This docker image will update automatically each time the Debian Stretch base image is updated and install the latest current stable version of Tor server. It will run Tor as an unprivileged regular user, as recommended by torproject.org.
It includes the latest Tor Debian package from torproject.org and obfs4proxy which are installed and configured according the Tor project recommendations.
The Tor network relies on volunteers to donate bandwidth. The more people who run relays, the faster the Tor network will be. If you have at least 2 megabits/s for both upload and download, please help out Tor by configuring your Tor to be a relay too.
Tor
is free software and an open network that helps you defend against
traffic analysis, a form of network surveillance that threatens personal
freedom and privacy, confidential business activities and relationships, and
state security.
- Tor prevents people from learning your location or browsing habits.
- Tor is for web browsers, instant messaging clients, and more.
- Tor is free and open source for Windows, Mac, Linux/Unix, and Android
This will run a Tor relay server with defaults and a randomized Nickname:
docker run -d --init --name=tor_relay_1 --net="host" -p 9001:9001 --restart=always chriswayg/tor-server
You can set your own Nickname (only letters and numbers) and your Contact-Email (which will be published on the Tor network) using environment variables:
docker run -d --init --name=tor_relay_1 --net="host" -p 9001:9001 \
-e TOR_NICKNAME=Tor4docker -e [email protected] \
--restart=always chriswayg/tor-server
Tor manual with Configuration File Options. Also refer to the current fully commented /etc/torrc/torrc.default.
For more detailed customisation copy ./torrc
to the host and edit to the desired settings:
### /etc/torrc ###
# Server's public IP Address (usually automatic)
#Address 10.10.10.10
# Port to advertise for incoming Tor connections.
# common ports are 9001, 443
ORPort 9001
# Mirror directory information for others (optional)
# common ports are 9030, 80
#DirPort 9030
# Run as a relay only (not as an exit node)
ExitPolicy reject *:* # no exits allowed
# Set limits
#RelayBandwidthRate 1024 KB # Throttle traffic to
#RelayBandwidthBurst 2048 KB # But allow bursts up to
#MaxMemInQueues 512 MB # Limit Memory usage to
# Run Tor as obfuscated bridge
#ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
#ServerTransportListenAddr obfs4 0.0.0.0:54444
#ExtORPort auto
#BridgeRelay 1
# Run Tor only as a server (no local applications)
SocksPort 0
# Run Tor as a regular user (do not change this)
User debian-tor
DataDirectory /var/lib/tor
## If no Nickname or ContactInfo is set, docker-entrypoint will use
## the environment variables to add Nickname/ContactInfo here
Nickname Tor4 # only use letters and numbers
ContactInfo [email protected]
Mount your customized torrc
into the container. You can reuse the secret_id_key
from a previous Tor server installation (docker cp tor_relay_1:/var/lib/tor/keys/secret_id_key ./
), to continue with the same Fingerprint and ID.
docker run -d --init --name=tor_relay_1 --net="host" -p 9001:9001 -p 9030:9030 \
-v $PWD/torrc:/etc/tor/torrc \
-v $PWD/secret_id_key:/var/lib/tor/keys/secret_id_key \
--restart=always chriswayg/tor-server
Check with docker logs tor_relay_1
. If you see the message [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor.
at the bottom after quite a while, your server started successfully.
Adapt this example docker-compose.yml
with your settings or clone it from Github.
version: '2.2'
services:
relay:
image: chriswayg/tor-server
init: true
restart: always
ports:
- "9001:9001"
environment:
## set your Nickname here (only use letters and numbers)
TOR_NICKNAME: Tor4docker
CONTACT_EMAIL: [email protected]
Start a new instance of the Tor relay server, display the logs and show the current fingerprint:
git clone https://github.com/chriswayg/tor-server.git
cd tor-server
docker-compose up -d
docker-compose logs
docker-compose exec -T relay cat /var/lib/tor/fingerprint
The host system or VPS (for example Vultr) needs to have IPv6 activated. From your server try to ping any IPv6 host: ping6 google.com
If that worked fine, make your Tor relay reachable via IPv6 by adding an additional ORPort line to your torrc
configuration (example for ORPort 9001):
ORPort [IPv6-address]:9001
Additionally activate IPv6 for Docker by editing/creating the file daemon.json
on the docker host and restarting Docker.
- use the IPv6 subnet/64 address from your provider for
fixed-cidr-v6
$ nano /etc/docker/daemon.json
{
"ipv6": true,
"fixed-cidr-v6": "2100:1900:4400:4abc::/64"
}
$ systemctl restart docker
- GPLv3 (c) 2018 Christian Wagner