feat: save onion addresses to file and .env on host
- entrypoint.sh: background process writes onion-hosts.txt with SSH_ONION and ADMIN_ONION - docker-compose.yml: bind mount tor-proxy/hosts for onion address persistence on host - tor-proxy/get-onions.sh: reads onion addresses and updates .env with ADMIN_URL, SSH_ONION, ADMIN_ONION - .gitignore: exclude tor-proxy/hosts/onion-hosts.txt (secret) - tor-proxy/hosts/.gitkeep: ensure directory exists in git
This commit is contained in:
NW
3
.gitignore
vendored
3
.gitignore
vendored
@@ -37,6 +37,9 @@ AGENTS.md
|
||||
# Local workspace / worktrees
|
||||
.work/
|
||||
|
||||
# Tor onion addresses (secret)
|
||||
tor-proxy/hosts/onion-hosts.txt
|
||||
|
||||
# Python cache
|
||||
__pycache__/
|
||||
*.pyc
|
||||
|
||||
@@ -42,6 +42,7 @@ services:
|
||||
ADMIN_PORT: ${ADMIN_PORT:-3001}
|
||||
volumes:
|
||||
- tor_data:/var/lib/tor
|
||||
- ./tor-proxy/hosts:/onion-hosts
|
||||
extra_hosts:
|
||||
- "host.docker.internal:host-gateway"
|
||||
networks:
|
||||
|
||||
@@ -53,5 +53,31 @@ EOF
|
||||
echo "torrc contents:"
|
||||
cat /etc/tor/torrc
|
||||
|
||||
mkdir -p /onion-hosts
|
||||
|
||||
( \
|
||||
echo "Waiting for onion addresses..."; \
|
||||
for i in $(seq 1 120); do \
|
||||
SSH_H=""; ADMIN_H=""; \
|
||||
[ -s /var/lib/tor/ssh/hostname ] && SSH_H=$(cat /var/lib/tor/ssh/hostname); \
|
||||
[ -s /var/lib/tor/admin/hostname ] && ADMIN_H=$(cat /var/lib/tor/admin/hostname); \
|
||||
if [ -n "$SSH_H" ] && [ -n "$ADMIN_H" ]; then \
|
||||
cat > /onion-hosts/onion-hosts.txt <<CONF
|
||||
# Tor Onion Addresses - auto-generated at $(date -u +%Y-%m-%dT%H:%M:%SZ)
|
||||
# Do not edit manually - overwritten on container restart
|
||||
SSH_ONION=${SSH_H}
|
||||
ADMIN_ONION=${ADMIN_H}
|
||||
# Usage:
|
||||
# SSH: torify ssh user@${SSH_H}
|
||||
# Admin: open http://${ADMIN_H} in Tor Browser
|
||||
CONF
|
||||
echo "Onion addresses saved to /onion-hosts/onion-hosts.txt"; \
|
||||
exit 0; \
|
||||
fi; \
|
||||
sleep 2; \
|
||||
done; \
|
||||
echo "WARNING: Timed out waiting for onion addresses"; \
|
||||
) &
|
||||
|
||||
echo "Starting Tor..."
|
||||
exec tor -f /etc/tor/torrc
|
||||
66
tor-proxy/get-onions.sh
Executable file
66
tor-proxy/get-onions.sh
Executable file
@@ -0,0 +1,66 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
cd "$(dirname "$0")/.."
|
||||
|
||||
echo "Reading onion addresses from tor-proxy/hosts/onion-hosts.txt..."
|
||||
|
||||
ONION_FILE="tor-proxy/hosts/onion-hosts.txt"
|
||||
|
||||
if [ ! -f "$ONION_FILE" ]; then
|
||||
echo "ERROR: $ONION_FILE not found. Is tor-proxy container running?"
|
||||
echo "Run: docker compose up -d && sleep 30 && $0"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
SSH_ONION=$(grep '^SSH_ONION=' "$ONION_FILE" | cut -d= -f2 | tr -d ' ')
|
||||
ADMIN_ONION=$(grep '^ADMIN_ONION=' "$ONION_FILE" | cut -d= -f2 | tr -d ' ')
|
||||
|
||||
if [ -z "$SSH_ONION" ] || [ -z "$ADMIN_ONION" ]; then
|
||||
echo "ERROR: Onion addresses not found in $ONION_FILE"
|
||||
echo "Contents:"
|
||||
cat "$ONION_FILE"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "============================================================"
|
||||
echo " Onion services"
|
||||
echo "============================================================"
|
||||
echo " SSH : ${SSH_ONION} (port 22 -> host SSH)"
|
||||
echo " Admin : ${ADMIN_ONION} (port 80 -> telegram_shop_prod:3001)"
|
||||
echo "============================================================"
|
||||
echo ""
|
||||
echo "Usage:"
|
||||
echo " SSH : torify ssh root@${SSH_ONION}"
|
||||
echo " Admin : open http://${ADMIN_ONION} in Tor Browser"
|
||||
echo ""
|
||||
|
||||
if [ -f .env ]; then
|
||||
ADMIN_URL="http://${ADMIN_ONION}"
|
||||
if grep -q '^ADMIN_URL=' .env; then
|
||||
sed -i "s|^ADMIN_URL=.*|ADMIN_URL=${ADMIN_URL}|" .env
|
||||
echo "Updated ADMIN_URL in .env: ${ADMIN_URL}"
|
||||
else
|
||||
echo "" >> .env
|
||||
echo "# Auto-updated by tor-proxy/get-onions.sh" >> .env
|
||||
echo "ADMIN_URL=${ADMIN_URL}" >> .env
|
||||
echo "Added ADMIN_URL to .env: ${ADMIN_URL}"
|
||||
fi
|
||||
|
||||
if grep -q '^SSH_ONION=' .env; then
|
||||
sed -i "s|^SSH_ONION=.*|SSH_ONION=${SSH_ONION}|" .env
|
||||
echo "Updated SSH_ONION in .env: ${SSH_ONION}"
|
||||
else
|
||||
echo "SSH_ONION=${SSH_ONION}" >> .env
|
||||
echo "Added SSH_ONION to .env: ${SSH_ONION}"
|
||||
fi
|
||||
|
||||
if grep -q '^ADMIN_ONION=' .env; then
|
||||
sed -i "s|^ADMIN_ONION=.*|ADMIN_ONION=${ADMIN_ONION}|" .env
|
||||
echo "Updated ADMIN_ONION in .env: ${ADMIN_ONION}"
|
||||
else
|
||||
echo "ADMIN_ONION=${ADMIN_ONION}" >> .env
|
||||
echo "Added ADMIN_ONION to .env: ${ADMIN_ONION}"
|
||||
fi
|
||||
fi
|
||||
0
tor-proxy/hosts/.gitkeep
Normal file
0
tor-proxy/hosts/.gitkeep
Normal file
Reference in New Issue
Block a user