{"id":13775673,"url":"https://github.com/cyphar/mkonion","last_synced_at":"2026-03-16T17:37:05.975Z","repository":{"id":57501153,"uuid":"49772910","full_name":"cyphar/mkonion","owner":"cyphar","description":"A simple way to create a Tor onion service for existing Docker containers.","archived":false,"fork":false,"pushed_at":"2016-12-16T07:42:49.000Z","size":609,"stargazers_count":82,"open_issues_count":0,"forks_count":6,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-01T05:11:53.759Z","etag":null,"topics":["docker","onion-service","tor"],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyphar.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-01-16T12:43:29.000Z","updated_at":"2024-02-27T00:19:51.000Z","dependencies_parsed_at":"2022-09-04T04:02:17.186Z","dependency_job_id":null,"html_url":"https://github.com/cyphar/mkonion","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Fmkonion","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Fmkonion/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Fmkonion/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphar%2Fmkonion/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyphar","download_url":"https://codeload.github.com/cyphar/mkonion/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244777835,"owners_count":20508793,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","onion-service","tor"],"created_at":"2024-08-03T17:01:45.822Z","updated_at":"2026-03-16T17:37:05.932Z","avatar_url":"https://github.com/cyphar.png","language":"Go","funding_links":[],"categories":["\u003ca id=\"6e80463404d46f0493cf6e84597e4b5c\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"e99ba5f3de02f68412b13ca718a0afb6\"\u003e\u003c/a\u003eTor\u0026\u0026\u0026Onion\u0026\u0026洋葱"],"readme":"## `mkonion` ##\n\n`mkonion` is a very simple tool to allow you to set up a Tor Onion Service (also\nknown as a Tor Hidden Service) for an existing Docker container. It takes\nadvantage of `docker inspect` and other such features to figure out what ports\nyou might want to add to your hidden service. I have plans to allow you to create\nmultiple hidden services for a single container (I'm not sure why, but someone\nis bound to need that).\n\nThe point of this project is for this to be as turn-key as possible, in order to\nmake it as easy as possible for people to try out Tor Onion Services with their\nexisting Docker setup.\n\n### Usage ###\n\nThe basic usage is the following:\n\n```\n% mkonion [-k private_key] [-p [onion:]container]... \u003ccontainer\u003e\n```\n\nSimple as that. You don't need to have any Tor setup, as `mkonion` includes\ninside it all of the required `Dockerfile` and configuration information to set\nup a new Tor container. If you want to take a closer look, check out `fakebuild.go`.\n\n### Requirements ###\n\n`mkonion` depends on first-class networking in the Docker daemon, which means\nyour Docker daemon must be at least version `1.9.0`. Any earlier versions could\nbe made to work with some hacks, but without first-class networking it can't work\nreliably and easily.\n\n### Recommendations ###\n\nIt's recommended to route all of your main container's traffic exclusively\nthrough Tor (using the [Tor networking driver][tor-network]), so if your service\ngets hacked the attacker cannot effectively retrieve your external IP address.\n\nIf you're planning to use this on a service which requires server anonymity as a\nconstraint, ensure that you remove all uniquely identifying information. Running\nyour service in Tor masks your IP address in some senses, if you route all of the\ntraffic through Tor. But you should also take steps to configure your server to\nnot leak information, as well as reducing how easily [your writing can be fingerprinted][anonymouth].\n\n[tor-network]: https://github.com/jfrazelle/onion\n[anonymouth]: https://github.com/psal/anonymouth\n\n### Overview ###\n\nBasically, `mkonion` automates the following steps:\n\n1. Create a new `bridge` network, connect the target container to the network.\n2. Generate a `torrc` which defines a Tor Onion Service that forwards all of the\n   exposed ports of the target container to the new network's IP for the target.\n3. Start a new Tor daemon in middle relay mode in a container connected to the\n   new network.\n\nYou could in principle emulate `mkonion` with something like:\n\n```\n% docker network create --driver=bridge mkonion\n% docker network connect mkonion \u003ctarget\u003e\n% # Manually create a new torrc based on this:\n% docker inspect \u003ctarget\u003e\n% docker build -t \u003ctor image\u003e .\n% docker run --net=mkonion \u003ctor image\u003e\n```\n\nBut who wants all of that typing?\n\n### Why Onion Services? ###\n\nThere are multiple reasons, the first and foremost being that it is (from my\nunderstanding of the underlying technology) much more privacy-preserving for your\nend users. If a user wants to access your website using Tor and you don't have a\nproblem with that, you should provide an onion address because it will protect\nthem from certain passive surveillance attacks (as well as misconfigurations that\ncause them to accidentally connect directly to your service).\n\nHowever, there are other cool reasons to use Tor Onion Services:\n\n* NAT Punching means that you can connect to a Tor Onion Service even if it is\n  hosted behind a NAT. This is an incredibly useful feature (you can access your\n  internal services from the internet with much fewer problems than port-forwarding\n  what you need).\n\n* Your host can be hidden, as the current incarnation of Tor Onion Service sets\n  up a full Tor circuit for all three introduction points, the HSDir nodes and\n  the rendezvous node. This results in both the client and server having quite\n  good anonymity properties (although the server's anonymity properties are known\n  to be weaker than the client, because the server can be coerced to send data\n  through its Tor circuits).\n\n* By making more services available through `.onion` addresses, Tor Onion Services\n  become more normalised and people are far less suspicious of such addresses.\n  This is critical for the movement for online privacy, making people aware of\n  the benefits of Tor and of `.onion` addressing.\n\nMost importantly, because this project is so simple to use and is self-contained,\nyou lose nothing by starting this up on your services. At the very least, I hope\nyou'll try this out on your local machine so you can access your local dockerised\nservices from the internet using Tor.\n\n### License ###\n\nThis project is licensed under the MPLv2 License, which allows people to vendor\nthis code into a non-GPL project without compromising the protection of the\ncopyleft of users.\n\n```\nmkonion: create a Tor onion service for existing Docker containers\nCopyright (C) 2016 Aleksa Sarai \u003ccyphar@cyphar.com\u003e\n\nThis Source Code Form is subject to the terms of the Mozilla Public\nLicense, v. 2.0. If a copy of the MPL was not distributed with this\nfile, You can obtain one at http://mozilla.org/MPL/2.0/.\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyphar%2Fmkonion","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyphar%2Fmkonion","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyphar%2Fmkonion/lists"}