From dae957724b0b3bdb8a5676b62a9c51f376efada7 Mon Sep 17 00:00:00 2001 From: nickodev Date: Sun, 1 Sep 2019 17:47:29 +0430 Subject: [PATCH 1/5] adding Tor bridge support in install and upgrade scripts --- docker/my-dojo/conf/docker-tor.conf.tpl | 9 +++++ docker/my-dojo/install/install-scripts.sh | 4 ++ docker/my-dojo/install/upgrade-scripts.sh | 5 +++ docker/my-dojo/tor/Dockerfile | 16 +++++++- docker/my-dojo/tor/torrc.tpl | 48 +++++++++++++++++++++++ 5 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 docker/my-dojo/conf/docker-tor.conf.tpl create mode 100644 docker/my-dojo/tor/torrc.tpl diff --git a/docker/my-dojo/conf/docker-tor.conf.tpl b/docker/my-dojo/conf/docker-tor.conf.tpl new file mode 100644 index 0000000..228d308 --- /dev/null +++ b/docker/my-dojo/conf/docker-tor.conf.tpl @@ -0,0 +1,9 @@ + +######################################### +# CONFIGURATION OF TOR CONTAINER +######################################### + +UseBridges 1 +Bridge obfs4 5.253.87.21:443 4C4441484D06047C1A12B768BC7E7268F2E6DD49 cert=BBKeJPokZXigyKpn+E/iKim/BwNEiIdifbHfaXQmyu1GpSHtNlruAIWebci9m8Yb0tGUOw iat-mode=0 +Bridge obfs4 107.161.172.101:443 32AE54F8CEFFEC4787155793FAF350CE72178B73 cert=XK+KtnniXJWml5+upNC3HaUvW7LoU+ujpgbsYpxPK3vYlk37gHFVYF4/CLiKkyS685gDHw iat-mode=0 + diff --git a/docker/my-dojo/install/install-scripts.sh b/docker/my-dojo/install/install-scripts.sh index 3fb6217..f7977a5 100755 --- a/docker/my-dojo/install/install-scripts.sh +++ b/docker/my-dojo/install/install-scripts.sh @@ -49,6 +49,10 @@ init_config_files() { cp ./conf/docker-node.conf.tpl ./conf/docker-node.conf echo "Initialized docker-node.conf" + cp ./tor/torrc.tpl ./tor/torrc + cat ./conf/docker-tor.conf.tpl >> ./tor/torrc + echo "Initialized torrc config file" + # Initialize config files for nginx and the maintenance tool if [ "$COMMON_BTC_NETWORK" == "testnet" ]; then cp ./nginx/testnet.conf ./nginx/dojo.conf diff --git a/docker/my-dojo/install/upgrade-scripts.sh b/docker/my-dojo/install/upgrade-scripts.sh index 34e3f2e..84998ea 100755 --- a/docker/my-dojo/install/upgrade-scripts.sh +++ b/docker/my-dojo/install/upgrade-scripts.sh @@ -49,6 +49,11 @@ update_config_files() { update_config_file ./conf/docker-node.conf ./conf/docker-node.conf.tpl echo "Initialized docker-node.conf" + rm ./tor/torrc + cp ./tor/torrc.tpl ./tor/torrc + cat ./conf/docker-tor.conf.tpl >> ./tor/torrc + echo "Initialized torrc config file" + # Initialize config files for nginx and the maintenance tool if [ "$COMMON_BTC_NETWORK" == "testnet" ]; then cp ./nginx/testnet.conf ./nginx/dojo.conf diff --git a/docker/my-dojo/tor/Dockerfile b/docker/my-dojo/tor/Dockerfile index 59578f2..762823e 100644 --- a/docker/my-dojo/tor/Dockerfile +++ b/docker/my-dojo/tor/Dockerfile @@ -17,7 +17,21 @@ RUN set -ex && \ --disable-unittests && \ make && make install && \ cd .. && \ - rm -rf tor + rm -rf tor && \ + echo "50fe8e13592f8cf22304b9c4adfc11849a2c3d281b1d7e09c924ae24874c6daa *go1.11.13.linux-amd64.tar.gz" > GO_CHECKSUMS && \ + wget https://dl.google.com/go/go1.11.13.linux-amd64.tar.gz && \ + sha256sum -c GO_CHECKSUMS 2>&1 | grep OK && \ + tar -C /usr/local/lib -xzf go1.11.13.linux-amd64.tar.gz && \ + ln -s /usr/local/lib/go/bin/go /usr/local/bin/ && \ + cd /usr/local/src && \ + git clone https://github.com/Yawning/obfs4.git obfs4proxy && \ + cd obfs4proxy && \ + git checkout tags/obfs4proxy-0.0.11 && \ + go build -o obfs4proxy/obfs4proxy ./obfs4proxy && \ + cp ./obfs4proxy/obfs4proxy /usr/local/bin && \ + cd .. && \ + rm go1.11.13.linux-amd64.tar.gz && \ + rm -rf obfs4proxy # Create group & user tor RUN addgroup --system -gid 1107 tor && \ diff --git a/docker/my-dojo/tor/torrc.tpl b/docker/my-dojo/tor/torrc.tpl new file mode 100644 index 0000000..cdeff20 --- /dev/null +++ b/docker/my-dojo/tor/torrc.tpl @@ -0,0 +1,48 @@ +## Tor opens a socks proxy on port 9050 by default -- even if you don't +## configure one below. Set "SocksPort 0" if you plan to run Tor only +## as a relay, and not make any local application connections yourself. + +# Socks is only available from dojonet +SocksPort 172.28.1.4:9050 + +## Entry policies to allow/deny SOCKS requests based on IP address. +## First entry that matches wins. If no SocksPolicy is set, we accept +## all (and only) requests that reach a SocksPort. Untrusted users who +## can access your SocksPort may be able to learn about the connections +## you make. + +# Socks is only available from dojonet +SocksPolicy accept 172.28.0.0/16 +SocksPolicy reject * + +## The directory for keeping all the keys/etc. By default, we store +## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. + +DataDirectory /var/lib/tor/.tor +DataDirectoryGroupReadable 1 + + +############### This section is just for location-hidden services ### + +## Once you have configured a hidden service, you can look at the +## contents of the file ".../hidden_service/hostname" for the address +## to tell people. +## HiddenServicePort x y:z says to redirect requests on port x to the +## address y:z. + +HiddenServiceDir /var/lib/tor/hsv2dojo +HiddenServiceVersion 2 +HiddenServicePort 80 172.29.1.3:80 + +HiddenServiceDir /var/lib/tor/hsv3dojo +HiddenServiceVersion 3 +HiddenServicePort 80 172.29.1.3:80 + +HiddenServiceDir /var/lib/tor/hsv2bitcoind +HiddenServiceVersion 2 +HiddenServicePort 8333 172.28.1.5:8333 +HiddenServiceDirGroupReadable 1 + +# Tor Bridges configuration +ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy + From a1803e32aa5a163b260c8def5d46f11f075e3179 Mon Sep 17 00:00:00 2001 From: nickodev Date: Sun, 1 Sep 2019 18:25:54 +0430 Subject: [PATCH 2/5] adding wget to tor's Dockerfile --- docker/my-dojo/tor/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/my-dojo/tor/Dockerfile b/docker/my-dojo/tor/Dockerfile index 762823e..8cdaf5d 100644 --- a/docker/my-dojo/tor/Dockerfile +++ b/docker/my-dojo/tor/Dockerfile @@ -5,7 +5,7 @@ ENV TOR_HOME /var/lib/tor # Install Tor RUN set -ex && \ apt-get update && \ - apt-get install -y git libevent-dev zlib1g-dev libssl-dev gcc make automake ca-certificates autoconf musl-dev coreutils && \ + apt-get install -y git libevent-dev zlib1g-dev libssl-dev gcc make automake ca-certificates autoconf musl-dev coreutils wget && \ mkdir -p /usr/local/src/ && \ git clone https://git.torproject.org/tor.git /usr/local/src/tor && \ cd /usr/local/src/tor && \ From 210c3329ed46ed40a3ba2183bf8c80aeb54c9854 Mon Sep 17 00:00:00 2001 From: nickodev Date: Mon, 2 Sep 2019 10:10:29 +0430 Subject: [PATCH 3/5] adding help to docker-tor.conf.tpl template file --- docker/my-dojo/conf/docker-tor.conf.tpl | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/docker/my-dojo/conf/docker-tor.conf.tpl b/docker/my-dojo/conf/docker-tor.conf.tpl index 228d308..fb6916c 100644 --- a/docker/my-dojo/conf/docker-tor.conf.tpl +++ b/docker/my-dojo/conf/docker-tor.conf.tpl @@ -3,7 +3,14 @@ # CONFIGURATION OF TOR CONTAINER ######################################### +# To get Tor bridges head over to https://bridges.torproject.org and click on +# Get bridges, then you will see a form with "Advanced Options" header +# leave the Pluggable Transport as obfs4 and click on Get Bridges button +# solve the captcah, you will get the bridge addresses (usually 3) +# Add these bridges with the help of the below template +# you need to prefix those with the word "Bridge" and have each of them in a new line. +# The UseBridges setting can be used to set Bridge usage in the Tor container. + UseBridges 1 -Bridge obfs4 5.253.87.21:443 4C4441484D06047C1A12B768BC7E7268F2E6DD49 cert=BBKeJPokZXigyKpn+E/iKim/BwNEiIdifbHfaXQmyu1GpSHtNlruAIWebci9m8Yb0tGUOw iat-mode=0 -Bridge obfs4 107.161.172.101:443 32AE54F8CEFFEC4787155793FAF350CE72178B73 cert=XK+KtnniXJWml5+upNC3HaUvW7LoU+ujpgbsYpxPK3vYlk37gHFVYF4/CLiKkyS685gDHw iat-mode=0 +#Bridge obfs4 IP:PORT 1111222233334444 cert=XXXXYYYYZZZZ iat-mode=0 From f94a99072abd2c3ea8ec73121eb20cf90e7b8aa5 Mon Sep 17 00:00:00 2001 From: nickodev Date: Mon, 2 Sep 2019 10:13:05 +0430 Subject: [PATCH 4/5] set UseBridges to 0 by default --- docker/my-dojo/conf/docker-tor.conf.tpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/my-dojo/conf/docker-tor.conf.tpl b/docker/my-dojo/conf/docker-tor.conf.tpl index fb6916c..2e5a1a7 100644 --- a/docker/my-dojo/conf/docker-tor.conf.tpl +++ b/docker/my-dojo/conf/docker-tor.conf.tpl @@ -9,8 +9,8 @@ # solve the captcah, you will get the bridge addresses (usually 3) # Add these bridges with the help of the below template # you need to prefix those with the word "Bridge" and have each of them in a new line. -# The UseBridges setting can be used to set Bridge usage in the Tor container. +# At last, set UseBridges to 1 so the Tor container uses the bridges you add in previous steps. -UseBridges 1 +UseBridges 0 #Bridge obfs4 IP:PORT 1111222233334444 cert=XXXXYYYYZZZZ iat-mode=0 From 4f5842e5959173d2075181abe2296c61756955b3 Mon Sep 17 00:00:00 2001 From: kenshin samourai <42477425+kenshin-samourai@users.noreply.github.com> Date: Mon, 9 Sep 2019 14:45:12 +0000 Subject: [PATCH 5/5] Revamp (#1) * replace torrc file by command lines arguments set in restart script. restructure docker-tor.conf for homogeneity. define env vars in Dockerfile for easier tuning (for pi4 and others platforms) * bump version of tor image * update doc * merge tor bridges config options --- doc/DOCKER_advanced_setups.md | 45 +++++++++++++++++++++ doc/DOCKER_setup.md | 13 +++--- docker/my-dojo/.env | 2 +- docker/my-dojo/conf/docker-tor.conf.tpl | 30 +++++++++++--- docker/my-dojo/docker-compose.yaml | 1 + docker/my-dojo/install/install-scripts.sh | 5 +-- docker/my-dojo/install/upgrade-scripts.sh | 44 ++++++++++++--------- docker/my-dojo/tor/Dockerfile | 36 ++++++++++------- docker/my-dojo/tor/restart.sh | 29 +++++++++++++- docker/my-dojo/tor/torrc | 44 --------------------- docker/my-dojo/tor/torrc.tpl | 48 ----------------------- 11 files changed, 156 insertions(+), 141 deletions(-) delete mode 100644 docker/my-dojo/tor/torrc delete mode 100644 docker/my-dojo/tor/torrc.tpl diff --git a/doc/DOCKER_advanced_setups.md b/doc/DOCKER_advanced_setups.md index 3825b57..215bb69 100644 --- a/doc/DOCKER_advanced_setups.md +++ b/doc/DOCKER_advanced_setups.md @@ -6,6 +6,14 @@ The configuration files of Dojo provide a few advanced options allowing to tune A word of caution, though, the default values of these options try to maximize your privacy at a network level. Most of the advanced setups described in this document may damage your privacy. Use at your own risk! +## Table of Content ## +- [External Bitcoin full node](#external_bitcoind) +- [bitcoind RPC API ans ZMQ notifications exposed to external apps](#exposed_rpc_zmq) +- [Static onion address for bitcoind hidden service](#static_onion) +- [Configure Tor Bridges](#tor_bridges) +- [Support of testnet](#testnet) + + ## External Bitcoin full node ## @@ -161,6 +169,43 @@ nano ./conf/docker-bitcoind.conf Note: this option has no effect if your setup relies on a external full node (i.e. if BITCOIND_INSTALL is set to "off"). + + +## Configure Tor Bridges ## + +By default, Dojo doesn't try to hide that Tor is being used. For the majority of Dojo users, connecting to Tor with the default configuration is appropriate and will work successfully. For some users, it may be appropriate to configure Tor Bridges in order to circumvent censorship enforced by ISP, censorship enforcement bodies and other interested parties. + +The following steps allow to activate the use of Tor bridges by Dojo. + +``` +# Stop your Dojo +./dojo.sh stop + +# Head over to https://bridges.torproject.org +# Click on "Get bridges", then you will see a form with "Advanced Options" header +# Leave the Pluggable Transport as "obfs4" and click on "Get Bridges" button +# Solve the captcha, you will get the bridge addresses, usually three lines: +# obfs4 24.106.248.94:65531 B9EFBC5... cert=yrX... iat-mode=0 +# obfs4 ... +# obfs4 ... + +# Edit the tor config file +nano ./conf/docker-tor.conf + +# +# Set the value of TOR_USE_BRIDGES to "on" +# +# Set the values of TOR_BRIDGE_n properties with info returned by the website +# For instance, if the first line generated by the website is: +# obfs4 24.106.248.94:65531 B9EFBC5... cert=yrX... iat-mode=0 +# You will have to set: +# TOR_BRIDGE_1=obfs4 24.106.248.94:65531 B9EFBC5... cert=yrX... iat-mode=0 +# +# Save and exit nano +# +``` + + ## Support of testnet ## diff --git a/doc/DOCKER_setup.md b/doc/DOCKER_setup.md index 63fcd07..accdf92 100644 --- a/doc/DOCKER_setup.md +++ b/doc/DOCKER_setup.md @@ -97,11 +97,6 @@ This procedure allows to install a new Dojo from scratch. * `BITCOIND_RPC_USER` = login protecting the access to the RPC API of your full node, * `BITCOIND_RPC_PASSWORD` = password protecting the access to the RPC API of your full node. * If your machine has a lot of RAM, it's recommended that you increase the value of `BITCOIND_DB_CACHE` for a faster Initial Block Download. - * This file also provides a few additional settings for advanced setups: - * static onion address for your full node, - * bitcoind RPC API exposed to external apps, - * use of an external full node. - See this [doc](./DOCKER_advanced_setups.md) for more details. * Edit docker-mysql.conf.tpl and provide a new value for the following parameters: * `MYSQL_ROOT_PASSWORD` = password protecting the root account of MySQL, @@ -114,6 +109,14 @@ This procedure allows to install a new Dojo from scratch. * `NODE_JWT_SECRET` = secret used by your Dojo for the initialization of a cryptographic key signing Json Web Tokens. These parameters will protect the access to your Dojo. Be sure to provide alphanumeric values with enough entropy. +* Dojo provides a few additional settings for advanced setups: + * static onion address for your full node, + * bitcoind RPC API exposed to external apps, + * use of an external full node, + * use of Tor Bridges, + * support of testnet. + See this [doc](./DOCKER_advanced_setups.md) for more details. + * Open the docker quickstart terminal or a terminal console and go to the `/docker/my-dojo` directory. This directory contains a script named dojo.sh which will be your entrypoint for all operations related to the management of your Dojo. diff --git a/docker/my-dojo/.env b/docker/my-dojo/.env index 03b2972..14b10e7 100644 --- a/docker/my-dojo/.env +++ b/docker/my-dojo/.env @@ -15,7 +15,7 @@ DOJO_DB_VERSION_TAG=1.1.0 DOJO_BITCOIND_VERSION_TAG=1.2.0 DOJO_NODEJS_VERSION_TAG=1.2.0 DOJO_NGINX_VERSION_TAG=1.2.0 -DOJO_TOR_VERSION_TAG=1.1.0 +DOJO_TOR_VERSION_TAG=1.2.0 ######################################### diff --git a/docker/my-dojo/conf/docker-tor.conf.tpl b/docker/my-dojo/conf/docker-tor.conf.tpl index 2e5a1a7..857ef20 100644 --- a/docker/my-dojo/conf/docker-tor.conf.tpl +++ b/docker/my-dojo/conf/docker-tor.conf.tpl @@ -1,16 +1,34 @@ - ######################################### # CONFIGURATION OF TOR CONTAINER ######################################### +# +# USE TOR BRIDGES +# # To get Tor bridges head over to https://bridges.torproject.org and click on # Get bridges, then you will see a form with "Advanced Options" header # leave the Pluggable Transport as obfs4 and click on Get Bridges button # solve the captcah, you will get the bridge addresses (usually 3) -# Add these bridges with the help of the below template -# you need to prefix those with the word "Bridge" and have each of them in a new line. -# At last, set UseBridges to 1 so the Tor container uses the bridges you add in previous steps. +# +# Then, set TOR_USE_BRIDGES to "on" and initialize the TOR_BRIDGE_n options +# with the 3 lines generated by the online tool. +# +# For instance, if the first line generated by the tool is: +# obfs4 24.106.248.94:65531 B9EFBC5... cert=yrX... iat-mode=0 +# You will have to set: +# TOR_BRIDGE_1=obfs4 24.106.248.94:65531 B9EFBC5... cert=yrX... iat-mode=0 +# + + +# Activate the use of Tor bridges +# Value: on | off +TOR_USE_BRIDGES=off + +# Bridge 1 +TOR_BRIDGE_1=ToBeDefined -UseBridges 0 -#Bridge obfs4 IP:PORT 1111222233334444 cert=XXXXYYYYZZZZ iat-mode=0 +# Bridge 2 +TOR_BRIDGE_2=ToBeDefined +# Bridge 3 +TOR_BRIDGE_3=ToBeDefined diff --git a/docker/my-dojo/docker-compose.yaml b/docker/my-dojo/docker-compose.yaml index e59c762..4382945 100644 --- a/docker/my-dojo/docker-compose.yaml +++ b/docker/my-dojo/docker-compose.yaml @@ -73,6 +73,7 @@ services: context: ./tor env_file: - ./.env + - ./conf/docker-tor.conf restart: on-failure command: /restart.sh volumes: diff --git a/docker/my-dojo/install/install-scripts.sh b/docker/my-dojo/install/install-scripts.sh index f7977a5..88b6bcd 100755 --- a/docker/my-dojo/install/install-scripts.sh +++ b/docker/my-dojo/install/install-scripts.sh @@ -49,9 +49,8 @@ init_config_files() { cp ./conf/docker-node.conf.tpl ./conf/docker-node.conf echo "Initialized docker-node.conf" - cp ./tor/torrc.tpl ./tor/torrc - cat ./conf/docker-tor.conf.tpl >> ./tor/torrc - echo "Initialized torrc config file" + cp ./conf/docker-tor.conf.tpl ./conf/docker-tor.conf + echo "Initialized docker-tor.conf" # Initialize config files for nginx and the maintenance tool if [ "$COMMON_BTC_NETWORK" == "testnet" ]; then diff --git a/docker/my-dojo/install/upgrade-scripts.sh b/docker/my-dojo/install/upgrade-scripts.sh index 84998ea..40e735a 100755 --- a/docker/my-dojo/install/upgrade-scripts.sh +++ b/docker/my-dojo/install/upgrade-scripts.sh @@ -33,11 +33,7 @@ update_config_files() { echo "Initialized 2_update.sql" # Initialize config files for MyDojo - if [ -f ./conf/docker-common.conf ]; then - update_config_file ./conf/docker-common.conf ./conf/docker-common.conf.tpl - else - cp ./conf/docker-common.conf.tpl ./conf/docker-common.conf - fi + update_config_file ./conf/docker-common.conf ./conf/docker-common.conf.tpl echo "Initialized docker-common.conf" update_config_file ./conf/docker-bitcoind.conf ./conf/docker-bitcoind.conf.tpl @@ -49,10 +45,8 @@ update_config_files() { update_config_file ./conf/docker-node.conf ./conf/docker-node.conf.tpl echo "Initialized docker-node.conf" - rm ./tor/torrc - cp ./tor/torrc.tpl ./tor/torrc - cat ./conf/docker-tor.conf.tpl >> ./tor/torrc - echo "Initialized torrc config file" + update_config_file ./conf/docker-tor.conf ./conf/docker-tor.conf.tpl + echo "Initialized docker-tor.conf" # Initialize config files for nginx and the maintenance tool if [ "$COMMON_BTC_NETWORK" == "testnet" ]; then @@ -70,18 +64,22 @@ update_config_files() { # Update a configuration file from template update_config_file() { - sed "s/^#.*//g;s/=.*//g;/^$/d" $1 > ./original.keys.raw - grep -f ./original.keys.raw $1 > ./original.lines.raw + if [ -f $1 ]; then + sed "s/^#.*//g;s/=.*//g;/^$/d" $1 > ./original.keys.raw + grep -f ./original.keys.raw $1 > ./original.lines.raw - cp -p $1 "$1.save" - cp -p $2 $1 + cp -p $1 "$1.save" + cp -p $2 $1 - while IFS='=' read -r key val ; do - sed -i "s/$key=.*/$key=$val/g" "$1" - done < ./original.lines.raw + while IFS='=' read -r key val ; do + sed -i "s~$key=.*~$key=$val~g" "$1" + done < ./original.lines.raw - rm ./original.keys.raw - rm ./original.lines.raw + rm ./original.keys.raw + rm ./original.lines.raw + else + cp $2 $1 + fi } # Update dojo database @@ -91,6 +89,15 @@ update_dojo_db() { # Clean-up cleanup() { + ################# + # Clean-up v1.3.0 + ################# + + # Remove deprecated torrc file + if [ -f ./tor/torrc ]; then + rm ./tor/torrc + fi + ################# # Clean-up v1.1.0 ################# @@ -99,4 +106,5 @@ cleanup() { if [ -f ./bitcoin/bitcoin.conf ]; then rm ./bitcoin/bitcoin.conf fi + } diff --git a/docker/my-dojo/tor/Dockerfile b/docker/my-dojo/tor/Dockerfile index 8cdaf5d..0d5d2e3 100644 --- a/docker/my-dojo/tor/Dockerfile +++ b/docker/my-dojo/tor/Dockerfile @@ -1,15 +1,23 @@ FROM debian:stretch -ENV TOR_HOME /var/lib/tor +ENV TOR_HOME /var/lib/tor +ENV TOR_URL https://git.torproject.org/tor.git +ENV TOR_VERSION 0.3.5.8 +ENV GOLANG_DL_URL https://dl.google.com/go +ENV GOLANG_ARCHIVE go1.11.13.linux-amd64.tar.gz +ENV GOLANG_SHA256 50fe8e13592f8cf22304b9c4adfc11849a2c3d281b1d7e09c924ae24874c6daa +ENV OBFS4_URL https://github.com/Yawning/obfs4.git +ENV OBFS4_VERSION 0.0.11 + # Install Tor RUN set -ex && \ apt-get update && \ apt-get install -y git libevent-dev zlib1g-dev libssl-dev gcc make automake ca-certificates autoconf musl-dev coreutils wget && \ mkdir -p /usr/local/src/ && \ - git clone https://git.torproject.org/tor.git /usr/local/src/tor && \ + git clone "$TOR_URL" /usr/local/src/tor && \ cd /usr/local/src/tor && \ - git checkout tor-0.3.5.8 && \ + git checkout "tor-$TOR_VERSION" && \ ./autogen.sh && \ ./configure \ --disable-asciidoc \ @@ -17,20 +25,22 @@ RUN set -ex && \ --disable-unittests && \ make && make install && \ cd .. && \ - rm -rf tor && \ - echo "50fe8e13592f8cf22304b9c4adfc11849a2c3d281b1d7e09c924ae24874c6daa *go1.11.13.linux-amd64.tar.gz" > GO_CHECKSUMS && \ - wget https://dl.google.com/go/go1.11.13.linux-amd64.tar.gz && \ + rm -rf tor + +# Install Golang & OBFS4 proxy +RUN cd /usr/local/src && \ + echo "$GOLANG_SHA256 *$GOLANG_ARCHIVE" > GO_CHECKSUMS && \ + wget "$GOLANG_DL_URL/$GOLANG_ARCHIVE" && \ sha256sum -c GO_CHECKSUMS 2>&1 | grep OK && \ - tar -C /usr/local/lib -xzf go1.11.13.linux-amd64.tar.gz && \ + tar -C /usr/local/lib -xzf "$GOLANG_ARCHIVE" && \ ln -s /usr/local/lib/go/bin/go /usr/local/bin/ && \ - cd /usr/local/src && \ - git clone https://github.com/Yawning/obfs4.git obfs4proxy && \ + git clone "$OBFS4_URL" /usr/local/src/obfs4proxy && \ cd obfs4proxy && \ - git checkout tags/obfs4proxy-0.0.11 && \ + git checkout "tags/obfs4proxy-$OBFS4_VERSION" && \ go build -o obfs4proxy/obfs4proxy ./obfs4proxy && \ cp ./obfs4proxy/obfs4proxy /usr/local/bin && \ cd .. && \ - rm go1.11.13.linux-amd64.tar.gz && \ + rm "$GOLANG_ARCHIVE" && \ rm -rf obfs4proxy # Create group & user tor @@ -46,10 +56,6 @@ RUN mkdir -p "$TOR_HOME/.tor" && \ chown -Rv tor:tor "$TOR_HOME" && \ chmod -R 750 "$TOR_HOME" -# Copy Tor configuration file -COPY ./torrc /etc/tor/torrc -RUN chown tor:tor /etc/tor/torrc - # Copy restart script COPY ./restart.sh /restart.sh diff --git a/docker/my-dojo/tor/restart.sh b/docker/my-dojo/tor/restart.sh index 24921ba..c3b29bb 100644 --- a/docker/my-dojo/tor/restart.sh +++ b/docker/my-dojo/tor/restart.sh @@ -6,4 +6,31 @@ echo "## Set permissions on /var/lib/tor dir ###" chmod 750 /var/lib/tor echo "## Start tor #############################" -tor \ No newline at end of file + +tor_options=( + --SocksPort 172.28.1.4:9050 + --SocksPolicy "accept 172.28.0.0/16" + --SocksPolicy "reject *" + --DataDirectory /var/lib/tor/.tor + --DataDirectoryGroupReadable 1 + --HiddenServiceDir /var/lib/tor/hsv2dojo + --HiddenServiceVersion 2 + --HiddenServicePort "80 172.29.1.3:80" + --HiddenServiceDir /var/lib/tor/hsv3dojo + --HiddenServiceVersion 3 + --HiddenServicePort "80 172.29.1.3:80" + --HiddenServiceDir /var/lib/tor/hsv2bitcoind + --HiddenServiceVersion 2 + --HiddenServicePort "8333 172.28.1.5:8333" + --HiddenServiceDirGroupReadable 1 +) + +if [ "$TOR_USE_BRIDGES" == "on" ]; then + tor_options+=(--ClientTransportPlugin "obfs4 exec /usr/local/bin/obfs4proxy") + tor_options+=(--UseBridges 1) + tor_options+=(--Bridge "$TOR_BRIDGE_1") + tor_options+=(--Bridge "$TOR_BRIDGE_2") + tor_options+=(--Bridge "$TOR_BRIDGE_3") +fi + +tor "${tor_options[@]}" diff --git a/docker/my-dojo/tor/torrc b/docker/my-dojo/tor/torrc deleted file mode 100644 index 30bc02e..0000000 --- a/docker/my-dojo/tor/torrc +++ /dev/null @@ -1,44 +0,0 @@ -## Tor opens a socks proxy on port 9050 by default -- even if you don't -## configure one below. Set "SocksPort 0" if you plan to run Tor only -## as a relay, and not make any local application connections yourself. - -# Socks is only available from dojonet -SocksPort 172.28.1.4:9050 - -## Entry policies to allow/deny SOCKS requests based on IP address. -## First entry that matches wins. If no SocksPolicy is set, we accept -## all (and only) requests that reach a SocksPort. Untrusted users who -## can access your SocksPort may be able to learn about the connections -## you make. - -# Socks is only available from dojonet -SocksPolicy accept 172.28.0.0/16 -SocksPolicy reject * - -## The directory for keeping all the keys/etc. By default, we store -## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. - -DataDirectory /var/lib/tor/.tor -DataDirectoryGroupReadable 1 - - -############### This section is just for location-hidden services ### - -## Once you have configured a hidden service, you can look at the -## contents of the file ".../hidden_service/hostname" for the address -## to tell people. -## HiddenServicePort x y:z says to redirect requests on port x to the -## address y:z. - -HiddenServiceDir /var/lib/tor/hsv2dojo -HiddenServiceVersion 2 -HiddenServicePort 80 172.29.1.3:80 - -HiddenServiceDir /var/lib/tor/hsv3dojo -HiddenServiceVersion 3 -HiddenServicePort 80 172.29.1.3:80 - -HiddenServiceDir /var/lib/tor/hsv2bitcoind -HiddenServiceVersion 2 -HiddenServicePort 8333 172.28.1.5:8333 -HiddenServiceDirGroupReadable 1 diff --git a/docker/my-dojo/tor/torrc.tpl b/docker/my-dojo/tor/torrc.tpl deleted file mode 100644 index cdeff20..0000000 --- a/docker/my-dojo/tor/torrc.tpl +++ /dev/null @@ -1,48 +0,0 @@ -## Tor opens a socks proxy on port 9050 by default -- even if you don't -## configure one below. Set "SocksPort 0" if you plan to run Tor only -## as a relay, and not make any local application connections yourself. - -# Socks is only available from dojonet -SocksPort 172.28.1.4:9050 - -## Entry policies to allow/deny SOCKS requests based on IP address. -## First entry that matches wins. If no SocksPolicy is set, we accept -## all (and only) requests that reach a SocksPort. Untrusted users who -## can access your SocksPort may be able to learn about the connections -## you make. - -# Socks is only available from dojonet -SocksPolicy accept 172.28.0.0/16 -SocksPolicy reject * - -## The directory for keeping all the keys/etc. By default, we store -## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. - -DataDirectory /var/lib/tor/.tor -DataDirectoryGroupReadable 1 - - -############### This section is just for location-hidden services ### - -## Once you have configured a hidden service, you can look at the -## contents of the file ".../hidden_service/hostname" for the address -## to tell people. -## HiddenServicePort x y:z says to redirect requests on port x to the -## address y:z. - -HiddenServiceDir /var/lib/tor/hsv2dojo -HiddenServiceVersion 2 -HiddenServicePort 80 172.29.1.3:80 - -HiddenServiceDir /var/lib/tor/hsv3dojo -HiddenServiceVersion 3 -HiddenServicePort 80 172.29.1.3:80 - -HiddenServiceDir /var/lib/tor/hsv2bitcoind -HiddenServiceVersion 2 -HiddenServicePort 8333 172.28.1.5:8333 -HiddenServiceDirGroupReadable 1 - -# Tor Bridges configuration -ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy -