From ccfdb851cc383cfd0c4bc54787875643ad0ebc0a Mon Sep 17 00:00:00 2001 From: Christophe Mehay Date: Mon, 7 Mar 2016 03:43:12 +0100 Subject: [PATCH] Using pyentrypoint --- Dockerfile | 19 +++++------- README.md | 6 ++++ assets/display_onions.py | 13 ++++++++ assets/docker-entrypoint.sh | 22 -------------- assets/entrypoint-config.yml | 14 +++++++++ assets/tor_config.py | 59 ------------------------------------ assets/torrc | 12 ++++++++ docker-compose.yml | 7 ++++- 8 files changed, 59 insertions(+), 93 deletions(-) create mode 100644 assets/display_onions.py delete mode 100644 assets/docker-entrypoint.sh create mode 100644 assets/entrypoint-config.yml delete mode 100644 assets/tor_config.py create mode 100644 assets/torrc diff --git a/Dockerfile b/Dockerfile index a526b76..74cb009 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,23 +1,20 @@ FROM debian:jessie ENV DEBIAN_FRONTEND=noninteractive +ENV HOME /var/lib/tor -RUN apt-get update && apt-get install -y \ +RUN apt-get update && apt-get install --no-install-recommends -y \ tor \ - python3 \ - git \ - ca-certificates + python3-pip -ADD assets/docker-entrypoint.sh / -ADD assets/tor_config.py / +RUN pip3 install pyentrypoint==0.2.1 -RUN chmod +x /docker-entrypoint.sh - -RUN git clone https://github.com/cmehay/python-docker-tool.git /docker --branch=old -RUN touch /docker/__init__.py +ADD assets/entrypoint-config.yml / +ADD assets/display_onions.py / +ADD assets/torrc /etc/tor/torrc VOLUME ["/var/lib/tor/hidden_service/"] -ENTRYPOINT ["/docker-entrypoint.sh"] +ENTRYPOINT ["pyentrypoint"] CMD ["tor"] diff --git a/README.md b/README.md index f8c1aeb..833c5d4 100644 --- a/README.md +++ b/README.md @@ -19,3 +19,9 @@ $ docker run -ti --link something --volume /path/to/keys:/var/lib/tor/hidden_ser ``` Look at the `docker-compose.yml` file to see own to use it. + +### pyentrypoint + +This container is using [`pyentrypoint`](https://github.com/cmehay/pyentrypoint) to generate its setup. + +If you need to use the legacy version, please checkout to the `legacy` branch or pull `goldy/tor-hidden-service:legacy`. diff --git a/assets/display_onions.py b/assets/display_onions.py new file mode 100644 index 0000000..6f2e1ea --- /dev/null +++ b/assets/display_onions.py @@ -0,0 +1,13 @@ +import os + +for root, dirs, _ in os.walk("/var/lib/tor/hidden_service/", topdown=False): + for service in dirs: + filename = "{root}{service}/hostname".format( + service=service, + root=root + ) + with open(filename, 'r') as hostfile: + print('{service}: {onion}'.format( + service=service, + onion=hostfile.read() + )) diff --git a/assets/docker-entrypoint.sh b/assets/docker-entrypoint.sh deleted file mode 100644 index 14b90f9..0000000 --- a/assets/docker-entrypoint.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -set -e - -if [ "${1:0:1}" == '-' ]; then - set -- tor $@ -fi - -if [ "$1" == "tor" ]; then - # Set config - python3 ./tor_config.py - - # set rights on keys - chown -R debian-tor:debian-tor /var/lib/tor/hidden_service/ - chmod -R 700 /var/lib/tor/hidden_service/ - - # Switch user - - set -- su debian-tor -s /bin/sh -c "$@" -fi - -exec "$@" diff --git a/assets/entrypoint-config.yml b/assets/entrypoint-config.yml new file mode 100644 index 0000000..67d85d4 --- /dev/null +++ b/assets/entrypoint-config.yml @@ -0,0 +1,14 @@ +command: tor + +user: debian-tor +group: debian-tor + +config_files: + - /etc/tor/torrc + +post_conf_commands: + - timeout 3s tor > /dev/null || true + - python3 /display_onions.py + - chown -R debian-tor:debian-tor $HOME + +debug: false diff --git a/assets/tor_config.py b/assets/tor_config.py deleted file mode 100644 index 5cfbabb..0000000 --- a/assets/tor_config.py +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/python3 - -import os -from docker import docker -from subprocess import call - -# Generate conf for tor hidden service -def set_conf(): - rtn = [] - links = docker.get_links() - with open("/etc/tor/torrc", "a") as conf: - for link in links: - path = "/var/lib/tor/hidden_service/{service}".format(service=link) - env_port = links[link]['environment'].get('PORT') - # Test if link has ports - if len(links[link]['ports']) == 0 and not env_port: - print("{link} has no port") - continue - conf.write('HiddenServiceDir {path}\n'.format(path=path)) - rtn.append(link) - for port in links[link]['ports']: - if links[link]['ports'][port]['protocol'] == 'UDP': - continue - service = '{port} {ip}:{port}'.format( - port=port, ip=links[link]['ip'] - ) - conf.write('HiddenServicePort {service}\n'.format( - service=service - )) - if env_port: - service = '80 {ip}:{port}'.format( - port=env_port, ip=links[link]['ip'] - ) - conf.write('HiddenServicePort {service}\n'.format( - service=service - )) - # set relay if enabled in env (not so secure) - if 'RELAY' in os.environ: - conf.write("ORPort 9001\n") - # Disable local socket - conf.write("SocksPort 0\n") - return rtn - -def gen_host(services): - # Run tor to generate keys if they doesn't exist - call(["sh", "-c", "timeout 3s tor > /dev/null"]) - for service in services: - filename = "/var/lib/tor/hidden_service/{service}/hostname".format( - service=service - ) - with open(filename, 'r') as hostfile: - print('{service}: {onion}'.format( - service=service, - onion=hostfile.read() - )) - -if __name__ == '__main__': - services = set_conf() - gen_host(services) diff --git a/assets/torrc b/assets/torrc new file mode 100644 index 0000000..3872d8e --- /dev/null +++ b/assets/torrc @@ -0,0 +1,12 @@ +{% for container in containers %} +HiddenServiceDir /var/lib/tor/hidden_service/{{container.names[0]}} +{% for link in container.links %} +HiddenServicePort {{link.port}} {{link.ip}}:{{link.port}} +{% endfor %} +{% endfor %} + +{% if 'RELAY' in environ %} +ORPort 9001 +{% endif %} + +SocksPort 0 diff --git a/docker-compose.yml b/docker-compose.yml index 3a04024..33c52b5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -4,7 +4,12 @@ tor: image: goldy/tor-hidden-service links: - hello + - world hello: image: tutum/hello-world - hostname: hello-world + hostname: hello + +world: + image: tutum/hello-world + hostname: world