antitree / private-tor-network Goto Github PK
View Code? Open in Web Editor NEWRun an isolated instance of a tor network in Docker containers
License: GNU General Public License v2.0
Run an isolated instance of a tor network in Docker containers
License: GNU General Public License v2.0
Hi
In the entrypoint script, there's an erroneous if on line 24.
thanks
I used the command:
sudo docker-compose up
to build a default network.
But when I tried to use the command:
curl -vL google.com --proxy socks5://localhost:9050
I failed to connect with the prompt:
* Trying 127.0.0.1:9050...
* SOCKS5 connect to IPv6 2607:f8b0:4004:c1b::71:80 (locally resolved)
* Can't complete SOCKS5 connection to google.com. (6)
* Closing connection 0
curl: (97) Can't complete SOCKS5 connection to google.com. (6)
I searched the logs and found:
[warn] Problem bootstrapping. Stuck at 5%: Connecting to directory server. (Connection refused; CONNECTREFUSED; count 14; recommendation warn; host F7AC491A000055092A185947A3D5FD3226786AF4 at 172.18.0.2:7000)
in private-tor-network-client-1
How could this be? I tried several times but every time the same result as above.
As present now, the docker containers are all based on the antitree/private-tor-test. These are not available to me (and likely no one except the author). Removing "-test" finds public images; however, this base image does not result in a successful private tor network. The DAs fail with a message of "TestingTorNetwork may only be configured in combination with a non-default set of DirAuthority or both of AlternateDirAuthority and AlternateBridgeAuthority configured." ... Do the -test base docker images correct this?
Building using the 'quickstart' instructions on Debian 8, Debian 9 and Ubuntu, I run into the same issue where consensus doesn't seem to happen. Can connect to the sock proxy, all containers come up, tor directory is consistent across containers.
Cannot connect to hidden service. arm does not show consensus.
Hello.
I am from the golden country very impressed with your achievement.
Well I read your README and built a Tor network with containers on a fully local private VM host. I accessed it from a Tor browser proxy, but for some reason the connection is not established.
The logs show that the connection between the client and Tor browser appears to be established.
My goal is to browse the container's web page from the Tor browser through the container's node.
Any solutions or example configurations would be appreciated.
Thanks.
Docker version:
Docker version 18.06.1-ce, build e68fc7a
The issure:
While I run the command:
docker stack deploy --compose-file docker-compose.yml torstack
The terminal outputs like this:
โ private-tor-network git:(master) docker stack deploy --compose-file docker-compose.yml torstack
Ignoring unsupported options: links
Updating service torstack_relay (id: tffiq75zoc8grn3qa0wed1qwy)
Updating service torstack_exit (id: aeyhou3i5eck7pa8o8g6pioyw)
Updating service torstack_client (id: yq15cmssxeymvyihlx2fv0ia9)
Updating service torstack_hs (id: dzbjwbrag9135lg1am45wevmp)
Updating service torstack_web (id: kxoa2psvu64i3gfc9vzpidtk9)
Updating service torstack_da1 (id: 0661dlucl6cd9v3gwdhe6cpc5)
Updating service torstack_da2 (id: ezbgb6v528i0ofubjwthpxibg)
Updating service torstack_da3 (id: niij6h9rjdkvwa1rshono0p8g)
And I try to google something, from stackoverflow I get this:
The above answer is actually wrong links: is not supported in docker stack deploy see this link : https://docs.docker.com/compose/compose-file/#not-supported-for-docker-stack-deploy
ref: how to connect to container in docker stack deploy
Could you please make an upgrade?
I am still trying to learn and understand the mechanics here.
I have went through the source, but I couldn't figure this out.
config/torrc
file has this line;
TestingTorNetwork 1
But any tor node can have that line, what prevents any external node from joining a private tor network?
I was excepting something like a shared-secret, or pub-key auth, something that will block unknown nodes. Am I thinking in the wrong direction?
If you have any links to any explanation/documents, that would be great help.
Thanks!
When I start the containers via docker-componse, I get the following error:
privatetornetwork_da3_1 exited with code 1
client_1 | cat: /tor/torrc.da: No such file or directory
privatetornetwork_client_1 exited with code 1
relay_1 | cat: /tor/torrc.da: No such file or directory
exit_1 | cat: /tor/torrc.da: No such file or directory
hs_1 | cat: /tor/torrc.da: No such file or directory
I think this is because of line 96 where it is using cat ${TOR_DIR}/torrc.da >> /etc/tor/torrc
but according to the Dockerfile, ${TOR_DIR}
is resolved to /tor
while every other config is in the folder /etc/tor
When tracking the tor IP it's hard coded to search for eth1 but that's not always true. Should be fixed so that it can find whatever the interfaces are.
Branch: master.
I reduce the numbers of authority servers to reproduce the problem clearly.
version: '3'
services:
da1:
image: antitree/private-tor
#expose:
# - "7000"
# - "9030"
environment:
ROLE: DA
volumes:
## Needed to keep track of other nodes
- ./tor:/tor
relay:
image: antitree/private-tor
#expose:
# - "7000"
# - "9030"
environment:
ROLE: RELAY
volumes:
- ./tor:/tor
depends_on:
# Make sure the DA's are already up
- da1
exit:
image: antitree/private-tor
#expose:
# - "7000"
# - "9030"
environment:
ROLE: EXIT
volumes:
- ./tor:/tor
depends_on:
# Make sure the DA's are already up
- da1
client:
image: antitree/private-tor
ports:
# Setups a listener on host machine
- "9050:9050"
- "9051:9051"
volumes:
- ./tor:/tor
environment:
ROLE: CLIENT
depends_on:
- da1
hs:
image: antitree/private-tor
#expose:
# - "80"
environment:
ROLE: HS
# This will create a hidden service that points to
# the service "web" which is runing nginx. You can
# change this to whatever ip or hostname you want
TOR_HS_PORT: "80"
TOR_HS_ADDR: "web"
volumes:
- ./tor:/tor
depends_on:
- da1
links:
- web
web:
image: nginx
#expose:
# - "80"
Build it with the new up command with --scale flag(leave client offline now).
$ docker-compose up -d --scale client=0 --scale relay=3 --scale exit=3
da1 log output shows the server starts correctly.
da1_1 | May 18 12:05:01.000 [notice] Bootstrapped 100%: Done
Restart the services.
$ docker-compose stop
Stopping tor_relay_2 ... done
Stopping tor_hs_1 ... done
Stopping tor_relay_3 ... done
Stopping tor_exit_1 ... done
Stopping tor_exit_3 ... done
Stopping tor_relay_1 ... done
Stopping tor_exit_2 ... done
Stopping tor_web_1 ... done
Stopping tor_da1_1 ... done
$ docker-compose start
Starting da1 ... done
Starting relay ... done
Starting exit ... done
Starting client ... failed
Starting web ... done
Starting hs ... done
da log output shows that the dynamic ip address of the scale command confuses the authority server.
da1_1 | May 18 12:10:38.000 [warn] Tried connecting to router at 172.24.0.4:7000, but RSA + ed25519 identity keys were not as expected: wanted 2F159F06AB914C10DF4470A9D1CE00DCCF977C9F + mKjfetwSu6ORRHQ4r8CBFY8rKh1yqBCET5w6bWark4E but got 9E811E6570880ABB5792FE664FD3B53E914B3393 + b7s4R/pE3ZAjVp9cSf5bN6m33c2Tp4MWposRD2ADO0E.
Suppose client joins the private network now.
$ docker-compose up client
Socks port is already opened.
$ ss -anlt
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:9050 *:*
LISTEN 0 128 *:9051 *:*
Connection is blocked here.
$ curl --socks5 127.0.0.1:9050 www.google.com
Maybe the scale command is not suitable for building a private tor network here until it can persist the network status.
Thank you for reading.
I'm new to Tor. There is a environment variable "ROLE" when starting the network in docker-compose file, could you tell me how the container react to this variable (where is the corresponding code)? Thank you very much.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.