Add tor v3 addresses support

2025-05-04 20:30:34 +00:00 · 2019-04-03 16:11:09 +02:00 · 2019-04-03 16:11:09 +02:00 · d3252e276e
commit d3252e276e
parent 8d562ed2e6
24 changed files with 1086 additions and 225 deletions
--- a/README.md
+++ b/README.md
@ -2,7 +2,161 @@

 [![Build Status](https://travis-ci.org/cmehay/docker-tor-hidden-service.svg?branch=master)](https://travis-ci.org/cmehay/docker-tor-hidden-service)

-Create a tor hidden service with a link
+## Setup
+
+### Setup hosts
+
+From 2019, new conf to handle tor v3 address has been added. Here an example with `docker-compose` v2+:
+
+```yaml
+version: "2"
+
+services:
+  tor:
+    image: goldy/tor-hidden-service:0.3.5.8
+    links:
+      - hello
+      - world
+      - again
+    environment:
+        # Set mapping ports
+        HELLO_TOR_SERVICE_HOSTS: 80:hello:80,800:hello:80,8888:hello:80
+        # Set private key
+        HELLO_TOR_SERVIVE_KEY: |
+            -----BEGIN RSA PRIVATE KEY-----
+            MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C
+            NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH
+            dnFnHEcsllSEqD1hPAAvMUWwSMJaNmBEFtl8DUMS9tPX5fWGX4w5Xx8dZwIDAQAB
+            AoGBAMb20jMHxaZHWg2qTRYYJa8LdHgS0BZxkWYefnBUbZn7dOz7mM+tddpX6raK
+            8OSqyQu3Tc1tB9GjPLtnVr9KfVwhUVM7YXC/wOZo+u72bv9+4OMrEK/R8xy30XWj
+            GePXEu95yArE4NucYphxBLWMMu2E4RodjyJpczsl0Lohcn4BAkEA+XPaEKnNA3AL
+            1DXRpSpaa0ukGUY/zM7HNUFMW3UP00nxNCpWLSBmrQ56Suy7iSy91oa6HWkDD/4C
+            k0HslnMW5wJBANdz4ehByMJZmJu/b5y8wnFSqep2jmJ1InMvd18BfVoBTQJwGMAr
+            +qwSwNXXK2YYl9VJmCPCfgN0o7h1AEzvdYECQAM5UxUqDKNBvHVmqKn4zShb1ugY
+            t1RfS8XNbT41WhoB96MT9P8qTwlniX8UZiwUrvNp1Ffy9n4raz8Z+APNwvsCQQC9
+            AuaOsReEmMFu8VTjNh2G+TQjgvqKmaQtVNjuOgpUKYv7tYehH3P7/T+62dcy7CRX
+            cwbLaFbQhUUUD2DCHdkBAkB6CbB+qhu67oE4nnBCXllI9EXktXgFyXv/cScNvM9Y
+            FDzzNAAfVc5Nmbmx28Nw+0w6pnpe/3m0Tudbq3nHdHfQ
+            -----END RSA PRIVATE KEY-----
+
+        # hello and again will share the same onion v3 address
+        FOO_TOR_SERVICE_HOSTS: 88:again:80,8000:world:80
+        FOO_TOR_SERVICE_VERSION: '3'
+        # tor v3 address private key base 64 encoded
+        FOO_TOR_SERVICE_KEY: |
+            PT0gZWQyNTUxOXYxLXNlY3JldDogdHlwZTAgPT0AAACArobDQYyZAWXei4QZwr++
+            j96H1X/gq14NwLRZ2O5DXuL0EzYKkdhZSILY85q+kfwZH8z4ceqe7u1F+0pQi/sM
+
+  hello:
+    image: tutum/hello-world
+    hostname: hello
+
+  world:
+    image: tutum/hello-world
+    hostname: world
+
+  again:
+    image: tutum/hello-world
+    hostname: again
+```
+
+This configuration will output:
+
+```
+foo: xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:88, xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion:8000
+hello: 5azvyr7dvvr4cldn.onion:80, 5azvyr7dvvr4cldn.onion:800, 5azvyr7dvvr4cldn.onion:8888
+```
+
+#### Environment variables
+
+##### `{SERVICE}_TOR_SERVICE_HOSTS`
+
+The config patern for this variable is: `{exposed_port}:{hostname}:{port}}`
+
+For example `80:hello:8080` will expose a onion service on port 80 to the port 8080 of hello hostname.
+
+You can concatenate services using comas.
+
+##### `{SERVICE}_TOR_SERVICE_VERSION`
+
+Can be `2` or `3`. Set the tor address type.
+
+`2` gives short addresses `5azvyr7dvvr4cldn.onion` and `3` long addresses `xwjtp3mj427zdp4tljiiivg2l5ijfvmt5lcsfaygtpp6cw254kykvpyd.onion`
+
+
+##### `{SERVICE}_TOR_SERVICE_KEY`
+
+You can set the private key for the current service.
+
+Tor v2 addresses uses RSA PEM keys like:
+```
+-----BEGIN RSA PRIVATE KEY-----
+MIICXQIBAAKBgQDR8TdQF9fDlGhy1SMgfhMBi9TaFeD12/FK27TZE/tYGhxXvs1C
+NmFJy1hjVxspF5unmUsCk0yEsvEdcAdp17Vynz6W41VdinETU9yXHlUJ6NyI32AH
+dnFnHEcsllSEqD1hPAAvMUWwSMJaNmBEFtl8DUMS9tPX5fWGX4w5Xx8dZwIDAQAB
+AoGBAMb20jMHxaZHWg2qTRYYJa8LdHgS0BZxkWYefnBUbZn7dOz7mM+tddpX6raK
+8OSqyQu3Tc1tB9GjPLtnVr9KfVwhUVM7YXC/wOZo+u72bv9+4OMrEK/R8xy30XWj
+GePXEu95yArE4NucYphxBLWMMu2E4RodjyJpczsl0Lohcn4BAkEA+XPaEKnNA3AL
+1DXRpSpaa0ukGUY/zM7HNUFMW3UP00nxNCpWLSBmrQ56Suy7iSy91oa6HWkDD/4C
+k0HslnMW5wJBANdz4ehByMJZmJu/b5y8wnFSqep2jmJ1InMvd18BfVoBTQJwGMAr
+qwSwNXXK2YYl9VJmCPCfgN0o7h1AEzvdYECQAM5UxUqDKNBvHVmqKn4zShb1ugY
+t1RfS8XNbT41WhoB96MT9P8qTwlniX8UZiwUrvNp1Ffy9n4raz8Z+APNwvsCQQC9
+AuaOsReEmMFu8VTjNh2G+TQjgvqKmaQtVNjuOgpUKYv7tYehH3P7/T+62dcy7CRX
+cwbLaFbQhUUUD2DCHdkBAkB6CbB+qhu67oE4nnBCXllI9EXktXgFyXv/cScNvM9Y
+FDzzNAAfVc5Nmbmx28Nw+0w6pnpe/3m0Tudbq3nHdHfQ
+-----END RSA PRIVATE KEY-----
+```
+
+Tor v3 addresses uses ed25519 binary keys. It should be base64 encoded:
+```
+PT0gZWQyNTUxOXYxLXNlY3JldDogdHlwZTAgPT0AAACArobDQYyZAWXei4QZwr++j96H1X/gq14NwLRZ2O5DXuL0EzYKkdhZSILY85q+kfwZH8z4ceqe7u1F+0pQi/sM
+```
+#### Secrets
+
+Secret key can be set through docker `secrets`, see `docker-compose.v3.yml` for example.
+
+
+### Tools
+
+A command line tool `onions` is available in container to get `.onion` url when container is running.
+
+```sh
+# Get services
+$ docker exec -ti torhiddenproxy_tor_1 onions
+hello: vegm3d7q64gutl75.onion:80
+world: b2sflntvdne63amj.onion:80
+
+# Get json
+$ docker exec -ti torhiddenproxy_tor_1 onions --json
+{"hello": ["b2sflntvdne63amj.onion:80"], "world": ["vegm3d7q64gutl75.onion:80"]}
+```
+
+### Auto reload
+
+Changing `/etc/tor/torrc` file triggers a `SIGHUP` signal to `tor` to reload configuration.
+
+To disable this behavior, add `ENTRYPOINT_DISABLE_RELOAD` in environment.
+
+### Versions
+
+Container version will follow tor release versions.
+
+### pyentrypoint
+
+This container uses [`pyentrypoint`](https://github.com/cmehay/pyentrypoint) to generate its setup.
+
+If you need to use the legacy version, please checkout the `legacy` branch or pull `goldy/tor-hidden-service:legacy`.
+
+### pytor
+
+This containner uses [`pytor`](https://github.com/cmehay/pytor) to mannages tor cryptography, generate keys and compute onion urls.
+
+
+# Legacy deprecated doc
+
+ALL THE DOC BELLOW IS LEGACY, IT'S STILL WORKING BUT IT'S NOT RECOMMENDED ANYMORE AND COULD BE DROPPED IN FUTURE RELEASES.
+
+### Create a tor hidden service with a link

 ```sh
 # run a container with a network application
@ -22,8 +176,6 @@ $ docker run -ti --link something --volume /path/to/keys:/var/lib/tor/hidden_ser

 Look at the `docker-compose.yml` file to see how to use it.

-## Setup
-
 ### Set private key

 Private key is settable by environment or by copying file in `hostname/private_key` in docket volume (`hostname` is the link name).
@ -127,35 +279,3 @@ Links setting are required when using docker-compose v2. See `docker-compose.v2.
 ### Copose v3 support and secrets

 Links setting are required when using docker-compose v3. See `docker-compose.v3.yml` for example.
-
-#### Secrets
-
-Secret key can be set through docker `secrets`, see `docker-compose.v3.yml` for example.
-
-### Tools
-
-A command line tool `onions` is available in container to get `.onion` url when container is running.
-
-```sh
-# Get services
-$ docker exec -ti torhiddenproxy_tor_1 onions
-hello: vegm3d7q64gutl75.onion:80
-world: b2sflntvdne63amj.onion:80
-
-# Get json
-$ docker exec -ti torhiddenproxy_tor_1 onions --json
-{"hello": ["b2sflntvdne63amj.onion:80"], "world": ["vegm3d7q64gutl75.onion:80"]}
-```
-
-### Auto reload
-
-Changing `/etc/tor/torrc` file trigger a `SIGHUP` signal to `tor` to reload configuration.
-
-To disable this behavior, add `ENTRYPOINT_DISABLE_RELOAD` in environment.
-
-
-### pyentrypoint
-
-This container is using [`pyentrypoint`](https://github.com/cmehay/pyentrypoint) to generate its setup.
-
-If you need to use the legacy version, please checkout the `legacy` branch or pull `goldy/tor-hidden-service:legacy`.