Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/fphammerle/docker-onion-service
hidden tor .onion service 🐳
https://github.com/fphammerle/docker-onion-service
docker network onion-service podman security tor
Last synced: 2 months ago
JSON representation
hidden tor .onion service 🐳
- Host: GitHub
- URL: https://github.com/fphammerle/docker-onion-service
- Owner: fphammerle
- Created: 2018-12-27T00:12:30.000Z (over 5 years ago)
- Default Branch: master
- Last Pushed: 2024-04-27T04:30:50.000Z (3 months ago)
- Last Synced: 2024-04-27T06:33:20.563Z (3 months ago)
- Topics: docker, network, onion-service, podman, security, tor
- Language: Makefile
- Homepage: https://hub.docker.com/r/fphammerle/onion-service
- Size: 240 KB
- Stars: 15
- Watchers: 3
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
Lists
- awesome-stars - fphammerle/docker-onion-service - hidden tor .onion service 🐳 (Makefile)
README
# docker: hidden tor .onion service 🐳
repo: https://github.com/fphammerle/docker-onion-service
docker hub: https://hub.docker.com/r/fphammerle/onion-service/tags
signed tags: https://github.com/fphammerle/docker-onion-service/tags
defaults to creating a [v3](https://trac.torproject.org/projects/tor/wiki/doc/NextGenOnions) service
## example 1
```sh
$ sudo docker run --name onion_service \
-e VIRTUAL_PORT=80 -e TARGET=1.2.3.4:8080 \
fphammerle/onion-service
```
## example 2
```sh
$ sudo docker create --name onion_service \
--env VERSION=3 \
--env VIRTUAL_PORT=80 \
--env TARGET=1.2.3.4:8080 \
--volume onion-key:/onion-service \
--restart unless-stopped \
--cap-drop all --security-opt no-new-privileges \
fphammerle/onion-service:latest
$ sudo docker start onion_service
```
optionally add `--read-only --tmpfs /tmp:rw,size=4k`
to make the container's root filesystem read only
## retrieve hostname
```sh
$ sudo docker exec onion_service cat /onion-service/hostname
abcdefghijklmnopqrstuvwxyz1234567890abcdefghijklmnopqrst.onion
```
## single-hop mode
in single-hop mode connections from the onion service
to introduction & rendezvous points will be direct
and thus no longer anonymous:
```sh
$ sudo docker run -e NON_ANONYMOUS_SINGLE_HOP_MODE=1 …
```
useful to reduce latency (e.g. clearnet http servers setting `alt-svc` header)
## show circuits
```sh
$ sudo docker exec onion_service \
sh -c 'printf "AUTHENTICATE\nGETINFO circuit-status\nQUIT\n" | nc localhost 9051'
```
relay search: https://metrics.torproject.org/rs.html
## docker-compose 🐙
1. `git clone https://github.com/fphammerle/docker-onion-service`
2. edit `docker-compose.yml`
3. `sudo docker-compose up --build`
## further reading
[onion service protocol overview](https://community.torproject.org/onion-services/overview/)
[operational security](https://community.torproject.org/onion-services/advanced/opsec/)
### http
ways to publish onion services:
* alt-svc header:
[cloudflare blog](https://blog.cloudflare.com/cloudflare-onion-service/),
[privacytools.io](https://web.archive.org/web/20210116140200/https://write.privacytools.io/jonah/securing-services-with-tor-and-alt-svc),
[comparison](https://medium.com/@alecmuffett/different-ways-to-add-tor-onion-addresses-to-your-website-39106e2506f9),
[syntax](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Alt-Svc),
[spec](https://tools.ietf.org/html/rfc7838)
* onion-location header:
[apache & nginx setup](https://community.torproject.org/onion-services/advanced/onion-location/),
[announcement for android](https://blog.torproject.org/comment/288078)