From 5ef7c8b85273001efaa437a7311cfd4946b0c854 Mon Sep 17 00:00:00 2001 From: throwaway Date: Wed, 19 Jun 2024 19:24:01 -0700 Subject: [PATCH 1/3] add documentation --- docker-compose.yaml | 1 - docker/gen_config.php | 4 +- docker/tor/Dockerfile | 18 +++++ docker/tor/torrc | 1 + docs/docker.md | 8 +- docs/docker_tor.md | 172 ++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 197 insertions(+), 7 deletions(-) create mode 100644 docker/tor/Dockerfile create mode 100644 docker/tor/torrc create mode 100644 docs/docker_tor.md diff --git a/docker-compose.yaml b/docker-compose.yaml index df41b23..2bba4ca 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -6,7 +6,6 @@ services: image: luuul/4get:latest restart: unless-stopped environment: - - FOURGET_VERSION=6 - FOURGET_SERVER_NAME=4get.ca ports: diff --git a/docker/gen_config.php b/docker/gen_config.php index ceea117..b9e7730 100644 --- a/docker/gen_config.php +++ b/docker/gen_config.php @@ -66,10 +66,10 @@ foreach(($merged_config) as $key => $val){ // Handle case when original type of field is array and there is a type mismatch when a comma separted string is passed, // then split on comma if string (and not numeric, boolean, null, etc) // - // except in the case where the inital value in default config is null. Assuming null + // except in the case where the inital value in default config is null or boolean. Assuming null and boolean // in default config will be never be assigned an array - if(gettype($from_config[$key]) != gettype($val) && !is_numeric($val) && !is_null($from_config[$key])) { + if(gettype($from_config[$key]) != gettype($val) && !is_numeric($val) && !is_null($from_config[$key]) && gettype($from_config[$key]) != "boolean") { $stored_value = explode(",", $val); } $output = $output . "\tconst " . $key . " = " . type_to_string($stored_value) . ";\n"; diff --git a/docker/tor/Dockerfile b/docker/tor/Dockerfile new file mode 100644 index 0000000..9310f68 --- /dev/null +++ b/docker/tor/Dockerfile @@ -0,0 +1,18 @@ +FROM alpine:edge + +RUN apk add --no-cache curl tor + +EXPOSE 9050 + +HEALTHCHECK --interval=60s --timeout=15s --start-period=20s \ + CMD curl -x socks5h://127.0.0.1:9050 'https://check.torproject.org/api/ip' | grep -qm1 -E '"IsTor"\s*:\s*true' + + +# default owner is tor, but running as root to avoid docker volume mount issue +RUN chown -R root:root /var/lib/tor + +VOLUME ["/var/lib/tor/4get"] + +COPY ./torrc /etc/tor/torrc + +ENTRYPOINT ["/usr/bin/tor"] diff --git a/docker/tor/torrc b/docker/tor/torrc new file mode 100644 index 0000000..da32a7a --- /dev/null +++ b/docker/tor/torrc @@ -0,0 +1 @@ +SocksPort 0.0.0.0:9050 diff --git a/docs/docker.md b/docs/docker.md index e56b5ca..6a94197 100644 --- a/docs/docker.md +++ b/docs/docker.md @@ -72,7 +72,6 @@ services: image: luuul/4get:latest restart: unless-stopped environment: - - FOURGET_VERSION=6 - FOURGET_PROTO=http - FOURGET_SERVER_NAME=4get.ca @@ -91,7 +90,6 @@ services: image: luuul/4get:latest restart: unless-stopped environment: - - FOURGET_VERSION=6 - FOURGET_PROTO=https - FOURGET_SERVER_NAME=4get.ca @@ -117,7 +115,6 @@ services: image: luuul/4get:latest restart: unless-stopped environment: - - FOURGET_VERSION=6 - FOURGET_PROTO=http - FOURGET_SERVER_NAME=4get.ca - FOURGET_BOT_PROTECTION=1 @@ -140,7 +137,6 @@ services: image: luuul/4get:latest restart: unless-stopped environment: - - FOURGET_VERSION=6 - FOURGET_PROTO=http - FOURGET_SERVER_NAME=4get.ca @@ -150,3 +146,7 @@ services: volumes: - ./banners:/var/www/html/4get/banner ``` + +##### Tor + +You can route incoming and outgoing requests through tor by following [docker tor documentation](./docker_tor.md) diff --git a/docs/docker_tor.md b/docs/docker_tor.md new file mode 100644 index 0000000..88b6f9c --- /dev/null +++ b/docs/docker_tor.md @@ -0,0 +1,172 @@ +#### Overview + +This guide will walk you through using 4get in docker with tor running in +another container. This guide covers how to make outgoing and incoming traffic +go through tor. + + +##### Starting tor + +This guide will use `luuul/tor` which is a simple image that installs and starts +tor in an alpine container SocksPort set to 0.0.0.0:9050 + +For additional configuration you can mount your own `torrc` file to `/etc/tor/torrc` +Remember to set `SocksPort 0.0.0.0:9050` otherwise communication between containers won't work. + +You will see this warning `Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.` + +As long as you don't publish this port (-p or --publish) it shouldn't be accessible to outside world. + + +Tor always starts a socks5 proxy on port 9050 by default. + + +##### Route outgoing requests over tor + +create a folder named `proxies` and create a file in that folder named `onion.txt` +this folder will be mounted to `/var/www/html/4get/data/proxies/` + +directory structure + +``` +proxies/ + onion.txt +``` + +put the following content into `onion.txt` +More information about this file available in [proxy documentation](./configure.md#Proxies). + +``` +# proxies/onion.txt + +# Specify proxies by following this format: +# :
::: +# +# Examples: +# https:1.3.3.7:6969:abcd:efg +# socks4:1.2.3.4:8080:: +# raw_ip:::: +# +# Available protocols: +# raw_ip, http, https, socks4, socks5, socks4a, socks5_hostname + +# Local tor proxy +# Note: "tor" is the service name of luuul/tor in docker-compose.yaml +socks5:tor:9050:: +``` + +create a file named `docker-compose.yaml` with the following content +This docker compose file will run `luuul/tor` and `luuul/4get` and configure 4get to load `proxies/onion.txt` for outgoing requests. + +``` +# docker-compose.yaml +version: "3.7" + +services: + tor: + image: luuul/tor:latest + restart: unless-stopped + # Warning: Do not publish port 9050 + + fourget: + image: luuul/4get:latest + restart: unless-stopped + environment: + - FOURGET_PROTO=http + - FOURGET_SERVER_NAME=4get.ca + - FOURGET_PROXY_DDG="onion" # loads proxies/onion.txt + - FOURGET_PROXY_BRAVE="onion" + - FOURGET_PROXY_FB="onion" + - FOURGET_PROXY_GOOGLE="onion" + - FOURGET_PROXY_QWANT="onion" + - FOURGET_PROXY_MARGINALIA="onion" + - FOURGET_PROXY_MOJEEK="onion" + - FOURGET_PROXY_SC="onion" + - FOURGET_PROXY_SPOTIFY="onion" + - FOURGET_PROXY_WIBY="onion" + - FOURGET_PROXY_CURLIE="onion" + - FOURGET_PROXY_YT="onion" + - FOURGET_PROXY_YEP="onion" + - FOURGET_PROXY_PINTEREST="onion" + - FOURGET_PROXY_SEZNAM="onion" + - FOURGET_PROXY_NAVER="onion" + - FOURGET_PROXY_GREPPR="onion" + - FOURGET_PROXY_CROWDVIEW="onion" + - FOURGET_PROXY_MWMBL="onion" + - FOURGET_PROXY_FTM="onion" + - FOURGET_PROXY_IMGUR="onion" + - FOURGET_PROXY_YANDEX_W="onion" + - FOURGET_PROXY_YANDEX_I="onion" + - FOURGET_PROXY_YANDEX_V="onion" + + ports: + - "80:80" + + depends_on: + - tor + + volumes: + - ./proxies/:/var/www/html/4get/data/proxies/ +``` + +You can now start both containers with `docker compose up -d` + + +#### Route incoming requests over tor + +This will create a hidden service that will be accessible via an onion link. + +1. create a file named `torrc` with the following content + +``` +# torrc +User root +DataDirectory /var/lib/tor + +HiddenServiceDir /var/lib/tor/4get/ +HiddenServicePort 80 fourget:80 + +``` + +2. create a folder named "4get" which will contain your hidden service keys. + +Make sure it has permission `600` otherwise you will get an error + +``` +Permissions on directory /var/lib/tor/4get/ are too permissive. +``` + +4. create a `docker-compose.yaml` with the following content + +``` +# docker-compose.yaml +version: "3.7" + +services: + fourget: + image: luuul/4get:latest + restart: unless-stopped + environment: + - FOURGET_PROTO=http + - FOURGET_SERVER_NAME=4get.ca + + depends_on: + - tor + + tor: + image: luuul/tor:latest + restart: unless-stopped + volumes: + - ./torrc:/etc/tor/torrc + - ./4get:/var/lib/tor/4get +``` + +4. You can now start both with `docker compose up -d` + +5. print onion hostname with + +``` +docker exec `docker ps -qf ancestor=luuul/tor:latest` sh -c "cat /var/lib/tor/4get/hostname" +``` + +or `cat ./4get/hostname` From 84b5c11d6b4272c3ca23a3c3cdc55f5036921c56 Mon Sep 17 00:00:00 2001 From: throwaway Date: Wed, 19 Jun 2024 19:53:18 -0700 Subject: [PATCH 2/3] persist DataDirectory --- docs/docker_tor.md | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/docs/docker_tor.md b/docs/docker_tor.md index 88b6f9c..eae7431 100644 --- a/docs/docker_tor.md +++ b/docs/docker_tor.md @@ -15,6 +15,9 @@ Remember to set `SocksPort 0.0.0.0:9050` otherwise communication between contain You will see this warning `Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.` +This setting is in the torrc of this `luuul/tor` image. If you mount your own torrc then that will be read instead. + +If you use `SocksPort 0.0.0.0:9050` anywhere make sure it is inaccessible to outside world. As long as you don't publish this port (-p or --publish) it shouldn't be accessible to outside world. @@ -38,19 +41,6 @@ More information about this file available in [proxy documentation](./configure. ``` # proxies/onion.txt - -# Specify proxies by following this format: -# :
::: -# -# Examples: -# https:1.3.3.7:6969:abcd:efg -# socks4:1.2.3.4:8080:: -# raw_ip:::: -# -# Available protocols: -# raw_ip, http, https, socks4, socks5, socks4a, socks5_hostname - -# Local tor proxy # Note: "tor" is the service name of luuul/tor in docker-compose.yaml socks5:tor:9050:: ``` @@ -121,7 +111,6 @@ This will create a hidden service that will be accessible via an onion link. ``` # torrc User root -DataDirectory /var/lib/tor HiddenServiceDir /var/lib/tor/4get/ HiddenServicePort 80 fourget:80 @@ -132,10 +121,17 @@ HiddenServicePort 80 fourget:80 Make sure it has permission `600` otherwise you will get an error +> Permissions on directory /var/lib/tor/4get/ are too permissive. + +you can change permissions with + ``` -Permissions on directory /var/lib/tor/4get/ are too permissive. +chmod 600 4get ``` +3. Create a folder named "data" that will contain your DataDirectory + + 4. create a `docker-compose.yaml` with the following content ``` @@ -156,14 +152,16 @@ services: tor: image: luuul/tor:latest restart: unless-stopped + volumes: - ./torrc:/etc/tor/torrc - ./4get:/var/lib/tor/4get + - ./data:/root/.tor ``` -4. You can now start both with `docker compose up -d` +5. You can now start both with `docker compose up -d` -5. print onion hostname with +6. print onion hostname with ``` docker exec `docker ps -qf ancestor=luuul/tor:latest` sh -c "cat /var/lib/tor/4get/hostname" From a0b3189198afff6632eee761b0d3a601ce09b43c Mon Sep 17 00:00:00 2001 From: throwaway Date: Wed, 19 Jun 2024 20:05:37 -0700 Subject: [PATCH 3/3] improve documentation --- docs/docker_tor.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/docker_tor.md b/docs/docker_tor.md index eae7431..21ae698 100644 --- a/docs/docker_tor.md +++ b/docs/docker_tor.md @@ -48,6 +48,9 @@ socks5:tor:9050:: create a file named `docker-compose.yaml` with the following content This docker compose file will run `luuul/tor` and `luuul/4get` and configure 4get to load `proxies/onion.txt` for outgoing requests. +If you mount your own torrc make sure you include `SocksPort 0.0.0.0:9050` +Read the warning in [starting tor](./docker_tor.md#Starting-tor)! + ``` # docker-compose.yaml version: "3.7" @@ -64,7 +67,8 @@ services: environment: - FOURGET_PROTO=http - FOURGET_SERVER_NAME=4get.ca - - FOURGET_PROXY_DDG="onion" # loads proxies/onion.txt + # loads proxies/onion.txt + - FOURGET_PROXY_DDG="onion" - FOURGET_PROXY_BRAVE="onion" - FOURGET_PROXY_FB="onion" - FOURGET_PROXY_GOOGLE="onion"