From 68400a2e572c57869e6373dc7dedfc16b09200b2 Mon Sep 17 00:00:00 2001 From: flx5 <1330854+flx5@users.noreply.github.com> Date: Sat, 16 Mar 2019 16:29:22 +0100 Subject: [PATCH 1/4] Add support for docker secrets --- main.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/main.sh b/main.sh index f4265aa..e4fbaed 100755 --- a/main.sh +++ b/main.sh @@ -11,10 +11,17 @@ HiddenServiceDir /web/ Log notice stdout EOF -if [[ ! -z "${PRIVATE_KEY}" && ! -z "${LISTEN_PORT}" && ! -z "${REDIRECT}" ]] +if [[ ( ! -z "${PRIVATE_KEY}" || ! -z "${PRIVATE_KEY_FILE}" ) && ! -z "${LISTEN_PORT}" && ! -z "${REDIRECT}" ]] then echo "[+] Starting the listener at port ${LISTEN_PORT}, redirecting to ${REDIRECT}" - echo "${PRIVATE_KEY}" > /web/private_key + + if [[ ! -z "${PRIVATE_KEY_FILE}" ]] + then + ln -s -f "${PRIVATE_KEY_FILE}" /web/private_key + else + echo "${PRIVATE_KEY}" > /web/private_key + fi + cat >> /etc/tor/torrc << EOF HiddenServicePort ${LISTEN_PORT} ${REDIRECT} EOF From 726ced9b44db684b5b21127e948b400a6c5804b4 Mon Sep 17 00:00:00 2001 From: flx5 <1330854+flx5@users.noreply.github.com> Date: Sat, 16 Mar 2019 16:56:18 +0100 Subject: [PATCH 2/4] Add support for multiple services --- main.sh | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/main.sh b/main.sh index e4fbaed..0cfbfb0 100755 --- a/main.sh +++ b/main.sh @@ -11,20 +11,30 @@ HiddenServiceDir /web/ Log notice stdout EOF -if [[ ( ! -z "${PRIVATE_KEY}" || ! -z "${PRIVATE_KEY_FILE}" ) && ! -z "${LISTEN_PORT}" && ! -z "${REDIRECT}" ]] -then - echo "[+] Starting the listener at port ${LISTEN_PORT}, redirecting to ${REDIRECT}" - - if [[ ! -z "${PRIVATE_KEY_FILE}" ]] - then - ln -s -f "${PRIVATE_KEY_FILE}" /web/private_key - else - echo "${PRIVATE_KEY}" > /web/private_key - fi +if [[ ! -z "${PRIVATE_KEY_FILE}" ]]; then + ln -s -f "${PRIVATE_KEY_FILE}" /web/private_key +elif [[ ! -z "${PRIVATE_KEY}" ]]; then + echo "${PRIVATE_KEY}" > /web/private_key +fi +function add_service { + echo "[+] Adding listener at port $2, redirecting to $1" cat >> /etc/tor/torrc << EOF -HiddenServicePort ${LISTEN_PORT} ${REDIRECT} +HiddenServicePort $2 $1 EOF +} + +if [[ ! -z "${LISTEN_PORT}" && ! -z "${REDIRECT}" ]]; then + add_service ${REDIRECT} ${LISTEN_PORT} +fi + +if [[ ! -z "${SERVICES}" ]]; then + SERVICES=(${SERVICES//;/ }) + for service in "${SERVICES[@]}"; do + service_data=(${service//:/ }) + add_service "${service_data[1]}:${service_data[2]}" ${service_data[0]} + done + fi if [[ ! -z "${PROXY_PORT}" ]] From a24a3740d3f740cb9ac6b09f9038c660015e2176 Mon Sep 17 00:00:00 2001 From: flx5 <1330854+flx5@users.noreply.github.com> Date: Sat, 16 Mar 2019 16:59:08 +0100 Subject: [PATCH 3/4] Document PRIVATE_KEY_FILE and SERVICES variables --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index b38632f..09c7261 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,11 @@ custom hidden services in the deepweb. # Variables - `PRIVATE_KEY` - Private key to be used by the hidden service. +- `PRIVATE_KEY_FILE` Path to private key file for use with docker secrets. - `LISTEN_PORT` - Port that the hidden service will listen to - `REDIRECT` - To where the Tor will redirect the traffic (your server), in the format `host:port`. +- `SERVICES` - Define multiple services in the format public_port:host:host_port - `PROXY_PORT` - If you want to enable Tor Proxy Socks, use this variable to set which port you want tor listening to. From c73ca180515145aed15bbb3049b54045defd0470 Mon Sep 17 00:00:00 2001 From: flx5 <1330854+flx5@users.noreply.github.com> Date: Sat, 16 Mar 2019 17:03:13 +0100 Subject: [PATCH 4/4] Add example for secrets with composer --- README.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/README.md b/README.md index 09c7261..9464b47 100644 --- a/README.md +++ b/README.md @@ -81,6 +81,32 @@ services: -----END RSA PRIVATE KEY----- ``` +# Example with secrets + +Store the private key in `tor.key` next to this `docker-compose.yml`: + +```yml +version: '3.1' + +services: + tor: + image: strm/tor + depends_on: + - nginx + environment: + SERVICES: "80:nginx:80;8080:nginx:80" + PRIVATE_KEY_FILE: /run/secrets/torkey + secrets: + - torkey + + nginx: + image: nginx + +secrets: + torkey: + file: tor.key +``` + ### Disclaimer This or previous program is for Educational purpose ONLY. Do not use it without