UniqueSoft/private-tor-network
2
0
Fork 0
mirror of https://github.com/antitree/private-tor-network synced 2025-06-26 18:16:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'testing'

Browse Source
This commit is contained in:
AntiTree 2016-07-09 19:46:05 -04:00
commit b1f07efb6a
7 changed files with 62 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
Dockerfile
View File

@ -16,48 +16,49 @@
FROM debian:jessie FROM debian:jessie
MAINTAINER Antitree antitree@protonmail.com MAINTAINER Antitree antitree@protonmail.com
# Sets which version of tor to use. See the Tor Projects git page for available tags
# Examples:
# * tor-0.2.8.4-rc
# * tor-0.2.7.6
# * tor-0.2.7.5
# * release-0.2.1
ENV TOR_VER="master"
#ENV TOR_VER="release-0.2.1"
# Sets the nickname if you didn't set one, default ports, and the path # Sets the nickname if you didn't set one, default ports, and the path
# where to mount the key material used by the clients. # where to mount the key material used by the clients.
ENV TOR_NICKNAME=Tor4 \ ENV TERM=xterm \
TERM=xterm \
TOR_ORPORT=7000 \ TOR_ORPORT=7000 \
TOR_DIRPORT=9030 \ TOR_DIRPORT=9030 \
TOR_DIR=/tor TOR_DIR=/tor
# Add the official torproject.org Debian Tor repository # Install build dependencies
# - this will always build/install the latest stable version RUN apt-get update && \
COPY ./config/tor-apt-sources.list /etc/apt/sources.list.d/ build_deps="build-essential automake libssl-dev zlib1g-dev libevent-dev ca-certificates\
dh-apparmor libseccomp-dev dh-systemd \
# Build & Install: git" && \
# - add the gpg key used to sign the packages
# - install build dependencies (and nano)
# - add a 'builder' user for compiling the package as a non-root user
# - build Tor in ~/debian-packages and install the new Tor package
# - backup torrc & cleanup all dependencies and caches
# - adds only 13 MB to the Debian base image (without obfsproxy, which adds another 60 MB)
# TODO: Allow selection of which version of tor to build
RUN gpg --keyserver keys.gnupg.net --recv 886DDD89 && \
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - && \
apt-get update && \
build_deps="build-essential fakeroot devscripts quilt libssl-dev zlib1g-dev libevent-dev \
asciidoc docbook-xml docbook-xsl xmlto dh-apparmor libseccomp-dev dh-systemd \
libsystemd-dev pkg-config dh-autoreconf hardening-includes" && \
DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install $build_deps \ DEBIAN_FRONTEND=noninteractive apt-get -y --no-install-recommends install $build_deps \
obfsproxy \
tor-geoipdb \
init-system-helpers \ init-system-helpers \
pwgen \ pwgen
nano && \
adduser --disabled-password --gecos "" builder && \ # Build tor
su builder -c 'mkdir -v ~/debian-packages; cd ~/debian-packages && \ # clone the latest from the tor repos
apt-get -y source tor && \ # autogen, configure, make, and install tor
cd tor-* && \ # cleanup after
debuild -rfakeroot -uc -us' && \ RUN mkdir /src && \
dpkg -i /home/builder/debian-packages/tor_*.deb && \ cd /src && \
mv -v /etc/tor/torrc /etc/tor/torrc.default && \ git clone https://git.torproject.org/tor.git && \
deluser --remove-home builder && \ cd tor && \
git checkout ${TOR_VER}
RUN ./autogen.sh && \
./configure --disable-asciidoc && \
make && \
make install && \
apt-get -y purge --auto-remove $build_deps && \ apt-get -y purge --auto-remove $build_deps && \
apt-get clean && rm -r /var/lib/apt/lists/* apt-get clean && rm -r /var/lib/apt/lists/* && \
rm -rf /src/*
# Copy the base tor configuration file # Copy the base tor configuration file
COPY ./config/torrc* /etc/tor/ COPY ./config/torrc* /etc/tor/

2
config/torrc
View File

@ -1,5 +1,5 @@
# Run Tor as a regular user (do not change this) # Run Tor as a regular user (do not change this)
User debian-tor #User debian-tor
TestingTorNetwork 1 TestingTorNetwork 1

12
docker-compose.yml
View File

@ -1,7 +1,7 @@
version: '2' version: '2'
services: services:
da1: da1:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -11,7 +11,7 @@ services:
## Needed to keep track of other nodes ## Needed to keep track of other nodes
- ./tor:/tor - ./tor:/tor
da2: da2:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -21,7 +21,7 @@ services:
## Needed to keep track of other nodes ## Needed to keep track of other nodes
- ./tor:/tor - ./tor:/tor
da3: da3:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -31,7 +31,7 @@ services:
## Needed to keep track of other nodes ## Needed to keep track of other nodes
- ./tor:/tor - ./tor:/tor
relay: relay:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -45,7 +45,7 @@ services:
- da2 - da2
- da3 - da3
exit: exit:
image: antitree/private-tor image: antitree/private-tor-test
expose: expose:
- "7000" - "7000"
- "9030" - "9030"
@ -59,7 +59,7 @@ services:
- da2 - da2
- da3 - da3
client: client:
image: antitree/private-tor image: antitree/private-tor-test
ports: ports:
# Setups a listener on host machine # Setups a listener on host machine
- "9050:9050" - "9050:9050"

2
scripts/da_fingerprint
View File

@ -7,6 +7,6 @@ RELAY=$(cat $TOR_DIR/$TOR_NICK/fingerprint|awk -F " " '{print $2}')
SERVICE=$(grep "dir-address" $TOR_DIR/$TOR_NICK/keys/* | awk -F " " '{print $2}') SERVICE=$(grep "dir-address" $TOR_DIR/$TOR_NICK/keys/* | awk -F " " '{print $2}')
IPADDR=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') IPADDR=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
TORRC="DirAuthority $NICK orport=${TOR_ORPORT} no-v2 v3ident=$AUTH $SERVICE $RELAY" TORRC="DirAuthority $TOR_NICK orport=${TOR_ORPORT} no-v2 v3ident=$AUTH $SERVICE $RELAY"
echo $TORRC echo $TORRC

33
scripts/docker-entrypoint
View File

@ -3,35 +3,18 @@ set -o errexit
# Fudge the sleep to try and keep the consensus # Fudge the sleep to try and keep the consensus
#FUDGE=$(( ( RANDOM % 100) + 20 )) #FUDGE=$(( ( RANDOM % 100) + 20 ))
FUDGE=30 FUDGE=3
echo -e "\n========================================================" echo -e "\n========================================================"
# If DataDirectory or secret_id_key is mounted here, it must be owned by the debian-tor user
chown -Rv debian-tor:debian-tor ${TOR_DIR}
if [ ! -e /tor-config-done ]; then if [ ! -e /tor-config-done ]; then
touch /tor-config-done # only run this once touch /tor-config-done # only run this once
# Add a Nickname, if none has been set in torrc # Generate a random name
if ! grep -q '^Nickname ' /etc/tor/torrc; then RPW=$(pwgen -0A 10)
if [ ${TOR_NICKNAME} == "Tor4" ]; then export TOR_NICKNAME=${ROLE}${RPW}
# if user did not change the default Nickname, genetrate a random pronounceable one echo "Setting random Nickname: ${TOR_NICKNAME}"
RPW=$(pwgen -0A 10) echo -e "\nNickname ${TOR_NICKNAME}" >> /etc/tor/torrc
export TOR_NICKNAME=${ROLE}${RPW}
echo "Setting random Nickname: ${TOR_NICKNAME}"
else
echo "Setting chosen Nickname: ${TOR_NICKNAME}"
fi
echo -e "\nNickname ${TOR_NICKNAME}" >> /etc/tor/torrc
fi
# Add ContactInfo from env variable, if none has been set in torrc
if ! grep -q '^ContactInfo ' /etc/tor/torrc; then
if [ -n "${CONTACT_EMAIL}" ]; then
echo "Setting Contact Email: ${CONTACT_EMAIL}"
echo -e "\nContactInfo ${CONTACT_EMAIL}" >> /etc/tor/torrc
fi
fi
# Host specific modifications to the torrc file # Host specific modifications to the torrc file
echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc echo -e "DataDirectory ${TOR_DIR}/${TOR_NICKNAME}" >> /etc/tor/torrc
@ -43,7 +26,6 @@ if [ ! -e /tor-config-done ]; then
fi fi
echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc echo -e "HashedControlPassword ${TOR_CONTROL_PWD}" >> /etc/tor/torrc
# Changes to the torrc file based on the desired role # Changes to the torrc file based on the desired role
case ${ROLE} in case ${ROLE} in
DA) DA)
@ -54,13 +36,11 @@ if [ ! -e /tor-config-done ]; then
echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc echo -e "ExitPolicy accept *:*" >> /etc/tor/torrc
KEYPATH=${TOR_DIR}/${TOR_NICKNAME}/keys KEYPATH=${TOR_DIR}/${TOR_NICKNAME}/keys
mkdir -p ${KEYPATH} mkdir -p ${KEYPATH}
chown -Rv debian-tor:debian-tor ${TOR_DIR}
echo "password" | tor-gencert --create-identity-key -m 12 -a ${TOR_IP}:${TOR_DIRPORT} \ echo "password" | tor-gencert --create-identity-key -m 12 -a ${TOR_IP}:${TOR_DIRPORT} \
-i ${KEYPATH}/authority_identity_key \ -i ${KEYPATH}/authority_identity_key \
-s ${KEYPATH}/authority_signing_key \ -s ${KEYPATH}/authority_signing_key \
-c ${KEYPATH}/authority_certificate \ -c ${KEYPATH}/authority_certificate \
--passphrase-fd 0 --passphrase-fd 0
chown -Rv debian-tor:debian-tor ${TOR_DIR}
tor --list-fingerprint --orport 1 \ tor --list-fingerprint --orport 1 \
--dirserver "x 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \ --dirserver "x 127.0.0.1:1 ffffffffffffffffffffffffffffffffffffffff" \
--datadirectory ${TOR_DIR}/${TOR_NICKNAME} --datadirectory ${TOR_DIR}/${TOR_NICKNAME}
@ -97,7 +77,6 @@ if [ ! -e /tor-config-done ]; then
sleep $FUDGE sleep $FUDGE
cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc
fi fi
echo -e "\n========================================================" echo -e "\n========================================================"

12
util/README.md Normal file
View File

@ -0,0 +1,12 @@
## Utils
This folder contains various scripts to let you perform
functions on your tor instance. Many of these are from the
[Stem Website](https://stem.torproject.org) which has
additional documentation on functions you can perform.
Other examples:
Use tor-prompt to interact with a docker process:
```tor-prompt -i 172.16.0.3:9051``

3
util/get_consensus.py
View File

@ -3,5 +3,6 @@ from stem.control import Controller
with Controller.from_port(port = 9051) as controller: with Controller.from_port(port = 9051) as controller:
controller.authenticate("password") controller.authenticate("password")
print("List of relays found on the network:")
for desc in controller.get_network_statuses(): for desc in controller.get_network_statuses():
print("found relay %s (%s)" % (desc.nickname, desc.fingerprint)) print("%s (%s) at %s" % (desc.nickname, desc.fingerprint, desc.address))