Docker Tor
What is Tor
The Tor Project is a nonprofit organization primarily responsible for maintaining software for the Tor anonymity network. The Tor browser is the most well known piece of software maintained. The Tor Browser uses the onion network to anonymize browsing and the onion network relies on tor relays to achieve this.
Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
What is this image
This docker image runs a Tor service on an Alpine linux base image. The Tor service that can be configure, as single or combination of a:
- Tor Socks5 proxy into the onion network (default)
- Tor hidden service for onion websites (not supported yet)
- Tor relay to support the onion network (not supported yet)
This docker image will:
- Start with an Alpine linux base image
- Download the Tor source code tarballs and associated signature file
- Verify the Tor source tarballs against Roger Dingledine: 0xEB5A896A28988BF5 key
- Compile Tor from source
- Templates out the Tor config file torrc (this step is skipped if torrc.lock file exists in the
/tordirectory) - Set a torrc.lock file to persist config file
- Starts the tor service
During container creation the container will log creation of the config file, the templated config file and once created will log any Tor notifications.
This image exposes port 9050/tcp and 9051/tcp.
Data can be persisted and torrc config manually edited by mounting the /tor directory.
How to use this image
Create a docker image with the following docker run command
docker run -d --name tor -p 9050:9050 -v <your-folder>:/tor barneybuffet/tor:latest
Docker compose file:
---
version: "3.9"
services:
tor:
container_name: tor
image: barneybuffet/tor:latest
environment:
TOR_LOG_CONFIG:'false'
TOR_PROXY: 'true'
TOR_PROXY_PORT: '9050'
TOR_PROXY_ACCEPT: 'accept 127.0.0.1,accept 10.0.0.0/8,accept 172.16.0.0/12,accept 192.168.0.0/16'
TOR_CONTROL: 'false'
TOR_CONTROL_PORT: '9051'
TOR_CONTROL_PASSWORD: 'password'
TOR_CONTROL_COOKIE: 'true'
TOR_SERVICE: 'false'
TOR_SERVICE_HOSTS='bitcoin=80:192.168.0.3:80'
TOR_SERVICE_HOSTS_CLIENTS='bitcoin=alice'
TOR_RELAY: 'false'
volumes:
- tor:/tor/
ports:
- "9050:9050/tcp"
restart: unless-stopped
Volume
This image sets the Tor data directory to /tor, including the authorisation cookie. To persist Tor data and config you can mount the /tor directory from your image.
If the Tor configuration you are after isn't set by the container environmental variables you can modify the /tor/torrc for your custom configuration. The torrc file will persist while the /tor/torrc.lock file is present.
Available Environmental Flags
Below is a list of available environmental flags that can be set during container creation.
| Flag | Choices/Default | Comments |
|---|---|---|
| TOR_LOG_CONFIG | true/false | Should the tor config file torrc be echo'd to the log. This can be helpful when setting up a new Tor daemon |
| TOR_PROXY | true/false | Set up the Tor daemon as a Socks5 proxy |
| TOR_PROXY_PORT | string (9050) | What port the Tor daemon should listen to for proxy requests |
| TOR_PROXY_SOCKET | true/false | Create a unix socket for the proxy in the data folder |
| TOR_PROXY_ACCEPT | Accept localhost and RFC1918 networks, reject all others | What IP addresses are allowed to route through the proxy |
| TOR_CONTROL | true/false | Should the Tor control be enabled |
| TOR_CONTROL_PORT | string (9051) | What port should the Tor daemon be controlled on. If enabled cookie authentication is also enabled by default |
| TOR_CONTROL_SOCKET | true/false | Create a unix socket for the Tor control |
| TOR_CONTROL_PASSWORD | string | Authentication password for using the Tor control port |
| TOR_CONTROL_COOKIE | true/false | Cookie to confirm when Tor control port request sent |
| TOR_SERVICE | true/false | Set up the Tor daemon with hidden services |
| TOR_SERVICE_HOSTS | hostname=wan-port:redict-ip:rediect-port | Tor hidden service configuration |
| TOR_SERVICE_HOSTS_CLIENTS | hostname:client-1,client-2,... | Authorised clients for hostname |
| TOR_RELAY | true/false | NOT IMPLEMENTED YET |