-
Notifications
You must be signed in to change notification settings - Fork 11
/
Dockerfile
102 lines (88 loc) · 3.27 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
# Dockerfile for Tor Relay Server with obfs4proxy (Multi-Stage build)
FROM golang:alpine AS go-build
# Build /go/bin/obfs4proxy & /go/bin/meek-server
RUN apk --no-cache add --update git \
&& go get -v git.torproject.org/pluggable-transports/obfs4.git/obfs4proxy \
&& go get -v git.torproject.org/pluggable-transports/meek.git/meek-server \
&& cp -rv /go/bin /usr/local/
FROM alpine:latest AS tor-build
ARG TOR_GPG_KEY=0x6AFEE6D49E92B601
# Install prerequisites
RUN apk --no-cache add --update \
gnupg \
build-base \
libevent \
libevent-dev \
libressl \
libressl-dev \
xz-libs \
xz-dev \
zlib \
zlib-dev \
zstd \
zstd-libs \
zstd-dev \
# Install Tor from source, incl. GeoIP files (get latest release version number from Tor ReleaseNotes)
&& TOR_VERSION=$(wget -q https://gitweb.torproject.org/tor.git/plain/ReleaseNotes -O - | grep -E -m1 '^Changes in version\s[0-9]*\.[0-9]*\.[0-9]*\.[0-9]*\s' | sed 's/^.*[^0-9]\([0-9]*\.[0-9]*\.[0-9]*\.[0-9][\s]*\).*$/\1/') \
&& TOR_TARBALL_NAME="tor-${TOR_VERSION}.tar.gz" \
&& TOR_TARBALL_LINK="https://dist.torproject.org/${TOR_TARBALL_NAME}" \
&& wget -q $TOR_TARBALL_LINK \
&& wget $TOR_TARBALL_LINK.asc \
# Reliably fetch the TOR_GPG_KEY
&& found=''; \
for server in \
ha.pool.sks-keyservers.net \
hkp://keyserver.ubuntu.com:80 \
hkp://p80.pool.sks-keyservers.net:80 \
ipv4.pool.sks-keyservers.net \
keys.gnupg.net \
pgp.mit.edu \
; do \
echo "Fetching GPG key $TOR_GPG_KEY from $server"; \
gpg --keyserver "$server" --keyserver-options timeout=10 --recv-keys "$TOR_GPG_KEY" && found=yes && break; \
done; \
test -z "$found" && echo >&2 "error: failed to fetch GPG key $TOR_GPG_KEY" && exit 1; \
gpg --verify $TOR_TARBALL_NAME.asc \
&& tar xf $TOR_TARBALL_NAME \
&& cd tor-$TOR_VERSION \
&& ./configure \
&& make install \
&& ls -R /usr/local/
# Main files created (plus docs):
# /usr/local/bin/tor
# /usr/local/bin/tor-gencert
# /usr/local/bin/tor-resolve
# /usr/local/bin/torify
# /usr/local/share/tor/geoip
# /usr/local/share/tor/geoip6
# /usr/local/etc/tor/torrc.sample
FROM alpine:latest
MAINTAINER Christian chriswayg@gmail.com
# If no Nickname is set, a random string will be added to 'Tor4'
ENV TOR_USER=tord \
TOR_NICKNAME=Tor4
# Installing dependencies of Tor and pwgen
RUN apk --no-cache add --update \
libevent \
libressl \
xz-libs \
zstd-libs \
zlib \
zstd \
pwgen
# Copy obfs4proxy & meek-server
COPY --from=go-build /usr/local/bin/ /usr/local/bin/
# Copy Tor
COPY --from=tor-build /usr/local/ /usr/local/
# Create an unprivileged tor user
RUN addgroup -g 19001 -S $TOR_USER && adduser -u 19001 -G $TOR_USER -S $TOR_USER
# Copy Tor configuration file
COPY ./torrc /etc/tor/torrc
# Copy docker-entrypoint
COPY ./scripts/ /usr/local/bin/
# Persist data
VOLUME /etc/tor /var/lib/tor
# ORPort, DirPort, SocksPort, ObfsproxyPort, MeekPort
EXPOSE 9001 9030 9050 54444 7002
ENTRYPOINT ["docker-entrypoint"]
CMD ["tor", "-f", "/etc/tor/torrc"]