update tor config

Dockerfile

@@ -9,21 +9,18 @@ COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/obfs4proxy /usr/local/bin
 COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/meek-server /usr/local/bin/meek-server
 
 COPY /config/torrc /etc/tor/torrc
-COPY /config/tor-bridges /etc/tor/bridges
 
 # Update and upgrade packages
-RUN apk update && apk upgrade
-
+RUN apk update && apk upgrade \
   # Install required packages
-RUN apk add -U --no-cache \
+  && apk add -U --no-cache \
   iproute2 iptables net-tools \
   screen vim curl bash \
   wireguard-tools \
   openssl \
-    dumb-init \
   tor \
   redis \
-    # Clear cache
+  # Clear APK cache
   && rm -rf /var/cache/apk/*
 
 
@@ -57,13 +54,15 @@ COPY --from=build /app/package.json .
 
 ENV NODE_ENV=production
 
-COPY docker-entrypoint.sh /usr/bin/entrypoint
-RUN chmod +x /usr/bin/entrypoint
-ENTRYPOINT ["/usr/bin/entrypoint"]
+COPY docker-entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
 
 HEALTHCHECK --interval=60s --timeout=3s --start-period=20s --retries=3 \
  CMD curl -f http://127.0.0.1:3000/api/health || exit 1
 
+VOLUME ["/etc/torrc.d"]
+
 # run the app
 EXPOSE 3000/tcp
 CMD [ "npm", "run", "start" ]

Dockerfile-Dev

@@ -9,29 +9,20 @@ COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/obfs4proxy /usr/local/bin
 COPY --from=chriswayg/tor-alpine:latest /usr/local/bin/meek-server /usr/local/bin/meek-server
 
 COPY /config/torrc /etc/tor/torrc
-COPY /config/tor-bridges /etc/tor/bridges
-
-# Set the mirror list
-RUN echo "https://uk.alpinelinux.org/alpine/latest-stable/main" > /etc/apk/repositories && \
-    echo "https://mirror.bardia.tech/alpine/latest-stable/main" >> /etc/apk/repositories && \
-    echo "https://uk.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories &&\
-    echo "https://mirror.bardia.tech/alpine/latest-stable/community" >> /etc/apk/repositories
+COPY /config/obfs4-bridges.conf /etc/torrc.d/obfs4-bridges.conf
 
 # Update and upgrade packages
-RUN apk update && apk upgrade
-
+RUN apk update && apk upgrade \
   # Install required packages
-RUN apk add -U --no-cache \
+  && apk add -U --no-cache \
   iproute2 iptables net-tools \
   screen vim curl bash \
   wireguard-tools \
   openssl \
-    dumb-init \
   tor \
-    redis
-
-# Clear cache
-RUN rm -rf /var/cache/apk/*
+  redis \
+  # Clear APK cache
+  && rm -rf /var/cache/apk/*
 
 
 FROM base AS deps
@@ -50,12 +41,11 @@ FROM base AS runner
 
 COPY --from=deps /temp/dev/node_modules node_modules
 
-COPY docker-entrypoint.sh /usr/bin/entrypoint
-RUN chmod +x /usr/bin/entrypoint
-ENTRYPOINT ["/usr/bin/entrypoint"]
+COPY docker-entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]
 
-HEALTHCHECK --interval=60s --timeout=3s --start-period=20s --retries=3 \
- CMD curl -f http://127.0.0.1:3000/api/health || exit 1
+VOLUME ["/etc/torrc.d"]
 
 # run the appc
 EXPOSE 5173/tcp

README.md

@@ -74,7 +74,7 @@ These options can be configured by setting environment variables using `-e KEY="
 | `WG_HOST`         | The public IP address of the WireGuard server.                                                                                       |          |
 | `UI_PASSWORD`     | The password for the admin UI.                                                                                                       |          |
 | `ORIGIN`          | In case you want to access the web-admin remotely, you must set this to the host you are using, for example, `http://hostname:port`. | ✔️       |
-| `TOR_USE_BRIDGES` | Set this to `true` for quick setup of `obfs4` Tor bridges. You have to mount the bridges file at `/etc/tor/bridges`.                 | ✔️       |
+| `TOR_USE_BRIDGES` | Set this to `1` and then mount the bridges file at `/etc/torrc.d/bridges.conf`.                                                      | ✔️       |
 | `TOR_*`           | The `Torrc` proxy configuration. (e.g. `SocksPort` as `TOR_SOCKSPORT="9050"`)                                                        | ✔️       |
 
 ## Support the Project

config/torrc

@@ -1,5 +1,5 @@
 # This file is auto generated by the WireAdmin. Do not edit.
 VirtualAddrNetwork 10.192.0.0/10
-SOCKSPort 9055
 DNSPort {{INET_ADDRESS}}:53530
 TransPort {{INET_ADDRESS}}:9040
+ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed

docker-compose.dev.yml

@@ -9,6 +9,6 @@ services:
     environment:
       - UI_PASSWORD=password
       - WG_HOST=192.168.1.102
-      - TOR_SOCKS5PROXY=host.docker.internal:1080
+      - TOR_SOCKS5_PROXY=host.docker.internal:1080
     extra_hosts:
       - "host.docker.internal:host-gateway"

docker-entrypoint.sh

@@ -1,13 +1,26 @@
-#!/usr/bin/dumb-init /bin/bash
+#!/usr/bin/env bash
 set -e
 
-# Note above that we run dumb-init as PID 1 in order to reap zombie processes
-# as well as forward signals to all processes in its session. Normally, sh
-# wouldn't do either of these functions so we'd leak zombies as well as do
-# unclean termination of all our sub-processes.
+TOR_CONFIG="/etc/tor/torrc"
+ENV_FILE="/app/.env"
 
-# Prevent core dumps
-ulimit -c 0
+remove_duplicated_lines() {
+  local file="$1"
+  local temp_file="/tmp/$(basename "$file")"
+  awk '!seen[$0]++' "$file" >"$temp_file"
+  mv "$temp_file" "$file"
+}
+
+remove_duplicate_env() {
+  local file="$1"
+  local temp_file="/tmp/$(basename "$file")"
+  awk -F "=" -e '!seen[$1]++' "$file" >"$temp_file"
+  mv "$temp_file" "$file"
+}
+
+to_camel_case() {
+  echo "${1}" | awk -F_ '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2));}1' OFS=""
+}
 
 # Checking if there is /data folder
 if [ ! -d "/data" ]; then
@@ -16,27 +29,11 @@ if [ ! -d "/data" ]; then
 fi
 
 mkdir -p /var/vlogs
+touch "${ENV_FILE}"
+chmod 400 "${ENV_FILE}"
 
-function remove_duplicated_lines() {
-  local file="$1"
-  local temp_file="/tmp/$(basename "$file")"
-  awk '!seen[$0]++' "$file" >"$temp_file"
-  mv "$temp_file" "$file"
-}
-
-function remove_duplicate_env() {
-  local file="$1"
-  local temp_file="/tmp/$(basename "$file")"
-  awk -F "=" -e '!seen[$1]++' "$file" >"$temp_file"
-  mv "$temp_file" "$file"
-}
-
-touch /app/.env
-chmod 400 /app/.env
-
-
-if ! grep -q "AUTH_SECRET" /app/.env; then
-  cat <<EOF >>/app/.env
+if ! grep -q "AUTH_SECRET" "${ENV_FILE}"; then
+  cat "${ENV_FILE}" &>/dev/null <<EOF
 AUTH_SECRET=$(openssl rand -base64 32)
 EOF
 fi
@@ -46,43 +43,43 @@ fi
 # the .env
 if [ -n "$UI_PASSWORD" ]; then
   ui_password_hex=$(echo -n "$UI_PASSWORD" | xxd -ps -u)
-  sed -e '/^HASHED_PASSWORD=/d' /app/.env
-  cat <<EOF >>/app/.env
+  sed -e '/^HASHED_PASSWORD=/d' "${ENV_FILE}"
+  cat "${ENV_FILE}" &>/dev/null <<EOF
 HASHED_PASSWORD=$ui_password_hex
 EOF
   unset UI_PASSWORD
 fi
 
-remove_duplicate_env "/app/.env"
+remove_duplicate_env "${ENV_FILE}"
 
 # IP address of the container
 inet_address="$(hostname -i | awk '{print $1}')"
 
-sed -i "s/{{INET_ADDRESS}}/$inet_address/g" /etc/tor/torrc
-
-# if /etc/tor/bridges was mounted, use those bridges
-if [ "$TOR_USE_BRIDGES" = "true" ]; then
-  echo "Using bridges..."
-  tee -a /etc/tor/torrc <<EOF
-
-# Using Bridges, obsf4
-UseBridges 1
-ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy managed
-
-EOF
-  cat /etc/tor/bridges >>/etc/tor/torrc
-fi
+sed -i "s/{{INET_ADDRESS}}/$inet_address/g" "${TOR_CONFIG}"
 
 # any other environment variables that start with TOR_ are added to the torrc
 # file
-env | grep ^TOR_ | sed -e 's/TOR_//' -e 's/=/ /' >>/etc/tor/torrc
+env | grep ^TOR_ | sed -e 's/TOR_//' -e 's/=/ /' | while read -r line; do
+  key=$(echo "$line" | awk '{print $1}')
+  value=$(echo "$line" | awk '{print $2}')
+  key=$(to_camel_case "$key")
+  echo "$key $value" >>"${TOR_CONFIG}"
+done
 
-# Removing duplicated lines form /etc/tor/torrc file
-remove_duplicated_lines "/etc/tor/torrc"
+# Removing duplicated lines form "${TOR_CONFIG}" file
+remove_duplicated_lines "${TOR_CONFIG}"
+
+# Checking if there is /etc/torrc.d folder and if there is
+# any file in it, adding them to the torrc file
+if [ -d "/etc/torrc.d" ]; then
+  for file in /etc/torrc.d/*; do
+    cat "$file" >>"${TOR_CONFIG}"
+  done
+fi
 
 # Start Tor on the background
 screen -L -Logfile /var/vlogs/tor -dmS tor \
-  bash -c "tor -f /etc/tor/torrc"
+  bash -c "tor -f ${TOR_CONFIG}"
 
 # Starting Redis server in detached mode
 screen -L -Logfile /var/vlogs/redis -dmS redis \
@@ -103,7 +100,7 @@ echo -e "WireGuard Version: \c" && wg -v | head -n 1 | awk '{print $1,$2}'
 echo -e "Tor Version: \c" && tor --version | head -n 1
 echo -e "Obfs4proxy Version: \c" && obfs4proxy -version
 echo -e "\n========================= Torrc ========================="
-cat /etc/tor/torrc
+cat "${TOR_CONFIG}"
 echo -e "========================================================\n"
 sleep 1