├── Dockerfile ├── README.md ├── start-tor └── torrc /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM patrickod/docker-tor 2 | MAINTAINER Patrick O'Doherty 3 | 4 | RUN mkdir -p /var/lib/tor/hidden-service 5 | RUN chown -R root:root /var/lib/tor/hidden-service 6 | RUN chmod -R 600 /var/lib/tor/hidden-service 7 | VOLUME /var/lib/tor/hidden-service 8 | 9 | ADD ./torrc /etc/torrc 10 | ADD ./start-tor /bin/start-tor 11 | 12 | CMD /bin/start-tor 13 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Docker tor hidden services 2 | 3 | This docker container allows you to easily expose ports on other containers as hidden services on the tor network. 4 | 5 | ## Usage 6 | 7 | Lets say you have docker container running a web app that you want to expose as a hidden service on the tor network. In this container's Dockerfile it contains the following instruction. 8 | 9 | ``` 10 | EXPOSE 80 11 | ``` 12 | 13 | Running this as a hidden service is as simple as the following two commands 14 | 15 | ```bash 16 | $ docker run -d my-awesome-app 17 | $ docker run --link my-hidden-web-app:web -d patrickod/docker-tor-hidden-service 18 | ``` 19 | 20 | This will expose port 80 on the hidden service domain and direct it to your linked container. 21 | 22 | ## Why ? 23 | 24 | Two reasons mainly. 25 | 26 | The more traffic the tor network has the more resilient it becomes to statistical correlation attacks. 27 | 28 | Hidden services are a hugely important feature of the tor network and I wanted to make them more readily accessible to the world. By removing any slight configuration overhead I'm hoping to encourage their widespread use. They're incredibly useful even in situations where anonymity is not the main objective. Using hidden services to break NAT is also a common use case for example 29 | 30 | -------------------------------------------------------------------------------- /start-tor: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | REGEX='\([0-9]*\)_TCP=tcp://\([0-9]\{1,3\}\.\)\{3\}\([0-9]\)\{1,3\}\:\([0-9]*\)' 4 | 5 | env | grep -o $REGEX | sed -e "s/_TCP=tcp:\/\// /" -e "s/:/ /" | awk '{ printf "HiddenServicePort %s %s:%s\n", $1, $2, $3 }' >> /etc/torrc 6 | 7 | /usr/local/bin/tor -f /etc/torrc 8 | -------------------------------------------------------------------------------- /torrc: -------------------------------------------------------------------------------- 1 | ## Configuration file for a typical Tor user 2 | ## Last updated 22 April 2012 for Tor 0.2.3.14-alpha. 3 | ## (may or may not work for much older or much newer versions of Tor.) 4 | ## 5 | ## Lines that begin with "## " try to explain what's going on. Lines 6 | ## that begin with just "#" are disabled commands: you can enable them 7 | ## by removing the "#" symbol. 8 | ## 9 | ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, 10 | ## for more options you can use in this file. 11 | ## 12 | ## Tor will look for this file in various places based on your platform: 13 | ## https://www.torproject.org/docs/faq#torrc 14 | 15 | ## Tor opens a socks proxy on port 9050 by default -- even if you don't 16 | ## configure one below. Set "SocksPort 0" if you plan to run Tor only 17 | ## as a relay, and not make any local application connections yourself. 18 | #SocksPort 9050 # Default: Bind to localhost:9050 for local connections. 19 | #SocksPort 192.168.0.1:9100 # Bind to this adddress:port too. 20 | 21 | ## Logs go to stdout at level "notice" unless redirected by something 22 | ## else, like one of the below lines. You can have as many Log lines as 23 | ## you want. 24 | ## 25 | ## We advise using "notice" in most cases, since anything more verbose 26 | ## may provide sensitive information to an attacker who obtains the logs. 27 | ## 28 | ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log 29 | #Log notice file /var/log/tor/notices.log 30 | ## Send every possible message to /var/log/tor/debug.log 31 | #Log debug file /var/log/tor/debug.log 32 | ## Use the system log instead of Tor's logfiles 33 | Log notice syslog 34 | ## To send all messages to stderr: 35 | #Log debug stderr 36 | 37 | ## Uncomment this to start the process in the background... or use 38 | ## --runasdaemon 1 on the command line. This is ignored on Windows; 39 | ## see the FAQ entry if you want Tor to run as an NT service. 40 | #RunAsDaemon 1 41 | 42 | ## The directory for keeping all the keys/etc. By default, we store 43 | ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. 44 | DataDirectory /var/lib/tor 45 | 46 | ############### This section is just for location-hidden services ### 47 | 48 | ## Once you have configured a hidden service, you can look at the 49 | ## contents of the file ".../hidden_service/hostname" for the address 50 | ## to tell people. 51 | ## 52 | ## HiddenServicePort x y:z says to redirect requests on port x to the 53 | ## address y:z. 54 | 55 | #HiddenServiceDir /var/lib/tor/hidden_service/ 56 | #HiddenServicePort 80 127.0.0.1:80 57 | 58 | #HiddenServiceDir /var/lib/tor/other_hidden_service/ 59 | #HiddenServicePort 80 127.0.0.1:80 60 | #HiddenServicePort 22 127.0.0.1:22 61 | 62 | HiddenServiceDir /var/lib/tor/hidden-service 63 | --------------------------------------------------------------------------------