brunneis / tor-relay-docker Goto Github PK

View Code? Open in Web Editor NEW

39.0 5.0 11.0 46 KB

Tor relay Docker images for x86-64, armhf & arm64 (from source)

Home Page: https://www.torproject.org/download/

License: GNU General Public License v3.0

Shell 71.49% Dockerfile 28.51%

tor-relay docker-image arm ubuntu bridge-relay exit-relay middle-relay arm64 armhf hacktoberfest

tor-relay-docker's Introduction

Tor Relay Docker

Tor relay Docker images for x86-64, armhf & arm64 (from source).

There are pre-built ubuntu-based images hosted in hub.docker.com (Ubuntu 16.04 LTS) that can be easily executed with the launch.sh script.

Tor (Tor built from source)

brunneis/tor-relay:x86-64 (latest stable)
brunneis/tor-relay:armhf (latest stable)
brunneis/tor-relay:arm64 (latest stable)
brunneis/tor-relay:0.4.6.6_x86-64
brunneis/tor-relay:0.4.6.6_armhf
brunneis/tor-relay:0.4.6.6_arm64

Tor with ARM (Anonymizing Relay Monitor) (based on tor-relay images)

brunneis/tor-relay-arm:x86-64 (latest stable)
brunneis/tor-relay-arm:armhf (latest stable)
brunneis/tor-relay-arm:arm64 (latest stable)
brunneis/tor-relay-arm:0.4.6.6_x86-64
brunneis/tor-relay-arm:0.4.6.6_armhf
brunneis/tor-relay-arm:0.4.6.6_arm64

How it works

The common entrypoint for all the tor-relay images is the entrypoint.sh script. Before launching Tor, it will create the user tor and configure the torrc file depending on the relay type and the configured environment variables. The Tor data directory will be mounted in the folder tor-data within the directory from which the script is executed. The docker image will run with the user tor with the same UID as the user who runs the container. The identity of the executed relay is kept under the tor-data folder, so the container can be destroyed and relaunched while the relay identity is preserved.

How to launch a Tor relay

You can modify the basic environment variables of the launch.sh script (NICKNAME and CONTACT_INFO) and just launch it as follows, where the first argument is the tor-relay image and the second one, the relay type:

Bridge relay: ./launch.sh brunneis/tor-relay:x86-64 bridge
Middle relay: ./launch.sh brunneis/tor-relay:x86-64 middle
Exit relay: ./launch.sh brunneis/tor-relay:x86-64 exit

Currently, it is possible to configure also the following variables when launching a dockerized relay and all of them come with default values:

OR_PORT (ORPort)
DIR_PORT (DirPort)
CONTROL_PORT (ControlPort)
BANDWIDTH_RATE (RelayBandwidthRate)
BANDWIDTH_BURST (RelayBandwidthBurst)
MAX_MEM (MaxMemInQueues)
ACCOUNTING_MAX (AccountingMax)
ACCOUNTING_START (AccountingStart)

If you want to run a Docker image directly just set the previous environment variables and bind a volume for the Tor data as shown bellow:

Bridge relay: docker run -d -p 9001:9001 -e "OR_PORT=9001" -e "NICKNAME=YourRelayNickname" -e "[email protected]" -e "BANDWIDTH_RATE=250 KBytes" -e "BANDWIDTH_BURST=500 KBytes" -e "MAX_MEM=512 MB" -e "HOST_UID=$UID" -v $(pwd)/tor-data:/home/tor/data:Z --name tor-bridge-relay brunneis/tor-relay:x86-64 bridge
Middle relay: docker run -d -p 9001:9001 -p 9030:9030 -e "OR_PORT=9001" -e "DIR_PORT=9030" -e "NICKNAME=YourRelayNickname" -e "[email protected]" -e "BANDWIDTH_RATE=250 KBytes" -e "BANDWIDTH_BURST=500 KBytes" -e "MAX_MEM=512 MB" -e "HOST_UID=$UID" -v $(pwd)/tor-data:/home/tor/data:Z --name tor-middle-relay brunneis/tor-relay:x86-64 middle
Exit relay: docker run -d -p 9001:9001 -p 9030:9030 -e "OR_PORT=9001" -e "DIR_PORT=9030" -e "NICKNAME=YourRelayNickname" -e "[email protected]" -e "BANDWIDTH_RATE=250 KBytes" -e "BANDWIDTH_BURST=500 KBytes" -e "MAX_MEM=512 MB" -e "HOST_UID=$UID" -v $(pwd)/tor-data:/home/tor/data:Z --name tor-exit-relay brunneis/tor-relay:x86-64 exit

How to update a running Tor relay to the latest stable version

When launching a Tor relay with the launch.sh script, you can update the Tor software with the last stable version directly running the update-relay.sh script. For manual updates, you can just kill the running container, pull or build the new Docker image and rerun the container binding the same data directory.

Generate dockerfiles

The script gen-dockerfiles.sh is intended to generate the build contexts for all the supported architectures (x86-64, armhf & arm64) and variants (tor-relay & tor-relay-arm). It has no arguments and makes use of the dockerfile.sh script, which generates a Dockefile given a base image and a variant. The generated dockerfiles were designed to work with modern Ubuntu images and should work with other architectures which Ubuntu support. Note that the tor-relay-arm generated images need to use a tor-relay base image to work.

Usage example: ./dockerfile.sh ubuntu:xenial tor-relay > Dockerfile

arg1 - Docker image
arg2 - image variant (tor-relay or tor-relay-arm)

How to build the images

The build-arch-images.sh script will build all the Docker images for the given architectures as parameters. The images can be manually built with the docker build command within every generated Docker context.

tor-relay-docker's People

Contributors

Stargazers

Watchers

Forkers

torservers stevekleenex mtbf99 nexus-uw scratchcat1 sebastiangode ohsevin tarasa24 5l1v3r1

tor-relay-docker's Issues

Setup ORPort to be IPv4Only

I would like to set the ORPort with the IPv4Only flag like so:
- OPPort = 9001 IPv4Only
Unfortunately currently the environment variable ORPort is split by whitespace, which then creates two separate ORPort entries in the torrc file.

What would be the best way to achieve this? I currently have two ideas:

number the ports in the environment variables like ORPort1 = xyz, ORPort2 = abc and parse them in order.
expose the torrc file in a file mount and allow manual editing without overwriting it on Container creation

gettimeofday failed on tor 0.4.4.6 armhf

While running the image brunneis/tor-relay:0.4.6.6_armhf I had this following error and was unable to start the service.
it seems to be an issue on tor side, maybe 0.4.6.7 resolves this.

============================================================ T= 0
INTERNAL ERROR: Raw assertion failed in Tor 0.4.6.6 at src/lib/wallclock/tor_gettimeofday.c:70: 0
gettimeofday failed
/usr/local/bin/tor(dump_stack_symbols_to_error_fds+0x39)[0x54e4be]
/usr/local/bin/tor(tor_raw_assertion_failed_msg_+0x6f)[0x54ebac]
/usr/local/bin/tor(tor_gettimeofday+0x47)[0x56a390]
/usr/local/bin/tor(+0xb5e98)[0x555e98]
/usr/local/bin/tor(log_fn_+0x33)[0x556614]
/usr/local/bin/tor(tor_assertion_failed_+0x61)[0x5577be]
/usr/local/bin/tor(monotime_get+0x4f)[0x564f20]
/usr/local/bin/tor(+0xc5054)[0x565054]
/usr/local/bin/tor(+0xc57f0)[0x5657f0]
/usr/local/bin/tor(subsystems_init_upto+0x7d)[0x52e3a2]
/usr/local/bin/tor(tor_run_main+0x45)[0x4e9872]
/usr/local/bin/tor(tor_main+0x27)[0x4e8534]
/usr/local/bin/tor(main+0x17)[0x4e8128]
/lib/arm-linux-gnueabihf/libc.so.6(__libc_start_main+0x97)[0xb6b9f9a4]

It works fine with brunneis/tor-relay:0.3.5.7_armhf but this version is not recommended by tor project

AccountingMax would be great

Most of the time I set AccountingMax and AccountingStart. It would be great if we could set this two parameters as well as an environment variable.

Update Tor

Looks like current latest version supported is Tor 0.4.0.5.

Tor 0.4.0.x will be EOL in a few months (Feb 2, 2020)

https://trac.torproject.org/projects/tor/wiki/org/teams/NetworkTeam/CoreTorReleases#Current

Would be great to get support for current stable releases.

Automatically Update Images

Is there a way that you could automatically update the Dockerhub images with the latest Tor client once there's a new release?

Add support for IPv6 relays / multiple ORPort configurations

I'd like to run an IPv6 relay, because apparently there's not enough IPv6 capable relays online. However, this requires me to set two ORPort lines in torrc, like so

ORPort 9001
ORPort [2001:DB8::1]:9001

This is also documented in the Tor relay operators IPv6 HOWTO.

Currently, I can only set one such line through the OR_PORT environment variable. I'm not sure about the best way to define this, since defining multiple environment variables with the same names is not well-supported... Maybe split at whitespace for just the OR_PORT variable? Like so:

OR_PORT="9001 [2001:DB8::1]:9001"

It's not pretty, but it should do the trick. Anyway, thanks for providing this image :)

container won't start

hi,
I am trying to run a middle relay, but the container doesn't start.
in the log there is only "No passwd entry for user 'tor' ", any idea?

thanks

Control Port is not Protected

I see no way to set a password on the control port. When launching the node, it complains that the port is open for anyone to reconfigure Tor. I tried editing env.sh and torrc inside the container but the container has no editor that I can find. I assume no editor was done for security and space reasons but I see no command to either set the control port password or remove the control port when running a new container in the documentation.

Cannot find update-relay.sh in brunneis/tor-relay:x86-64

I don't see update script update-relay.sh in build brunneis/tor-relay:x86-64 so I have no way to update the software. Also, the current version in docker tor-relay-docker (0.3.5.7) gets a complaint that it is out of date.

Docker build uses wrong TOR version

The recently published docker image with tag 0.4.0.5_x86-64 still uses TOR version 0.3.5.7.

I've looked into this and figured out that the TOR version is hardcoded in the Dockerfile. Instead, the version in environment variable $TOR_VERSION should be used, which is set in env.sh, but here is where it gets strange...

I tried to fix this code and submit a quick PR, but I couldn't get it working, because the environment variables were always empty. Well, turns out you can't access the environemt variables of your shell in Dockerfiles, so if we want to make use of the variables in env.sh, we should use ARG statements in the dockerfile and pass the variables as --build-args to the docker build call.

However, you could just change the hardcoded TOR version in the Dockerfile and do the proper fix another time ;)

The docker image for armhf (armv7) is actually built for arm64.

Can you please check it and fix the issue?

Thanks.

Documentation Does not show that Control Port can be edited

Looking through the code, I found control port could be edited but nowhere on GitHub's documentation or Docker's documentation does it mention this.

Needs MaxAdvertisedBandwidth

Relay needs a way to advertise it bandwidth.