- Add tor-proxy/Dockerfile: Alpine + Tor with entrypoint - Add tor-proxy/entrypoint.sh: dynamic torrc generation with env var validation - Update docker-compose.yml: add tor-proxy service with shared tor_proxy_net network - Two Tor hidden services: SSH (port 22) and admin panel (port 80 -> 3001) - Update .env.example: add SSH_HOST_IP, SHOP_CONTAINER, ADMIN_PORT vars
57 lines
1.5 KiB
Bash
57 lines
1.5 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
validate_alnum() {
|
|
local val="$1"
|
|
local name="$2"
|
|
if ! echo "$val" | grep -qE '^[a-zA-Z0-9._-]+$'; then
|
|
echo "ERROR: $name contains invalid characters: $val"
|
|
exit 1
|
|
fi
|
|
if echo "$val" | grep -q $'\n'; then
|
|
echo "ERROR: $name contains newlines: $val"
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
validate_alnum "$SSH_HOST_IP" "SSH_HOST_IP"
|
|
validate_alnum "$SHOP_CONTAINER" "SHOP_CONTAINER"
|
|
if ! echo "$ADMIN_PORT" | grep -qE '^[0-9]+$'; then
|
|
echo "ERROR: ADMIN_PORT must be a number: $ADMIN_PORT"
|
|
exit 1
|
|
fi
|
|
|
|
if [ "$SSH_HOST_IP" = "host.docker.internal" ]; then
|
|
if ! getent hosts host.docker.internal >/dev/null 2>&1; then
|
|
GATEWAY=$(ip route | grep default | awk '{print $3}')
|
|
if [ -n "$GATEWAY" ]; then
|
|
SSH_HOST_IP="$GATEWAY"
|
|
echo "host.docker.internal not resolvable, using gateway: $SSH_HOST_IP"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
mkdir -p /var/lib/tor/ssh /var/lib/tor/admin
|
|
chmod 700 /var/lib/tor/ssh /var/lib/tor/admin
|
|
|
|
cat > /etc/tor/torrc <<EOF
|
|
# Generated by entrypoint.sh at container start
|
|
RunAsDaemon 0
|
|
SocksPort 0
|
|
Log notice stdout
|
|
DataDirectory /var/lib/tor
|
|
|
|
# --- SSH hidden service (proxies to host SSH) ---
|
|
HiddenServiceDir /var/lib/tor/ssh/
|
|
HiddenServicePort 22 ${SSH_HOST_IP}:22
|
|
|
|
# --- Admin panel hidden service (proxies to shop container) ---
|
|
HiddenServiceDir /var/lib/tor/admin/
|
|
HiddenServicePort 80 ${SHOP_CONTAINER}:${ADMIN_PORT}
|
|
EOF
|
|
|
|
echo "torrc contents:"
|
|
cat /etc/tor/torrc
|
|
|
|
echo "Starting Tor..."
|
|
exec tor -f /etc/tor/torrc |