wander/tor-container
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
117 commits 1 branch 0 tags 359 KiB
Find a file
wander deebc86b2f Fix SELinux label from :Z (private) to :z (shared)
2026-02-07 00:11:18 -05:00
assets attempt to make this work for podman and docker 2026-02-06 23:45:30 -05:00
hooks Fix typo, add test for v2 secret key in env, fix docker build scripts 2019-08-03 16:33:21 +02:00
onions Fix issue when restarting tor container with control password 2022-07-26 23:28:23 +02:00
tests Update tor version to 0.4.6.10 2022-03-26 14:10:51 +01:00
.dockerignore Update tor to 0.4.7.11 2022-11-14 22:14:26 +01:00
.gitignore Add tor v3 addresses support 2019-04-29 22:37:22 +02:00
.pre-commit-config.yaml Migrate from Pipenv to Poetry 2020-05-09 18:17:15 +02:00
.travis.yml Fix travis python version 2020-10-04 19:00:27 +02:00
current_tor_version Update tor to 0.4.7.12 2023-01-08 21:34:14 +01:00
current_torsocks_version Fix typo: rename current_torsock_version to current_torsocks_version. 2021-02-20 13:06:52 +01:00
docker-build.sh add multi-arch support, and decouple vanguards 2026-02-05 21:54:18 -05:00
docker-compose.build.yml Dockerfile: Add torsocks binary. 2020-12-06 01:09:47 +01:00
docker-compose.v2.socket.yml Fix typo, add test for v2 secret key in env, fix docker build scripts 2019-08-03 16:33:21 +02:00
docker-compose.v2.yml Drop support for onion addresses v2 2021-12-24 00:27:34 +01:00
docker-compose.v3.latest.yml Drop support for onion addresses v2 2021-12-24 00:27:34 +01:00
docker-compose.v3.yml Drop support for onion addresses v2 2021-12-24 00:27:34 +01:00
docker-compose.vanguards-network.yml Fix typo in docker-compose.vanguards-network.yml 2022-07-26 23:28:23 +02:00
docker-compose.vanguards.yml Add tests for Vanguards setup 2020-06-15 00:02:38 +02:00
docker-compose.yml Fix SELinux label from :Z (private) to :z (shared) 2026-02-07 00:11:18 -05:00
docker-compose.yml.bak stable 1.0.0 2026-02-06 22:06:44 -05:00
Dockerfile removal of dev packages (the fuck?) 2026-02-06 20:43:10 -05:00
last_tor_version.sh Make the last_tor_version.sh script executable. 2020-12-23 17:36:33 +01:00
last_torsocks_version.sh Dockerfile: Add torsocks binary. 2020-12-06 01:09:47 +01:00
Makefile Update tor version to 0.4.6.10 2022-03-26 14:10:51 +01:00
poetry.lock Update tor to 0.4.7.12 2023-01-08 21:34:14 +01:00
private_key_bar_v3 Add tor v3 addresses support 2019-04-29 22:37:22 +02:00
private_key_foo_v3 Drop support for onion addresses v2 2021-12-24 00:27:34 +01:00
pyproject.toml pyentrypoint does not support Python 3.11 yet 2026-02-06 20:23:20 -05:00
README.md stable 1.0.0 2026-02-06 22:06:44 -05:00
requirements.txt terms and conditions 2026-02-06 20:47:30 -05:00
setup.py fix: vanguards decoupling and project metadata 2026-02-06 19:48:55 -05:00
tox.ini Update to python 3.10 2022-07-26 23:28:23 +02:00

README.md

Docker Tor Hidden Service (Modernized)

A secure, lightweight, and modern Docker image for running Tor Hidden Services (Onion Services) with Vanguards protection.

Features

  • Lightweight: Built on python:3.11-alpine (latest stable).
  • Secure: "Fail-fast" entrypoint script that validates all configuration before starting.
  • Vanguards Ready: Includes Vanguards for active defense against deanonymization attacks.
  • No Magic: dynamic configuration via standard entrypoint.sh — no opaque Python wrappers.
  • Multi-Arch: Supports amd64 and arm64.

Usage

Quick Start (Docker Compose)

version: '3.8'
services:
  tor:
    build: .
    environment:
      # Format: ExternalPort:ContainerName:InternalPort
      - HIDDEN_SERVICE_HOSTS=80:my-web-server:80
      - TOR_CONTROL_PASSWORD=secure_password
    volumes:
      - tor-data:/var/lib/tor/
    depends_on:
      - web

  # Example Web Server
  web:
    image: nginx:alpine
    container_name: my-web-server

  # Vanguards Sidecar (Optional but Recommended)
  vanguards:
    build: .
    command: vanguards --control_ip tor-service --control_port 9051 --control_pass secure_password
    volumes:
      - tor-data:/var/lib/tor/
    depends_on:
      - tor
    restart: unless-stopped

volumes:
  tor-data:

Environment Variables

Variable Description Example
HIDDEN_SERVICE_HOSTS Space-separated list of services to expose. Format: ExtPort:Host:IntPort 80:web:80 22:ssh:22
TOR_CONTROL_PASSWORD Password for the Tor Control Port (9051). Automatically hashed. my_secret_password
TOR_DATA_DIR Location of Tor data (keys, state). Default: /var/lib/tor /var/lib/tor

Getting your Onion Address

Once running, the Tor service generates your keys automatically.

docker exec <container_name> cat /var/lib/tor/hidden_service/hostname

Checking Vanguards

Verify that Vanguards is connected and pinning your guards:

docker logs vanguards-sidecar
docker exec vanguards-sidecar cat /vanguards.state

Security Notes

  • User: Tor runs as the root user in the container by default in this minimal setup, but drops privileges where possible. (Note: Production setups might refine this to use the tor user exclusively).
  • Filesystem: The entrypoint.sh enforces chmod 700 on the hidden service directory to satisfy Tor's security checks.

Credits

Based on the original work by cmehay, but fully refactored to remove dependencies on pyentrypoint, pytor, and onions in favor of standard shell scripts and official binaries.