https://github.com/nexus-uw/dockerswarm-hidden-service
docker image for hosting a tor hidden service on docker swarm
https://github.com/nexus-uw/dockerswarm-hidden-service
docker docker-swarm hidden-services swarm tor
Last synced: 3 months ago
JSON representation
docker image for hosting a tor hidden service on docker swarm
- Host: GitHub
- URL: https://github.com/nexus-uw/dockerswarm-hidden-service
- Owner: nexus-uw
- License: unlicense
- Created: 2018-12-08T22:18:14.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2018-12-08T22:39:27.000Z (almost 7 years ago)
- Last Synced: 2025-02-03T06:38:15.753Z (8 months ago)
- Topics: docker, docker-swarm, hidden-services, swarm, tor
- Language: JavaScript
- Size: 10.7 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# dockerswarm-hidden-service (work in progress)
[https://hub.docker.com/r/nexusuw/dockerswarm-hidden-service/](https://hub.docker.com/r/nexusuw/dockerswarm-hidden-service/)
## what is this
docker image for hosting a tor hidden service on docker swarm
## why is does this need to exist
the normal tor program expects direct tcp connections to the services you want to host as hidden services (aka .onion). these require IP address, and not hostnames. normally, I have used the docker swarm provided hostnames for linking my services together, but this will not work in a docker swarm.
## how does this whole thing work
### index.js
look up internal IP address of docker container, write that to the torrc (tor config file), and start up tor process
### health-check.js
keep pinging the IP. if the service moves to a new IP, this will mark the container as unhealthy, causing docker to restart it. thus, it will look up the IP of the new service location.
(note: boot times can be long since it currently needs to get all the tor network info each time on boot)
## how do I use this?
I use the following docker-compose.yml and a pre-generated hidden service private key at ```./private_key```
```
version: '3.6'
services:
# currently service MUST BE NAMED 'caddy' and expect connections on port 80
caddy:
hidden:
image: nexusuw/dockerswarm-hidden-service:latest
secrets:
- source: private_key
target: '/var/lib/tor/hidden_service/private_key'
uid: '100'
gid: '100'
mod: 600
secrets:
private_key:
file: ./private_key
```
## todo
- properly use volumes to preserve tor network state
- let people use their own name for service being hosted
- allow multiple services
- load balancer for multi tor connections?
- generate private keys on demand