adding Tor bridge support in install and upgrade scripts

6 years ago · dae957724b
5 changed files with 81 additions and 1 deletions
--- a/docker/my-dojo/conf/docker-tor.conf.tpl
+++ b/docker/my-dojo/conf/docker-tor.conf.tpl
@ -0,0 +1,9 @@
+
+#########################################
+# CONFIGURATION OF TOR CONTAINER
+#########################################
+
+UseBridges 1
+Bridge obfs4 5.253.87.21:443 4C4441484D06047C1A12B768BC7E7268F2E6DD49 cert=BBKeJPokZXigyKpn+E/iKim/BwNEiIdifbHfaXQmyu1GpSHtNlruAIWebci9m8Yb0tGUOw iat-mode=0
+Bridge obfs4 107.161.172.101:443 32AE54F8CEFFEC4787155793FAF350CE72178B73 cert=XK+KtnniXJWml5+upNC3HaUvW7LoU+ujpgbsYpxPK3vYlk37gHFVYF4/CLiKkyS685gDHw iat-mode=0
+
--- a/docker/my-dojo/install/install-scripts.sh
+++ b/docker/my-dojo/install/install-scripts.sh
@ -49,6 +49,10 @@ init_config_files() {
  cp ./conf/docker-node.conf.tpl ./conf/docker-node.conf
  echo "Initialized docker-node.conf"

+  cp ./tor/torrc.tpl ./tor/torrc
+  cat ./conf/docker-tor.conf.tpl >> ./tor/torrc
+  echo "Initialized torrc config file"
+
  # Initialize config files for nginx and the maintenance tool 
  if [ "$COMMON_BTC_NETWORK" == "testnet" ]; then
    cp ./nginx/testnet.conf ./nginx/dojo.conf
--- a/docker/my-dojo/install/upgrade-scripts.sh
+++ b/docker/my-dojo/install/upgrade-scripts.sh
@ -49,6 +49,11 @@ update_config_files() {
  update_config_file ./conf/docker-node.conf ./conf/docker-node.conf.tpl
  echo "Initialized docker-node.conf"

+  rm ./tor/torrc
+  cp ./tor/torrc.tpl ./tor/torrc
+  cat ./conf/docker-tor.conf.tpl >> ./tor/torrc
+  echo "Initialized torrc config file"
+
  # Initialize config files for nginx and the maintenance tool 
  if [ "$COMMON_BTC_NETWORK" == "testnet" ]; then
    cp ./nginx/testnet.conf ./nginx/dojo.conf
--- a/docker/my-dojo/tor/Dockerfile
+++ b/docker/my-dojo/tor/Dockerfile
@ -17,7 +17,21 @@ RUN     set -ex && \
            --disable-unittests && \
        make && make install && \
        cd .. && \
-        rm -rf tor
+        rm -rf tor && \
+        echo "50fe8e13592f8cf22304b9c4adfc11849a2c3d281b1d7e09c924ae24874c6daa *go1.11.13.linux-amd64.tar.gz" > GO_CHECKSUMS && \
+        wget https://dl.google.com/go/go1.11.13.linux-amd64.tar.gz && \
+        sha256sum -c GO_CHECKSUMS 2>&1 | grep OK && \
+        tar -C /usr/local/lib -xzf go1.11.13.linux-amd64.tar.gz && \
+        ln -s /usr/local/lib/go/bin/go /usr/local/bin/ && \
+        cd /usr/local/src && \
+        git clone https://github.com/Yawning/obfs4.git obfs4proxy && \
+        cd obfs4proxy && \
+        git checkout tags/obfs4proxy-0.0.11 && \
+        go build -o obfs4proxy/obfs4proxy ./obfs4proxy && \
+        cp ./obfs4proxy/obfs4proxy /usr/local/bin && \
+        cd .. && \
+        rm go1.11.13.linux-amd64.tar.gz && \
+        rm -rf obfs4proxy

 # Create group & user tor
 RUN     addgroup --system -gid 1107 tor && \
--- a/docker/my-dojo/tor/torrc.tpl
+++ b/docker/my-dojo/tor/torrc.tpl
@ -0,0 +1,48 @@
+## Tor opens a socks proxy on port 9050 by default -- even if you don't
+## configure one below. Set "SocksPort 0" if you plan to run Tor only
+## as a relay, and not make any local application connections yourself.
+
+# Socks is only available from dojonet
+SocksPort 172.28.1.4:9050
+
+## Entry policies to allow/deny SOCKS requests based on IP address.
+## First entry that matches wins. If no SocksPolicy is set, we accept
+## all (and only) requests that reach a SocksPort. Untrusted users who
+## can access your SocksPort may be able to learn about the connections
+## you make.
+
+# Socks is only available from dojonet
+SocksPolicy accept 172.28.0.0/16
+SocksPolicy reject *
+
+## The directory for keeping all the keys/etc. By default, we store
+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+
+DataDirectory /var/lib/tor/.tor
+DataDirectoryGroupReadable 1
+
+
+############### This section is just for location-hidden services ###
+
+## Once you have configured a hidden service, you can look at the
+## contents of the file ".../hidden_service/hostname" for the address
+## to tell people.
+## HiddenServicePort x y:z says to redirect requests on port x to the
+## address y:z.
+
+HiddenServiceDir /var/lib/tor/hsv2dojo
+HiddenServiceVersion 2
+HiddenServicePort 80 172.29.1.3:80
+
+HiddenServiceDir /var/lib/tor/hsv3dojo
+HiddenServiceVersion 3
+HiddenServicePort 80 172.29.1.3:80
+
+HiddenServiceDir /var/lib/tor/hsv2bitcoind
+HiddenServiceVersion 2
+HiddenServicePort 8333 172.28.1.5:8333
+HiddenServiceDirGroupReadable 1
+
+# Tor Bridges configuration
+ClientTransportPlugin obfs4 exec /usr/local/bin/obfs4proxy
+