Files
telegram-shop/tor-proxy/entrypoint.sh
NW d8bfb29205 feat: add tor-proxy service for SSH and admin panel access via Tor
- Add tor-proxy/Dockerfile: Alpine + Tor with entrypoint
- Add tor-proxy/entrypoint.sh: dynamic torrc generation with env var validation
- Update docker-compose.yml: add tor-proxy service with shared tor_proxy_net network
- Two Tor hidden services: SSH (port 22) and admin panel (port 80 -> 3001)
- Update .env.example: add SSH_HOST_IP, SHOP_CONTAINER, ADMIN_PORT vars
2026-06-24 11:30:38 +01:00

57 lines
1.5 KiB
Bash

#!/bin/bash
set -e
validate_alnum() {
local val="$1"
local name="$2"
if ! echo "$val" | grep -qE '^[a-zA-Z0-9._-]+$'; then
echo "ERROR: $name contains invalid characters: $val"
exit 1
fi
if echo "$val" | grep -q $'\n'; then
echo "ERROR: $name contains newlines: $val"
exit 1
fi
}
validate_alnum "$SSH_HOST_IP" "SSH_HOST_IP"
validate_alnum "$SHOP_CONTAINER" "SHOP_CONTAINER"
if ! echo "$ADMIN_PORT" | grep -qE '^[0-9]+$'; then
echo "ERROR: ADMIN_PORT must be a number: $ADMIN_PORT"
exit 1
fi
if [ "$SSH_HOST_IP" = "host.docker.internal" ]; then
if ! getent hosts host.docker.internal >/dev/null 2>&1; then
GATEWAY=$(ip route | grep default | awk '{print $3}')
if [ -n "$GATEWAY" ]; then
SSH_HOST_IP="$GATEWAY"
echo "host.docker.internal not resolvable, using gateway: $SSH_HOST_IP"
fi
fi
fi
mkdir -p /var/lib/tor/ssh /var/lib/tor/admin
chmod 700 /var/lib/tor/ssh /var/lib/tor/admin
cat > /etc/tor/torrc <<EOF
# Generated by entrypoint.sh at container start
RunAsDaemon 0
SocksPort 0
Log notice stdout
DataDirectory /var/lib/tor
# --- SSH hidden service (proxies to host SSH) ---
HiddenServiceDir /var/lib/tor/ssh/
HiddenServicePort 22 ${SSH_HOST_IP}:22
# --- Admin panel hidden service (proxies to shop container) ---
HiddenServiceDir /var/lib/tor/admin/
HiddenServicePort 80 ${SHOP_CONTAINER}:${ADMIN_PORT}
EOF
echo "torrc contents:"
cat /etc/tor/torrc
echo "Starting Tor..."
exec tor -f /etc/tor/torrc