diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..afd18f5 --- /dev/null +++ b/Makefile @@ -0,0 +1,23 @@ +test: + tox + +check: + pre-commit run --all-files + +build: + docker-compose build + +run: build + docker-compose up + +build-v2: + docker-compose -f docker-compose.v2.yml build + +run-v2: build-v2 + docker-compose -f docker-compose.v2.yml up + +build-v3: + docker-compose -f docker-compose.v3.yml build + +run-v3: build-v3 + docker-compose -f docker-compose.v3.yml up diff --git a/README.md b/README.md index 78ec278..5d0bdef 100644 --- a/README.md +++ b/README.md @@ -122,6 +122,14 @@ __Warning__: Be carefull to not use the same exposed ports for grouped services. Links setting are required when using docker-compose v2. See `docker-compose.v2.yml` for example. +### Copose v3 support and secrets + +Links setting are required when using docker-compose v3. See `docker-compose.v3.yml` for example. + +#### Secrets + +Secret key can be set through docker `secrets`, see `docker-compose.v3.yml` for example. + ### Tools A command line tool `onions` is available in container to get `.onion` url when container is running. diff --git a/assets/entrypoint-config.yml b/assets/entrypoint-config.yml index 8bceaa8..0266ec9 100644 --- a/assets/entrypoint-config.yml +++ b/assets/entrypoint-config.yml @@ -6,12 +6,12 @@ group: tor secret_env: - '*_KEY' - '*_PORTS' + - '*_SERVICE_NAME' pre_conf_commands: - onions --setup-hosts post_conf_commands: - - onions - chown -R tor:tor $HOME reload: diff --git a/assets/onions/onions/Service.py b/assets/onions/onions/Service.py index d153125..6b0d605 100644 --- a/assets/onions/onions/Service.py +++ b/assets/onions/onions/Service.py @@ -118,6 +118,8 @@ class ServicesGroup(object): def load_key_from_secrets(self): 'Load key from docker secret using service name' secret_file = os.path.join('/run/secrets', self.name) + if not os.path.exists(secret_file): + return try: self._load_key(secret_file) self._key_in_secrets = True diff --git a/docker-compose.v3.yml b/docker-compose.v3.yml new file mode 100644 index 0000000..293c902 --- /dev/null +++ b/docker-compose.v3.yml @@ -0,0 +1,53 @@ +# docker version 3 example + +version: "3.1" + +services: + tor: + image: goldy/tor-hidden-service + build: . + links: + - hello + - world + - again + environment: + # Set mapping ports + HELLO_PORTS: 80:80,800:80,8888:80 + + WORLD_PORTS: 8000:80 + + AGAIN_PORTS: 88:80 + + # hello and again will share the same onion_adress + AGAIN_SERVICE_NAME: foo + HELLO_SERVICE_NAME: foo + + # Keep keys in volumes + volumes: + - tor-keys:/var/lib/tor/hidden_service/ + + # Set secret for key, use the same name as the service + secrets: + - source: foo + target: foo + mode: 0400 + + hello: + image: tutum/hello-world + hostname: hello + + world: + image: tutum/hello-world + hostname: world + + again: + image: tutum/hello-world + hostname: again + +volumes: + tor-keys: + driver: local + +secrets: + foo: + file: ./foo_private_key diff --git a/foo_private_key b/foo_private_key new file mode 100644 index 0000000..48d2330 --- /dev/null +++ b/foo_private_key @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C +NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH +dnFnHEcsllSEqD1hPAAvMUWwSMJaNmBEFtl8DUMS9tPX5fWGX4w5Xx8dZwIDAQAB +AoGBAMb20jMHxaZHWg2qTRYYJa8LdHgS0BZxkWYefnBUbZn7dOz7mM+tddpX6raK +8OSqyQu3Tc1tB9GjPLtnVr9KfVwhUVM7YXC/wOZo+u72bv9+4OMrEK/R8xy30XWj +GePXEu95yArE4NucYphxBLWMMu2E4RodjyJpczsl0Lohcn4BAkEA+XPaEKnNA3AL +1DXRpSpaa0ukGUY/zM7HNUFMW3UP00nxNCpWLSBmrQ56Suy7iSy91oa6HWkDD/4C +k0HslnMW5wJBANdz4ehByMJZmJu/b5y8wnFSqep2jmJ1InMvd18BfVoBTQJwGMAr ++qwSwNXXK2YYl9VJmCPCfgN0o7h1AEzvdYECQAM5UxUqDKNBvHVmqKn4zShb1ugY +t1RfS8XNbT41WhoB96MT9P8qTwlniX8UZiwUrvNp1Ffy9n4raz8Z+APNwvsCQQC9 +AuaOsReEmMFu8VTjNh2G+TQjgvqKmaQtVNjuOgpUKYv7tYehH3P7/T+62dcy7CRX +cwbLaFbQhUUUD2DCHdkBAkB6CbB+qhu67oE4nnBCXllI9EXktXgFyXv/cScNvM9Y +FDzzNAAfVc5Nmbmx28Nw+0w6pnpe/3m0Tudbq3nHdHfQ +-----END RSA PRIVATE KEY-----