From 403a799bb6517ec918b223586402a2d352f7b3c1 Mon Sep 17 00:00:00 2001 From: Shahrad Elahi Date: Mon, 11 Dec 2023 02:50:54 +0330 Subject: [PATCH] update tor config --- Dockerfile | 33 ++++---- Dockerfile-Dev | 42 ++++------ README.md | 2 +- config/{tor-bridges => obfs4-bridges.conf} | 0 config/torrc | 2 +- docker-compose.dev.yml | 2 +- docker-entrypoint.sh | 95 +++++++++++----------- 7 files changed, 81 insertions(+), 95 deletions(-) rename config/{tor-bridges => obfs4-bridges.conf} (100%) diff --git a/Dockerfile b/Dockerfile index 2a4aca0..9b693d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,22 +9,19 @@ COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/obfs4proxy /usr/local/bin COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/meek-server /usr/local/bin/meek-server COPY /config/torrc /etc/tor/torrc -COPY /config/tor-bridges /etc/tor/bridges # Update and upgrade packages -RUN apk update && apk upgrade - -# Install required packages -RUN apk add -U --no-cache \ - iproute2 iptables net-tools \ - screen vim curl bash \ - wireguard-tools \ - openssl \ - dumb-init \ - tor \ - redis \ - # Clear cache - && rm -rf /var/cache/apk/* +RUN apk update && apk upgrade \ + # Install required packages + && apk add -U --no-cache \ + iproute2 iptables net-tools \ + screen vim curl bash \ + wireguard-tools \ + openssl \ + tor \ + redis \ + # Clear APK cache + && rm -rf /var/cache/apk/* FROM base AS deps @@ -57,13 +54,15 @@ COPY --from=build /app/package.json . ENV NODE_ENV=production -COPY docker-entrypoint.sh /usr/bin/entrypoint -RUN chmod +x /usr/bin/entrypoint -ENTRYPOINT ["/usr/bin/entrypoint"] +COPY docker-entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] HEALTHCHECK --interval=60s --timeout=3s --start-period=20s --retries=3 \ CMD curl -f http://127.0.0.1:3000/api/health || exit 1 +VOLUME ["/etc/torrc.d"] + # run the app EXPOSE 3000/tcp CMD [ "npm", "run", "start" ] diff --git a/Dockerfile-Dev b/Dockerfile-Dev index 587c212..e712f7b 100644 --- a/Dockerfile-Dev +++ b/Dockerfile-Dev @@ -9,29 +9,20 @@ COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/obfs4proxy /usr/local/bin COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/meek-server /usr/local/bin/meek-server COPY /config/torrc /etc/tor/torrc -COPY /config/tor-bridges /etc/tor/bridges - -# Set the mirror list -RUN echo "https://uk.alpinelinux.org/alpine/latest-stable/main" > /etc/apk/repositories && \ - echo "https://mirror.bardia.tech/alpine/latest-stable/main" >> /etc/apk/repositories && \ - echo "https://uk.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories &&\ - echo "https://mirror.bardia.tech/alpine/latest-stable/community" >> /etc/apk/repositories +COPY /config/obfs4-bridges.conf /etc/torrc.d/obfs4-bridges.conf # Update and upgrade packages -RUN apk update && apk upgrade - -# Install required packages -RUN apk add -U --no-cache \ - iproute2 iptables net-tools \ - screen vim curl bash \ - wireguard-tools \ - openssl \ - dumb-init \ - tor \ - redis - -# Clear cache -RUN rm -rf /var/cache/apk/* +RUN apk update && apk upgrade \ + # Install required packages + && apk add -U --no-cache \ + iproute2 iptables net-tools \ + screen vim curl bash \ + wireguard-tools \ + openssl \ + tor \ + redis \ + # Clear APK cache + && rm -rf /var/cache/apk/* FROM base AS deps @@ -50,12 +41,11 @@ FROM base AS runner COPY --from=deps /temp/dev/node_modules node_modules -COPY docker-entrypoint.sh /usr/bin/entrypoint -RUN chmod +x /usr/bin/entrypoint -ENTRYPOINT ["/usr/bin/entrypoint"] +COPY docker-entrypoint.sh /entrypoint.sh +RUN chmod +x /entrypoint.sh +ENTRYPOINT ["/entrypoint.sh"] -HEALTHCHECK --interval=60s --timeout=3s --start-period=20s --retries=3 \ - CMD curl -f http://127.0.0.1:3000/api/health || exit 1 +VOLUME ["/etc/torrc.d"] # run the appc EXPOSE 5173/tcp diff --git a/README.md b/README.md index cfae299..ac2d5c1 100644 --- a/README.md +++ b/README.md @@ -74,7 +74,7 @@ These options can be configured by setting environment variables using `-e KEY=" | `WG_HOST` | The public IP address of the WireGuard server. | | | `UI_PASSWORD` | The password for the admin UI. | | | `ORIGIN` | In case you want to access the web-admin remotely, you must set this to the host you are using, for example, `http://hostname:port`. | ✔️ | -| `TOR_USE_BRIDGES` | Set this to `true` for quick setup of `obfs4` Tor bridges. You have to mount the bridges file at `/etc/tor/bridges`. | ✔️ | +| `TOR_USE_BRIDGES` | Set this to `1` and then mount the bridges file at `/etc/torrc.d/bridges.conf`. | ✔️ | | `TOR_*` | The `Torrc` proxy configuration. (e.g. `SocksPort` as `TOR_SOCKSPORT="9050"`) | ✔️ | ## Support the Project diff --git a/config/tor-bridges b/config/obfs4-bridges.conf similarity index 100% rename from config/tor-bridges rename to config/obfs4-bridges.conf diff --git a/config/torrc b/config/torrc index ddadadb..3d1e252 100644 --- a/config/torrc +++ b/config/torrc @@ -1,5 +1,5 @@ # This file is auto generated by the WireAdmin. Do not edit. VirtualAddrNetwork 10.192.0.0/10 -SOCKSPort 9055 DNSPort {{INET_ADDRESS}}:53530 TransPort {{INET_ADDRESS}}:9040 +ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index dd08898..fe07509 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -9,6 +9,6 @@ services: environment: - UI_PASSWORD=password - WG_HOST=192.168.1.102 - - TOR_SOCKS5PROXY=host.docker.internal:1080 + - TOR_SOCKS5_PROXY=host.docker.internal:1080 extra_hosts: - "host.docker.internal:host-gateway" diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 3d0c719..1610773 100644 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -1,13 +1,26 @@ -#!/usr/bin/dumb-init /bin/bash +#!/usr/bin/env bash set -e -# Note above that we run dumb-init as PID 1 in order to reap zombie processes -# as well as forward signals to all processes in its session. Normally, sh -# wouldn't do either of these functions so we'd leak zombies as well as do -# unclean termination of all our sub-processes. +TOR_CONFIG="/etc/tor/torrc" +ENV_FILE="/app/.env" -# Prevent core dumps -ulimit -c 0 +remove_duplicated_lines() { + local file="$1" + local temp_file="/tmp/$(basename "$file")" + awk '!seen[$0]++' "$file" >"$temp_file" + mv "$temp_file" "$file" +} + +remove_duplicate_env() { + local file="$1" + local temp_file="/tmp/$(basename "$file")" + awk -F "=" -e '!seen[$1]++' "$file" >"$temp_file" + mv "$temp_file" "$file" +} + +to_camel_case() { + echo "${1}" | awk -F_ '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2));}1' OFS="" +} # Checking if there is /data folder if [ ! -d "/data" ]; then @@ -16,27 +29,11 @@ if [ ! -d "/data" ]; then fi mkdir -p /var/vlogs +touch "${ENV_FILE}" +chmod 400 "${ENV_FILE}" -function remove_duplicated_lines() { - local file="$1" - local temp_file="/tmp/$(basename "$file")" - awk '!seen[$0]++' "$file" >"$temp_file" - mv "$temp_file" "$file" -} - -function remove_duplicate_env() { - local file="$1" - local temp_file="/tmp/$(basename "$file")" - awk -F "=" -e '!seen[$1]++' "$file" >"$temp_file" - mv "$temp_file" "$file" -} - -touch /app/.env -chmod 400 /app/.env - - -if ! grep -q "AUTH_SECRET" /app/.env; then - cat <>/app/.env +if ! grep -q "AUTH_SECRET" "${ENV_FILE}"; then + cat "${ENV_FILE}" &>/dev/null <>/app/.env + sed -e '/^HASHED_PASSWORD=/d' "${ENV_FILE}" + cat "${ENV_FILE}" &>/dev/null <>/etc/tor/torrc -fi +sed -i "s/{{INET_ADDRESS}}/$inet_address/g" "${TOR_CONFIG}" # any other environment variables that start with TOR_ are added to the torrc # file -env | grep ^TOR_ | sed -e 's/TOR_//' -e 's/=/ /' >>/etc/tor/torrc +env | grep ^TOR_ | sed -e 's/TOR_//' -e 's/=/ /' | while read -r line; do + key=$(echo "$line" | awk '{print $1}') + value=$(echo "$line" | awk '{print $2}') + key=$(to_camel_case "$key") + echo "$key $value" >>"${TOR_CONFIG}" +done -# Removing duplicated lines form /etc/tor/torrc file -remove_duplicated_lines "/etc/tor/torrc" +# Removing duplicated lines form "${TOR_CONFIG}" file +remove_duplicated_lines "${TOR_CONFIG}" + +# Checking if there is /etc/torrc.d folder and if there is +# any file in it, adding them to the torrc file +if [ -d "/etc/torrc.d" ]; then + for file in /etc/torrc.d/*; do + cat "$file" >>"${TOR_CONFIG}" + done +fi # Start Tor on the background screen -L -Logfile /var/vlogs/tor -dmS tor \ - bash -c "tor -f /etc/tor/torrc" + bash -c "tor -f ${TOR_CONFIG}" # Starting Redis server in detached mode screen -L -Logfile /var/vlogs/redis -dmS redis \ @@ -103,7 +100,7 @@ echo -e "WireGuard Version: \c" && wg -v | head -n 1 | awk '{print $1,$2}' echo -e "Tor Version: \c" && tor --version | head -n 1 echo -e "Obfs4proxy Version: \c" && obfs4proxy -version echo -e "\n========================= Torrc =========================" -cat /etc/tor/torrc +cat "${TOR_CONFIG}" echo -e "========================================================\n" sleep 1