{"id":13470564,"url":"https://github.com/cmars/onionpipe","last_synced_at":"2025-04-05T05:07:55.853Z","repository":{"id":38823184,"uuid":"451027194","full_name":"cmars/onionpipe","owner":"cmars","description":"Onion addresses for anything.","archived":false,"fork":false,"pushed_at":"2024-04-27T15:07:14.000Z","size":181,"stargazers_count":449,"open_issues_count":6,"forks_count":29,"subscribers_count":9,"default_branch":"main","last_synced_at":"2024-05-01T20:13:43.759Z","etag":null,"topics":["anonymity","decentralized","forwarding","networking","onion-service","tor","tunneling"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cmars.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-01-23T06:52:13.000Z","updated_at":"2024-08-01T00:00:12.359Z","dependencies_parsed_at":"2023-01-23T13:15:21.188Z","dependency_job_id":"ee2b50bb-2822-4097-8cc0-472411527163","html_url":"https://github.com/cmars/onionpipe","commit_stats":{"total_commits":61,"total_committers":4,"mean_commits":15.25,"dds":0.1311475409836066,"last_synced_commit":"1a01be8eda37f48f8bf37f093e12c5d3bd71a3fe"},"previous_names":["cmars/oniongrok"],"tags_count":28,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmars%2Fonionpipe","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmars%2Fonionpipe/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmars%2Fonionpipe/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cmars%2Fonionpipe/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cmars","download_url":"https://codeload.github.com/cmars/onionpipe/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247289428,"owners_count":20914464,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["anonymity","decentralized","forwarding","networking","onion-service","tor","tunneling"],"created_at":"2024-07-31T16:00:32.047Z","updated_at":"2025-04-05T05:07:55.832Z","avatar_url":"https://github.com/cmars.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# onionpipe\n\nOnion addresses for anything.\n\n`onionpipe` forwards ports on the local host to remote Onion addresses as Tor\nhidden services and vice-versa.\n\n### Why would I want to use this?\n\nonionpipe is a decentralized way to create virtually unstoppable global network\ntunnels.\n\nFor example, you might want to securely publish and access a personal service\nfrom anywhere in the world, across all sorts of network obstructions -- your\nISP doesn't allow ingress traffic to your home lab, your clients might be in\nheavily firewalled environments (public WiFi, mobile tether), etc.\n\nWith onionpipe, that service doesn't need a public IPv4 or IPv6 ingress. You\ncan publish services with a globally-unique persistent onion address, and share\naccess securely and privately to your own allowlist of authorized keys.\n\nYou don't need to rely on, and share your personal data with for-profit\nservices (like Tailscale, ZeroTier, etc.) to get to it.\n\n### What can I do with it right now?\n\nonionpipe sets up socket forwarding tunnels. It's like `socat(1)`, for onions.\n\n#### Export services on local networks to onion addresses\n\nExport localhost port 8000 to a temporary, one-time remote onion address.\n```\nonionpipe 8000\n```\n\nExport localhost port 8000 to temporary remote onion port 80. `~` is shorthand\nfor the forward between source~destination.\n```\nonionpipe 8000~80\n```\n\nExport localhost port 8000 to a persistent remote onion address nicknamed\n'my-app'.\n```\nonionpipe 8000~80@my-app\n```\n\nNicknames can be re-used in multiple forwarding expressions to reference the\nsame onion address. Let's set up a little web forum for our Minecraft server.\n```\nonionpipe 8000~80@minecraft 25565@minecraft\n```\n\nAll the forwards without nicknames use the same temporary address.\n```\nonionpipe 192.168.1.100:8000~80,8080,9000 9090\n```\n\nExport a UNIX socket to an onion address.\n```\nonionpipe /run/server.sock~80\n```\n\nExport to a non-anonymous remote onion service, trading network privacy for\npossibly reduced latency.\n```\nonionpipe --anonymous=false 8000\n```\n\n#### Import onion services to local network interfaces.\n\nImport a remote onion's port 80 to localhost port 80.\n```\nonionpipe xxx.onion:80\n```\n\nImport remote onion port 80 to local port 80 on all interfaces. This can be\nused for creating an ingress to the onion on public networks.\n```\nonionpipe xxx.onion:80~0.0.0.0:80\n```\n\nRunning with Docker is simple and easy, the only caveat is that its the\ncontainer forwarding, so adjust local addresses accordingly.\n\nForward port 80 on Docker host.\n```\ndocker run --rm ghcr.io/cmars/onionpipe:main host.docker.internal:80\n```\n\nIf you're using Podman, exposing the local host network is another option.\n```\npodman run --network=host --rm ghcr.io/cmars/onionpipe:main 8000 \n```\n\nBecause local forwarding addresses are DNS resolved, it's very easy to publish\nhidden services from within Docker Compose or K8s. Check out this\n[nextcloud](examples/nextcloud/docker-compose.yml) example (watch the log for\nthe onion address)!\n\n#### Client auth\n[Client auth](https://community.torproject.org/onion-services/advanced/client-auth/)\nis great for securing personal services over Tor. How to use it:\n\nAlice creates a new client auth public key pair.\n\n```\nonionpipe client new alice\n```\n\n```\n{\n  \"alice\": {\n    \"identity\": \"p2pof7vumwsrqqavtovfwqqaw6cqzvtqqe7cjvxt754k6j7blufa\"\n  }\n}\n```\n\nAlice shares this public key with Bob, who forwards an onion service that only\nAlice can use.\n\n```\nonionpipe --require-auth p2pof7vumwsrqqavtovfwqqaw6cqzvtqqe7cjvxt754k6j7blufa 8000~80@test\n```\n\n```\n2022/02/13 21:25:46 starting tor...\n127.0.0.1:8000 =\u003e sd6aq2r6jvuoeisrudq7jbqufjh6nck5buuzjmgalicgwrobgfj4lkqd.onion:80\n```\n\nAlice can use her client private key to connect to this onion and forward to a\nlocal port.\n\n```\nonionpipe --auth alice sd6aq2r6jvuoeisrudq7jbqufjh6nck5buuzjmgalicgwrobgfj4lkqd.onion:80~7000\n```\n\n```\n2022/02/13 21:29:17 starting tor...\nsd6aq2r6jvuoeisrudq7jbqufjh6nck5buuzjmgalicgwrobgfj4lkqd.onion:80 =\u003e 127.0.0.1:7000\n```\n\n### How do I install it?\n\nEach commit into main triggers an automated release, which publishes a Docker\nimage.\n\n#### Docker\n\nThe provided `Dockerfile` builds a minimal image that can run onionpipe in a\ncontainer with the latest Tor release from the Tor Project. Build and runtime\nis Debian-based.\n\n#### Local build\n\nIn a local clone of this project,\n\n    make onionpipe\n\nThe built binary `onionpipe` will require a `tor` daemon executable to be in\nyour `$PATH`.\n\n#### Static standalone binary with libtor\n\nSee the [latest release](https://github.com/cmars/onionpipe/releases/latest)\nfor Linux and Darwin binaries.\n\nShould theoretically work on: Linux, Darwin, Android (gomobile) according to\nthe [berty.tech/go-libtor](https://github.com/berty/go-libtor) README. There\nare some quirks; see comments in `tor/init_libtor.go` for details.\n\nIn a local clone of this project,\n\n    make onionpipe_libtor\n\nThis will take a long time the first time you build, because it compiles CGO\nwrappers for Tor and its dependencies.\n\nYou'll need to have C library dependencies installed for the build to work:\n\n- tor\n- openssl\n- libevent\n- zlib\n\nIf you're on NixOS, you can run `nix-shell` in this directory to get these\ndependencies installed into your shell context.\n\n### What features are planned?\n\nDeclare forwards and operate from a yaml file rather than CLI arguments.\n\n```\nonionpipe --config config.yaml\n```\n\nConsidering a fancy TUI.\n\nConsidering a control plane for onionpipe SDN orchestration.\n\nStay tuned.\n\n### How can I contribute?\n\nDonate to the Tor project with your dollar, or by hosting honest proxies and\nexit nodes. If you like and use this project, support the public infrastructure\nthat benefits us all and makes this wonderful magic possible.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcmars%2Fonionpipe","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcmars%2Fonionpipe","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcmars%2Fonionpipe/lists"}