Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Latest version #4

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,4 @@ Thumbs.db

# Private files
production/
tests/tor-data/
4 changes: 4 additions & 0 deletions 20auto-upgrades
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";
7 changes: 7 additions & 0 deletions 50unattended-upgrades
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=TorProject";
};
Unattended-Upgrade::Package-Blacklist {
};
Unattended-Upgrade::Automatic-Reboot "true";
60 changes: 27 additions & 33 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -1,13 +1,7 @@
# Dockerfile for Tor Relay Server with obfs4proxy
FROM debian:bullseye
RUN echo 'deb http://deb.debian.org/debian bullseye-backports main' > /etc/apt/sources.list.d/backports.list
MAINTAINER Josh [email protected]

ARG GPGKEY=A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
ARG APT_KEY_DONT_WARN_ON_DANGEROUS_USAGE="True"
ARG DEBCONF_NOWARNINGS="yes"
ARG DEBIAN_FRONTEND=noninteractive
ARG found=""
FROM debian:bookworm-slim
USER root
LABEL org.opencontainers.image.authors="[email protected]"

# Set a default Nickname
ENV TOR_NICKNAME=Tor4
Expand All @@ -16,35 +10,35 @@ ENV TERM=xterm

# Install tor with GeoIP and obfs4proxy & backup torrc
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
apt-utils \
&& apt-get install -y --no-install-recommends \
pwgen \
iputils-ping \
tor/bullseye-backports \
tor-geoipdb/bullseye-backports \
obfs4proxy/bullseye-backports \
&& mkdir -pv /usr/local/etc/tor/ \
&& mv -v /etc/tor/torrc /usr/local/etc/tor/torrc.sample \
&& apt-get purge --auto-remove -y \
apt-utils \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
# Rename Debian unprivileged user to tord \
&& usermod -l ${TOR_USER} debian-tor \
&& groupmod -n ${TOR_USER} debian-tor

# Copy Tor configuration file
COPY ./torrc /etc/tor/torrc

# Copy docker-entrypoint
&& apt-get install -y apt-transport-https wget gpg \
&& apt-get install -y unattended-upgrades apt-listchanges

COPY tor.sources.list /etc/apt/sources.list.d/tor.list
COPY 50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades
COPY 20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades

RUN wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
RUN apt-get update
RUN apt-get install -y tor deb.torproject.org-keyring
RUN apt-get install -y tor-geoipdb
# RUN apt-get install -y obfs4proxy
RUN mkdir -pv /usr/local/etc/tor/
RUN apt-get -y purge --auto-remove
RUN apt-get clean
RUN rm -rf /var/lib/apt/lists/*

# Rename Debian unprivileged user to tord \
RUN usermod -l ${TOR_USER} debian-tor \
&& groupmod -n ${TOR_USER} debian-tor

COPY torrc /etc/tor/torrc
COPY ./scripts/ /usr/local/bin/

# Persist data
VOLUME /etc/tor /var/lib/tor

# ORPort, DirPort, SocksPort, ObfsproxyPort, MeekPort
EXPOSE 9001 9030 9050 54444 7002
# ORPort, DirPort, SocksPort, ObfsproxyPort
EXPOSE 9001 9030 9050 54444

ENTRYPOINT ["docker-entrypoint"]
CMD ["tor", "-f", "/etc/tor/torrc"]
12 changes: 2 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
#### Forked
This docker was forked from [chriswayg/tor-server](https://github.com/chriswayg/tor-server) and updated to run Debian Bullseye and the latest available Tor and obfs4proxy packages.
This docker was forked from [chriswayg/tor-server](https://github.com/chriswayg/tor-server) and updated to run Debian 12 (Bookworm) and the latest available Tor packages. Unattended-Upgrades is also configured to keep Tor up to date automatically.

#### A complete, efficient and secure Tor relay server Docker image
*This docker image will install the latest current stable version of Tor server. It will run Tor as an unprivileged regular user, as recommended by torproject.org.*
Expand Down Expand Up @@ -209,14 +209,6 @@ Please use the latest Docker engine available (do not use the possibly outdated
- [Tor Relay Guide](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide)
- [Tor on Debian Installation Instructions 2019](https://2019.www.torproject.org/docs/debian.html.en)
- [Torproject - git repo](https://github.com/torproject/tor)
- [obfs4proxy on Debian - Guide to run an obfuscated bridge to help censored users connect to the Tor network.](https://trac.torproject.org/projects/tor/wiki/doc/PluggableTransports/obfs4proxy)
- [obfs4 - The obfourscator - Github](https://github.com/Yawning/obfs4)
- [How to use the “meek” pluggable transport](https://blog.torproject.org/how-use-meek-pluggable-transport)
- [meek-server for Tor meek bridge](https://github.com/arlolra/meek/tree/master/meek-server)

### License:
- MIT

##### For a very similar image based on tor-alpine use `chriswayg/tor-alpine`
- https://hub.docker.com/r/chriswayg/tor-alpine
- https://github.com/chriswayg/tor-alpine
- MIT
38 changes: 20 additions & 18 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,18 +1,20 @@
relay:
image: joshgaby/tor-server
init: true
restart: always
network_mode: host
## the ports are not needed with network_mode host
ports:
#- "9001:9001"
#- "9030:9030"
#- "54444:54444"
#- "7002:7002"
#volumes:
## mount and DataDirectory and custom `torrc` here
#- ./tor-data/:/var/lib/tor/
#- ./torrc:/etc/tor/torrc
## alternatively mount previously saved identity keys here
#- ./tests/tor-data/keys/secret_id_key:/var/lib/tor/keys/secret_id_key
#- ./tests/tor-data/keys/ed25519_master_id_secret_key:/var/lib/tor/keys/secret_id_key
version: '2.2'
services:
relay:
image: joshgaby/tor-server
init: true
restart: always
network_mode: host
## the ports are not needed with network_mode host
ports:
- "9001:9001"
- "9030:9030"
- "54444:54444"
- "7002:7002"
volumes:
## mount and DataDirectory and custom `torrc` here
- ./tor-data/:/var/lib/tor/
- ./torrc:/etc/tor/torrc
## alternatively mount previously saved identity keys here
#- ./tests/tor-data/keys/secret_id_key:/var/lib/tor/keys/secret_id_key
#- ./tests/tor-data/keys/ed25519_master_id_secret_key:/var/lib/tor/keys/secret_id_key
7 changes: 6 additions & 1 deletion scripts/docker-entrypoint
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,12 @@ chmodf 600 /var/lib/tor

if [ ! -e /tor-config-done ]; then
touch /tor-config-done # only run this once
if [ -n "${TOR_DEBUG}" ]; then
if ! grep -q '^PublishServerDescriptor ' /etc/tor/torrc; then
echo "Setting PublishServerDescriptor: 0"
echo -e "\nPublishServerDescriptor 0" >> /etc/tor/torrc
fi
fi

# Add Nickname from env variable or randomized, if none has been set
if ! grep -q '^Nickname ' /etc/tor/torrc; then
Expand Down Expand Up @@ -68,7 +74,6 @@ echo -e "\n========================================================"
# Display OS version, Tor version & torrc in log
echo -e "Debian Version: \c" && cat /etc/debian_version
tor --version
obfs4proxy -version
cat /etc/tor/torrc
echo -e "========================================================\n"

Expand Down
2 changes: 2 additions & 0 deletions tor.sources.list
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main
12 changes: 9 additions & 3 deletions torrc
Original file line number Diff line number Diff line change
Expand Up @@ -4,20 +4,26 @@
User tord
DataDirectory /var/lib/tor

NumCPUs 2

# Server's public IP Address (usually automatic)
#Address 10.10.10.10
#Address 3.14.159.26

# Port to advertise for incoming Tor connections.
ORPort 9001 # common ports are 9001, 443
ORPort 9002 # common ports are 9001, 443
#ORPort [IPv6-address]:9001

# Mirror directory information for others (optional, not used on bridge)
DirPort 9030 # common ports are 9030, 80
DirPort 9031 # common ports are 9030, 80

# Run Tor only as a server (no local applications)
SocksPort 0
ControlSocket 0

ControlPort 0.0.0.0:9051
# Enable password access for control port (password is: Cpk762yM08Cr)
HashedControlPassword 16:783A31A701B99F6D60D04559DD776DF2A6F895776BF72913BE332985E1

# Run as a relay only (change policy to enable exit node)
ExitPolicy reject *:* # no exits allowed
ExitPolicy reject6 *:*
Expand Down