxy_pass http://100.64.0.10:5000;
-        proxy_pass http://100.x.x.x:5000;
-        
-        # Standard Proxy Headers required for most apps
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-
-        # WebSocket Support (if needed later)
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection "upgrade";
-    }
-}