mirror of
https://github.com/antitree/private-tor-network
synced 2024-12-28 23:01:51 +00:00
Rebuilt Dockerfile to replace apt-get with a git clone
updated torrc, docker-compose, and entrypoint scripts to reflect new users added ca-certificates to requirements, removed asciidocs
This commit is contained in:
parent
8690f647e3
commit
422b496921
52
Dockerfile
52
Dockerfile
@ -24,40 +24,30 @@ ENV TOR_NICKNAME=Tor4 \
|
|||||||
TOR_DIRPORT=9030 \
|
TOR_DIRPORT=9030 \
|
||||||
TOR_DIR=/tor
|
TOR_DIR=/tor
|
||||||
|
|
||||||
# Add the official torproject.org Debian Tor repository
|
# Install build dependencies
|
||||||
# - this will always build/install the latest stable version
|
RUN apt-get update && \
|
||||||
COPY ./config/tor-apt-sources.list /etc/apt/sources.list.d/
|
build_deps="build-essential automake libssl-dev zlib1g-dev libevent-dev ca-certificates\
|
||||||
|
dh-apparmor libseccomp-dev dh-systemd \
|
||||||
# Build & Install:
|
git" && \
|
||||||
# - add the gpg key used to sign the packages
|
|
||||||
# - install build dependencies (and nano)
|
|
||||||
# - add a 'builder' user for compiling the package as a non-root user
|
|
||||||
# - build Tor in ~/debian-packages and install the new Tor package
|
|
||||||
# - backup torrc & cleanup all dependencies and caches
|
|
||||||
# - adds only 13 MB to the Debian base image (without obfsproxy, which adds another 60 MB)
|
|
||||||
# TODO: Allow selection of which version of tor to build
|
|
||||||
RUN gpg --keyserver keys.gnupg.net --recv 886DDD89 && \
|
|
||||||
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - && \
|
|
||||||
apt-get update && \
|
|
||||||
build_deps="build-essential fakeroot devscripts quilt libssl-dev zlib1g-dev libevent-dev \
|
|
||||||
asciidoc docbook-xml docbook-xsl xmlto dh-apparmor libseccomp-dev dh-systemd \
|
|
||||||
libsystemd-dev pkg-config dh-autoreconf hardening-includes" && \
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install $build_deps \
|
DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install $build_deps \
|
||||||
obfsproxy \
|
|
||||||
tor-geoipdb \
|
|
||||||
init-system-helpers \
|
init-system-helpers \
|
||||||
pwgen \
|
pwgen
|
||||||
nano && \
|
|
||||||
adduser --disabled-password --gecos "" builder && \
|
# Build tor
|
||||||
su builder -c 'mkdir -v ~/debian-packages; cd ~/debian-packages && \
|
# clone the latest from the tor repos
|
||||||
apt-get -y source tor && \
|
# autogen, configure, make, and install tor
|
||||||
cd tor-* && \
|
# cleanup after
|
||||||
debuild -rfakeroot -uc -us' && \
|
RUN mkdir /src && \
|
||||||
dpkg -i /home/builder/debian-packages/tor_*.deb && \
|
cd /src && \
|
||||||
mv -v /etc/tor/torrc /etc/tor/torrc.default && \
|
git clone https://git.torproject.org/tor.git && \
|
||||||
deluser --remove-home builder && \
|
cd tor && \
|
||||||
|
./autogen.sh && \
|
||||||
|
./configure --disable-asciidoc && \
|
||||||
|
make && \
|
||||||
|
make install && \
|
||||||
apt-get -y purge --auto-remove $build_deps && \
|
apt-get -y purge --auto-remove $build_deps && \
|
||||||
apt-get clean && rm -r /var/lib/apt/lists/*
|
apt-get clean && rm -r /var/lib/apt/lists/* && \
|
||||||
|
rm -rf /src/*
|
||||||
|
|
||||||
# Copy the base tor configuration file
|
# Copy the base tor configuration file
|
||||||
COPY ./config/torrc* /etc/tor/
|
COPY ./config/torrc* /etc/tor/
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
# Run Tor as a regular user (do not change this)
|
# Run Tor as a regular user (do not change this)
|
||||||
User debian-tor
|
#User debian-tor
|
||||||
|
|
||||||
TestingTorNetwork 1
|
TestingTorNetwork 1
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
version: '2'
|
version: '2'
|
||||||
services:
|
services:
|
||||||
da1:
|
da1:
|
||||||
image: antitree/private-tor
|
image: antitree/private-tor-test
|
||||||
expose:
|
expose:
|
||||||
- "7000"
|
- "7000"
|
||||||
- "9030"
|
- "9030"
|
||||||
@ -11,7 +11,7 @@ services:
|
|||||||
## Needed to keep track of other nodes
|
## Needed to keep track of other nodes
|
||||||
- ./tor:/tor
|
- ./tor:/tor
|
||||||
da2:
|
da2:
|
||||||
image: antitree/private-tor
|
image: antitree/private-tor-test
|
||||||
expose:
|
expose:
|
||||||
- "7000"
|
- "7000"
|
||||||
- "9030"
|
- "9030"
|
||||||
@ -21,7 +21,7 @@ services:
|
|||||||
## Needed to keep track of other nodes
|
## Needed to keep track of other nodes
|
||||||
- ./tor:/tor
|
- ./tor:/tor
|
||||||
da3:
|
da3:
|
||||||
image: antitree/private-tor
|
image: antitree/private-tor-test
|
||||||
expose:
|
expose:
|
||||||
- "7000"
|
- "7000"
|
||||||
- "9030"
|
- "9030"
|
||||||
@ -31,7 +31,7 @@ services:
|
|||||||
## Needed to keep track of other nodes
|
## Needed to keep track of other nodes
|
||||||
- ./tor:/tor
|
- ./tor:/tor
|
||||||
relay:
|
relay:
|
||||||
image: antitree/private-tor
|
image: antitree/private-tor-test
|
||||||
expose:
|
expose:
|
||||||
- "7000"
|
- "7000"
|
||||||
- "9030"
|
- "9030"
|
||||||
@ -45,7 +45,7 @@ services:
|
|||||||
- da2
|
- da2
|
||||||
- da3
|
- da3
|
||||||
exit:
|
exit:
|
||||||
image: antitree/private-tor
|
image: antitree/private-tor-test
|
||||||
expose:
|
expose:
|
||||||
- "7000"
|
- "7000"
|
||||||
- "9030"
|
- "9030"
|
||||||
@ -59,7 +59,7 @@ services:
|
|||||||
- da2
|
- da2
|
||||||
- da3
|
- da3
|
||||||
client:
|
client:
|
||||||
image: antitree/private-tor
|
image: antitree/private-tor-test
|
||||||
ports:
|
ports:
|
||||||
# Setups a listener on host machine
|
# Setups a listener on host machine
|
||||||
- "9050:9050"
|
- "9050:9050"
|
||||||
|
@ -7,6 +7,6 @@ RELAY=$(cat $TOR_DIR/$TOR_NICK/fingerprint|awk -F " " '{print $2}')
|
|||||||
SERVICE=$(grep "dir-address" $TOR_DIR/$TOR_NICK/keys/* | awk -F " " '{print $2}')
|
SERVICE=$(grep "dir-address" $TOR_DIR/$TOR_NICK/keys/* | awk -F " " '{print $2}')
|
||||||
IPADDR=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
|
IPADDR=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
|
||||||
|
|
||||||
TORRC="DirAuthority $NICK orport=${TOR_ORPORT} no-v2 v3ident=$AUTH $SERVICE $RELAY"
|
TORRC="DirAuthority $TOR_NICK orport=${TOR_ORPORT} no-v2 v3ident=$AUTH $SERVICE $RELAY"
|
||||||
|
|
||||||
echo $TORRC
|
echo $TORRC
|
||||||
|
@ -3,35 +3,18 @@ set -o errexit
|
|||||||
|
|
||||||
# Fudge the sleep to try and keep the consensus
|
# Fudge the sleep to try and keep the consensus
|
||||||
#FUDGE=$(( ( RANDOM % 100) + 20 ))
|
#FUDGE=$(( ( RANDOM % 100) + 20 ))
|
||||||
FUDGE=30
|
FUDGE=3
|
||||||
|
|
||||||
echo -e "\n========================================================"
|
echo -e "\n========================================================"
|
||||||
# If DataDirectory or secret_id_key is mounted here, it must be owned by the debian-tor user
|
|
||||||
chown -Rv debian-tor:debian-tor ${TOR_DIR}
|
|
||||||
|
|
||||||
if [ ! -e /tor-config-done ]; then
|
if [ ! -e /tor-config-done ]; then
|
||||||
touch /tor-config-done # only run this once
|
touch /tor-config-done # only run this once
|
||||||
|
|
||||||
# Add a Nickname, if none has been set in torrc
|
# Generate a random name
|
||||||
if ! grep -q '^Nickname ' /etc/tor/torrc; then
|
|
||||||
if [ ${TOR_NICKNAME} == "Tor4" ]; then
|
|
||||||
# if user did not change the default Nickname, genetrate a random pronounceable one
|
|
||||||
RPW=$(pwgen -0A 10)
|
RPW=$(pwgen -0A 10)
|
||||||
export TOR_NICKNAME=${ROLE}${RPW}
|
export TOR_NICKNAME=${ROLE}${RPW}
|
||||||
echo "Setting random Nickname: ${TOR_NICKNAME}"
|
echo "Setting random Nickname: ${TOR_NICKNAME}"
|
||||||
else
|
|
||||||
echo "Setting chosen Nickname: ${TOR_NICKNAME}"
|
|
||||||
fi
|
|
||||||
echo -e "\nNickname ${TOR_NICKNAME}" >> /etc/tor/torrc
|
echo -e "\nNickname ${TOR_NICKNAME}" >> /etc/tor/torrc
|
||||||
fi
|
|
||||||
|
|
||||||
# Add ContactInfo from env variable, if none has been set in torrc
|
|
||||||
if ! grep -q '^ContactInfo ' /etc/tor/torrc; then
|
|
||||||
if [ -n "${CONTACT_EMAIL}" ]; then
|
|
||||||
echo "Setting Contact Email: ${CONTACT_EMAIL}"
|
|
||||||
echo -e "\nContactInfo ${CONTACT_EMAIL}" >> /etc/tor/torrc
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Host specific modifications to the torrc file
|
# Host specific modifications to the torrc file
|
||||||
echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc
|
echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc
|
||||||
@ -43,7 +26,6 @@ if [ ! -e /tor-config-done ]; then
|
|||||||
fi
|
fi
|
||||||
echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc
|
echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc
|
||||||
|
|
||||||
|
|
||||||
# Changes to the torrc file based on the desired role
|
# Changes to the torrc file based on the desired role
|
||||||
case ${ROLE} in
|
case ${ROLE} in
|
||||||
DA)
|
DA)
|
||||||
@ -54,13 +36,11 @@ if [ ! -e /tor-config-done ]; then
|
|||||||
echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc
|
echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc
|
||||||
KEYPATH=${TOR_DIR}/${TOR_NICKNAME}/keys
|
KEYPATH=${TOR_DIR}/${TOR_NICKNAME}/keys
|
||||||
mkdir -p ${KEYPATH}
|
mkdir -p ${KEYPATH}
|
||||||
chown -Rv debian-tor:debian-tor ${TOR_DIR}
|
|
||||||
echo "password" | tor-gencert --create-identity-key -m 12 -a ${TOR_IP}:${TOR_DIRPORT} \
|
echo "password" | tor-gencert --create-identity-key -m 12 -a ${TOR_IP}:${TOR_DIRPORT} \
|
||||||
-i ${KEYPATH}/authority_identity_key \
|
-i ${KEYPATH}/authority_identity_key \
|
||||||
-s ${KEYPATH}/authority_signing_key \
|
-s ${KEYPATH}/authority_signing_key \
|
||||||
-c ${KEYPATH}/authority_certificate \
|
-c ${KEYPATH}/authority_certificate \
|
||||||
--passphrase-fd 0
|
--passphrase-fd 0
|
||||||
chown -Rv debian-tor:debian-tor ${TOR_DIR}
|
|
||||||
tor --list-fingerprint --orport 1 \
|
tor --list-fingerprint --orport 1 \
|
||||||
--dirserver "x 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \
|
--dirserver "x 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \
|
||||||
--datadirectory ${TOR_DIR}/${TOR_NICKNAME}
|
--datadirectory ${TOR_DIR}/${TOR_NICKNAME}
|
||||||
@ -97,7 +77,6 @@ if [ ! -e /tor-config-done ]; then
|
|||||||
sleep $FUDGE
|
sleep $FUDGE
|
||||||
cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc
|
cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc
|
||||||
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -e "\n========================================================"
|
echo -e "\n========================================================"
|
||||||
|
Loading…
Reference in New Issue
Block a user