{"id":13521863,"url":"https://github.com/kragniz/tor-controller","last_synced_at":"2025-04-22T12:24:30.921Z","repository":{"id":49610575,"uuid":"134624403","full_name":"kragniz/tor-controller","owner":"kragniz","description":"Run Tor onion services on Kubernetes","archived":false,"fork":false,"pushed_at":"2021-09-26T12:13:33.000Z","size":39540,"stargazers_count":540,"open_issues_count":10,"forks_count":31,"subscribers_count":25,"default_branch":"master","last_synced_at":"2024-11-02T06:30:48.400Z","etag":null,"topics":["kubernetes","tor"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kragniz.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-05-23T20:54:01.000Z","updated_at":"2024-09-23T13:34:00.000Z","dependencies_parsed_at":"2022-09-07T09:20:21.549Z","dependency_job_id":null,"html_url":"https://github.com/kragniz/tor-controller","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kragniz%2Ftor-controller","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kragniz%2Ftor-controller/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kragniz%2Ftor-controller/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kragniz%2Ftor-controller/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kragniz","download_url":"https://codeload.github.com/kragniz/tor-controller/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224713610,"owners_count":17357247,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kubernetes","tor"],"created_at":"2024-08-01T06:00:38.829Z","updated_at":"2024-11-16T22:17:17.473Z","avatar_url":"https://github.com/kragniz.png","language":"Go","funding_links":[],"categories":["Go","\u003ca id=\"6e80463404d46f0493cf6e84597e4b5c\"\u003e\u003c/a\u003e工具","Networking Utilities","Applications","Uncategorized"],"sub_categories":["\u003ca id=\"e99ba5f3de02f68412b13ca718a0afb6\"\u003e\u003c/a\u003eTor\u0026\u0026\u0026Onion\u0026\u0026洋葱","Other applications","Uncategorized"],"readme":"\u003cp align=\"center\"\u003e\n  \u003cimg height=\"300\" src=\"https://sr.ht/2mc0.png\"\u003e\n\u003c/p\u003e\n\n\u003ch1 align=\"center\"\u003etor-controller\u003c/h1\u003e\n\n[![Build Status](https://img.shields.io/travis-ci/kragniz/tor-controller.svg?style=flat-square)](https://travis-ci.org/kragniz/tor-controller)\n\nTor is an anonymity network that provides:\n\n- privacy\n- enhanced tamperproofing\n- freedom from network surveillance\n- NAT traversal\n\ntor-controller allows you to create `OnionService` resources in kubernetes.\nThese services are used similarly to standard kubernetes services, but they\nonly serve traffic on the tor network (available on `.onion` addresses).\n\nSee [this page](https://www.torproject.org/docs/onion-services.html.en) for\nmore information about onion services.\n\ntor-controller creates the following resources for each OnionService:\n\n- a service, which is used to send traffic to application pods\n- tor pod, which contains a tor daemon to serve incoming traffic from the tor\n  network, and a management process that watches the kubernetes API and\n  generates tor config, signaling the tor daemon when it changes\n- rbac rules\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://sr.ht/6WbX.png\"\u003e\n\u003c/p\u003e\n\nInstall\n-------\n\nInstall tor-controller:\n\n    $ kubectl apply -f hack/install.yaml\n\nQuickstart with random address\n------------------------------\n\nCreate an onion service, `onionservice.yaml`:\n\n```yaml\napiVersion: tor.k8s.io/v1alpha1\nkind: OnionService\nmetadata:\n  name: basic-onion-service\nspec:\n  version: 2\n  selector:\n    app: example\n  ports:\n  - publicPort: 80\n    targetPort: 80\n```\n\nApply it:\n\n    $ kubectl apply -f onionservice.yaml\n\nView it:\n\n```bash\n$ kubectl get onionservices -o=custom-columns=NAME:.metadata.name,HOSTNAME:.status.hostname\nNAME                    HOSTNAME\nbasic-onion-service     h7px2yyugjqkztrb.onion\n```\n\nExposing a deployment with a fixed address\n------------------------------------------\n\nCreate some deployment to test against, in this example we'll deploy an echoserver. Create `echoserver.yaml`:\n\n```yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: http-app\nspec:\n  replicas: 2\n  selector:\n    matchLabels:\n      app: http-app\n  template:\n    metadata:\n      labels:\n        app: http-app\n    spec:\n      containers:\n      - name: http-app\n        image: gcr.io/google_containers/echoserver:1.8\n        ports:\n        - containerPort: 8080\n```\nApply it:\n\n    $ kubectl apply -f echoserver.yaml\n\nFor a fixed address, we need a private key. This should be kept safe, since\nsomeone can impersonate your onion service if it is leaked.\nGenerate an RSA private key (only valid for v2 onion services, v3 services use Ed25519 instead):\n\n    $ openssl genrsa -out private_key 1024\n\nPut your private key into a secret:\n\n    $ kubectl create secret generic example-onion-key --from-file=private_key\n\nCreate an onion service, `onionservice.yaml`, referencing the private key we just created:\n\n```yaml\napiVersion: tor.k8s.io/v1alpha1\nkind: OnionService\nmetadata:\n  name: example-onion-service\nspec:\n  version: 2\n  selector:\n    app: http-app\n  ports:\n    - targetPort: 8080\n      publicPort: 80\n  privateKeySecret:\n    name: example-onion-key\n    key: private_key\n```\n\nApply it:\n\n    $ kubectl apply -f onionservice.yaml\n\nList active OnionServices:\n\n```\n$ kubectl get onionservices -o=custom-columns=NAME:.metadata.name,HOSTNAME:.status.hostname\nNAME                    HOSTNAME\nexample-onion-service   s2c6qry5bj57vyms.onion\n```\n\nThis service should now be accessable from any tor client,\nfor example [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en):\n\n\u003cp align=\"center\"\u003e\n  \u003cimg src=\"https://sr.ht/FLbP.png\"\u003e\n\u003c/p\u003e\n\nRandom service names\n--------------------\n\nIf `spec.privateKeySecret` is not specified, tor-controller will start a service with a random name.\nThis will remain in use until the tor-daemon pod restarts or is terminated for some other reason.\n\nOnion service versions\n----------------------\n\nThe `spec.version` field specifies which onion protocol to use.\nv2 is the classic and well supported, v3 is the new replacement.\n\nThe biggest difference from a user's point of view is the length of addresses. v2\nservice names are short, like `x3yvl2svtqgzhcyz.onion`. v3 are longer, like\n`ljgpby5ba3xi5osslpdvqsumdb4sbclb2amxtm6a3cwnq7w7sj72noid.onion`.\n\ntor-controller defaults to using v3 if `spec.version` is not specified.\n\n\nUsing with nginx-ingress\n------------------------\n\ntor-controller on its own simply directs TCP traffic to a backend service.\nIf you want to serve HTTP stuff, you'll probably want to pair it with\nnginx-ingress or some other ingress controller.\n\nTo do this, first install nginx-ingress normally. Then point an onion service\nat the nginx-ingress-controller, for example:\n\n```yaml\napiVersion: tor.k8s.io/v1alpha1\nkind: OnionService\nmetadata:\n  name: nginx-onion-service\nspec:\n  version: 2\n  selector:\n    app: nginx-ingress-controller\n    name: nginx-ingress-controller\n  ports:\n  - publicPort: 80\n    targetPort: 80\n    name: http\n  privateKeySecret:\n    name: nginx-onion-key\n    key: private_key\n```\n\nThis can then be used in the same way any other ingress is. Here's a full\nexample, with a default backend and a subdomain:\n\n```yaml\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: http-app\nspec:\n  replicas: 2\n  selector:\n    matchLabels:\n      app: http-app\n  template:\n    metadata:\n      labels:\n        app: http-app\n    spec:\n      containers:\n      - name: http-app\n        image: gcr.io/google_containers/echoserver:1.8\n        ports:\n        - containerPort: 8080\n---\napiVersion: v1\nkind: Service\nmetadata:\n  name: http-app\n  labels:\n    app: http-app\nspec:\n  ports:\n  - port: 80\n    protocol: TCP\n    targetPort: 8080\n  selector:\n    app: http-app\n---\napiVersion: extensions/v1beta1\nkind: Ingress\nmetadata:\n  name: http-app\n  annotations:\n    nginx.ingress.kubernetes.io/rewrite-target: /\nspec:\n  backend:\n    serviceName: default-http-backend\n    servicePort: 80\n  rules:\n  - host: echoserver.h7px3yyugjqkztrb.onion\n    http:\n      paths:\n      - path: /\n        backend:\n          serviceName: http-app\n          servicePort: 8080\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkragniz%2Ftor-controller","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkragniz%2Ftor-controller","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkragniz%2Ftor-controller/lists"}