Commit ac99bdb0 authored by Sheogorath's avatar Sheogorath 🌪

Add README.md

parent 8344218e
Tor
===
> Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router". Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user's location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes "visits to Web sites, online posts, instant messages, and other communication forms". Tor's intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities from being monitored.
> — [Wikipedia](https://en.wikipedia.org/w/index.php?title=Tor_(anonymity_network)&oldid=884218825)
This container image provides the software used to connect the tor network in a way, that allows generic usage within container environments.
Usage
---
To use this image, you should provide an own config file. This can be done by extending this image:
```Dockerfile
FROM quay.io/sheogorath/tor
COPY ./torrc /etc/torrc.d/myconf
```
Or by mounting your config at runtime:
```bash
docker run -v "$PWD/torrc:/etc/torrc.d/myconfig:ro" quay.io/sheogorath/tor
```
It's recommended to use a directory instead of mounting the file directly and making sure it's owned by UID 994:
```bash
chown -R 994:994 "$PWD/tor_config"
docker run -v "$PWD/tor_config:/etc/torrc.d/:ro" quay.io/sheogorath/tor
```
To run a hidden service you'll also need a data directory:
```bash
mkdir -p data config
vim config/hidden_service # configure your hidden service to use /data/hidden_service
chown -R 994:994 data # chown to make sure tor can write the secrets
chown -R 994:994 config # chown to make sure tor can read its config
docker run -v "$PWD/data:/data/" -v "$PWD/config:/etc/torrc.d/:ro" quay.io/sheogorath/tor
```
Example hidden service config:
```
SocksPort 0
HiddenServiceDir /data/hidden_service
HiddenServicePort 80 traefik:80
HiddenServicePort 443 traefik:443
```
Usage with docker-compose
---
A basic deployment should look like this. Of course the service that should be provided as hidden service is not shown here.
```
version: '2'
services:
tor:
image: quay.io/sheogorath/tor
mem_limit: 32mb
memswap_limit: 64mb
read_only: true
depends_on:
- proxy
security_opt:
- no-new-privileges
tmpfs:
- /var/lib/tor/.tor:size=10M,uid=994,gid=994,mode=1700
volumes:
- "./data:/data"
- "./config:/etc/torrc.d/:ro"
restart: always
```
Real-world example
---
A real work example setup can be found in Sheogorath's infrastructure repository:
https://octo.sh/Sheogorath/ansible-infrastructure/blob/master/roles/traefik/templates/docker-compose.yml#L20
Reporting issues
---
For issue reports, reach out in the [octo.sh issue tracker](https://octo.sh/container-library/tor/issues), thanks!
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment