Limit the whole Tor process to tor user, change default DNSPort to 8853
cc #4
This commit is contained in:
parent
614878ab95
commit
e1c9016311
4 changed files with 9 additions and 5 deletions
|
@ -15,6 +15,7 @@ COPY torrc /etc/tor/
|
||||||
HEALTHCHECK --timeout=10s --start-period=60s \
|
HEALTHCHECK --timeout=10s --start-period=60s \
|
||||||
CMD curl --fail --socks5-hostname localhost:9150 -I -L 'https://www.facebookcorewwwi.onion/' || exit 1
|
CMD curl --fail --socks5-hostname localhost:9150 -I -L 'https://www.facebookcorewwwi.onion/' || exit 1
|
||||||
|
|
||||||
EXPOSE 53/udp 9150/tcp
|
USER tor
|
||||||
|
EXPOSE 8853/udp 9150/tcp
|
||||||
|
|
||||||
CMD ["/usr/bin/tor", "-f", "/etc/tor/torrc"]
|
CMD ["/usr/bin/tor", "-f", "/etc/tor/torrc"]
|
||||||
|
|
|
@ -27,7 +27,7 @@ The super easy way to setup a [Tor](https://www.torproject.org) [SOCKS5](https:/
|
||||||
- Change to first `9150` to any valid and free port you want, please note that port `9050`/`9150` may already taken if you are also running other Tor client, like TorBrowser.
|
- Change to first `9150` to any valid and free port you want, please note that port `9050`/`9150` may already taken if you are also running other Tor client, like TorBrowser.
|
||||||
- Do not touch the second `9150` as it's the port inside the docker container unless you're going to change the port in Dockerfile.
|
- Do not touch the second `9150` as it's the port inside the docker container unless you're going to change the port in Dockerfile.
|
||||||
|
|
||||||
If you want to expose Tor's DNS port, also add `-p 127.0.0.1:53:53/udp` in the command, see [DNS over Tor](#dns-over-tor) for more details.
|
If you want to expose Tor's DNS port, also add `-p 127.0.0.1:53:8853/udp` in the command, see [DNS over Tor](#dns-over-tor) for more details.
|
||||||
|
|
||||||
If you already setup the instance before *(not the first time)* but it's in stopped state, you can just start it instead of creating a new one:
|
If you already setup the instance before *(not the first time)* but it's in stopped state, you can just start it instead of creating a new one:
|
||||||
|
|
||||||
|
@ -87,6 +87,10 @@ The super easy way to setup a [Tor](https://www.torproject.org) [SOCKS5](https:/
|
||||||
|
|
||||||
If you publish the DNS port in the first step of [Usage](#usage) section, you can query DNS request over Tor
|
If you publish the DNS port in the first step of [Usage](#usage) section, you can query DNS request over Tor
|
||||||
|
|
||||||
|
The DNSPort here is set to `8853` by default, but not the common `53`, because non-privileged port is preferred, and then [`libcap`](https://pkgs.alpinelinux.org/package/edge/main/x86/libcap)/[`CAP_NET_BIND_SERVICE` capability](https://man7.org/linux/man-pages/man7/capabilities.7.html) won't be needed, which is more *[Alpine Linux](https://alpinelinux.org/about/)(Small. Simple. Secure.)*
|
||||||
|
|
||||||
|
You can still expose the port to `53` for outside the container by the parameter `-p 127.0.0.1:53:8853/udp. `nslookup` also supports to specify the port to `8853` by `-port=8853`, e.g. `nslookup -port=8853 ipinfo.tw 127.0.0.1`
|
||||||
|
|
||||||
This port only handles A, AAAA, and PTR requests, see details on [official manual](https://www.torproject.org/docs/tor-manual.html.en)
|
This port only handles A, AAAA, and PTR requests, see details on [official manual](https://www.torproject.org/docs/tor-manual.html.en)
|
||||||
|
|
||||||
Set the DNS server to `127.0.0.1` (Or another IP you set), use [macvk/dnsleaktest](https://github.com/macvk/dnsleaktest) or go to one of the following DNS leaking test websites to verify the result:
|
Set the DNS server to `127.0.0.1` (Or another IP you set), use [macvk/dnsleaktest](https://github.com/macvk/dnsleaktest) or go to one of the following DNS leaking test websites to verify the result:
|
||||||
|
|
|
@ -6,6 +6,6 @@ services:
|
||||||
container_name: tor-socks-proxy
|
container_name: tor-socks-proxy
|
||||||
image: peterdavehello/tor-socks-proxy:latest
|
image: peterdavehello/tor-socks-proxy:latest
|
||||||
ports:
|
ports:
|
||||||
- "127.0.0.1:53:53/udp"
|
- "127.0.0.1:8853:53/udp"
|
||||||
- "127.0.0.1:9150:9150/tcp"
|
- "127.0.0.1:9150:9150/tcp"
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|
3
torrc
3
torrc
|
@ -1,6 +1,5 @@
|
||||||
User tor
|
|
||||||
HardwareAccel 1
|
HardwareAccel 1
|
||||||
Log notice stdout
|
Log notice stdout
|
||||||
DNSPort 0.0.0.0:53
|
DNSPort 0.0.0.0:8853
|
||||||
SocksPort 0.0.0.0:9150
|
SocksPort 0.0.0.0:9150
|
||||||
DataDirectory /var/lib/tor
|
DataDirectory /var/lib/tor
|
||||||
|
|
Loading…
Reference in a new issue