From c6f62dfc63c496d01863decb75e2c8f4f0636d29 Mon Sep 17 00:00:00 2001 From: Colin Date: Thu, 23 May 2024 11:44:42 -0400 Subject: [PATCH] tor-relay --- README.md | 2 +- docker-compose.production.yml | 6 +-- docker-compose.staging.yml | 6 +-- docker/ferdium-server/Dockerfile | 1 - docker/tor-relay/Dockerfile | 45 ++++++++++++++++ .../Dockerfile.production | 0 docker/tor-relay/torrc | 14 +++++ stack.production.yml | 54 ++----------------- stack.staging.yml | 29 ++-------- 9 files changed, 72 insertions(+), 85 deletions(-) delete mode 100644 docker/ferdium-server/Dockerfile create mode 100644 docker/tor-relay/Dockerfile rename docker/{ferdium-server => tor-relay}/Dockerfile.production (100%) create mode 100644 docker/tor-relay/torrc diff --git a/README.md b/README.md index 8eed36a..9d7e3b8 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ - + diff --git a/docker-compose.production.yml b/docker-compose.production.yml index 184a3f3..6c4eb46 100644 --- a/docker-compose.production.yml +++ b/docker-compose.production.yml @@ -1,6 +1,6 @@ services: - ferdium-server: + tor-relay: build: - context: ./docker/ferdium-server/ + context: ./docker/tor-relay/ dockerfile: Dockerfile.production - image: git.nixc.us/nixius/ferdium-server:production \ No newline at end of file + image: git.nixc.us/nixius/tor-relay:production \ No newline at end of file diff --git a/docker-compose.staging.yml b/docker-compose.staging.yml index 7456640..6326234 100644 --- a/docker-compose.staging.yml +++ b/docker-compose.staging.yml @@ -1,6 +1,6 @@ services: - ferdium-server: + tor-relay: build: - context: ./docker/ferdium-server/ + context: ./docker/tor-relay/ dockerfile: Dockerfile - image: git.nixc.us/nixius/ferdium-server:staging + image: git.nixc.us/nixius/tor-relay:staging diff --git a/docker/ferdium-server/Dockerfile b/docker/ferdium-server/Dockerfile deleted file mode 100644 index 25c54d8..0000000 --- a/docker/ferdium-server/Dockerfile +++ /dev/null @@ -1 +0,0 @@ -FROM ferdium/ferdium-server:latest \ No newline at end of file diff --git a/docker/tor-relay/Dockerfile b/docker/tor-relay/Dockerfile new file mode 100644 index 0000000..2f3853f --- /dev/null +++ b/docker/tor-relay/Dockerfile @@ -0,0 +1,45 @@ +# Stage 1: Build Tor from source on Alpine Linux +FROM alpine:latest AS builder + +# Install necessary dependencies +RUN apk update && \ + apk add --no-cache \ + build-base \ + libevent-dev \ + openssl-dev \ + zlib-dev \ + asciidoc \ + xmlto \ + git + +# Download and compile Tor +RUN git clone https://git.torproject.org/tor.git && \ + cd tor && \ + ./autogen.sh && \ + ./configure && \ + make && \ + make install + +# Stage 2: Create the final minimal image with Tor +FROM scratch + +# Copy necessary files from the builder stage +COPY --from=builder /usr/local/bin/tor /usr/local/bin/tor +COPY --from=builder /usr/local/etc/tor /usr/local/etc/tor +COPY --from=builder /etc/ssl /etc/ssl +COPY --from=builder /lib/ld-musl-x86_64.so.1 /lib/ld-musl-x86_64.so.1 +COPY --from=builder /lib/libevent-2.1.so.6 /lib/libevent-2.1.so.6 +COPY --from=builder /lib/libssl.so.1.1 /lib/libssl.so.1.1 +COPY --from=builder /lib/libcrypto.so.1.1 /lib/libcrypto.so.1.1 +COPY --from=builder /lib/libz.so.1 /lib/libz.so.1 +COPY --from=builder /lib/libgcc_s.so.1 /lib/libgcc_s.so.1 +COPY --from=builder /lib/libc.musl-x86_64.so.1 /lib/libc.musl-x86_64.so.1 + +# Copy the torrc configuration file +COPY torrc /usr/local/etc/tor/torrc + +# Expose Tor relay ports +EXPOSE 9001 9030 + +# Run Tor +CMD ["/usr/local/bin/tor", "-f", "/usr/local/etc/tor/torrc"] diff --git a/docker/ferdium-server/Dockerfile.production b/docker/tor-relay/Dockerfile.production similarity index 100% rename from docker/ferdium-server/Dockerfile.production rename to docker/tor-relay/Dockerfile.production diff --git a/docker/tor-relay/torrc b/docker/tor-relay/torrc new file mode 100644 index 0000000..0cd9e1b --- /dev/null +++ b/docker/tor-relay/torrc @@ -0,0 +1,14 @@ +# torrc: Tor configuration file + +# Define this as a relay-only node +SocksPort 0 +ORPort 9001 +DirPort 9030 +ExitRelay 0 +RelayBandwidthRate 100 KB +RelayBandwidthBurst 200 KB +Nickname YourRelayNickname +ContactInfo your-email@example.com + +# Optionally, configure logs +Log notice stdout diff --git a/stack.production.yml b/stack.production.yml index 75517a7..e3e6851 100644 --- a/stack.production.yml +++ b/stack.production.yml @@ -1,60 +1,12 @@ -networks: - traefik: - external: true - default: - driver: overlay services: - ferdium: - image: git.nixc.us/nixius/ferdium-server:production - networks: - - traefik - environment: - NODE_ENV: production - APP_URL: ferdium.nixc.us - DB_CONNECTION: sqlite - # Uncomment the lines below to use MySQL instead of SQLite - # DB_CONNECTION: mysql - # DB_HOST: - # DB_PORT: 3306 - # DB_USER: - # DB_PASSWORD: - # DB_DATABASE: ferdium - DB_SSL: "false" - MAIL_CONNECTION: smtp - SMTP_HOST: box.p.nixc.us - SMTP_PORT: 465 - MAIL_SSL: "true" - MAIL_USERNAME: ferdium@nixc.us - MAIL_PASSWORD: dzUAQp3ZmjLN2tMq5XDoS6J29EdFqjntF - MAIL_SENDER: ferdium@nixc.us - IS_CREATION_ENABLED: "true" - IS_DASHBOARD_ENABLED: "true" - IS_REGISTRATION_ENABLED: "true" - CONNECT_WITH_FRANZ: "true" - DATA_DIR: /data - JWT_USE_PEM: "true" - volumes: - - /mnt/tank/persist/nixc.us/ferdium/production/data:/data - - /mnt/tank/persist/nixc.us/ferdium/production/recipes:/app/build/recipes + tor-relay: + image: git.nixc.us/nixius/tor-relay:production deploy: placement: constraints: - node.hostname == macmini14 labels: - homepage.group: apps - homepage.name: ferdium - homepage.href: https://ferdium.nixc.us/ - homepage.description: ferdium - traefik.enable: "true" - traefik.http.routers.production-ferdium_ferdium.rule: "Host(`ferdium.nixc.us`)" - traefik.http.routers.production-ferdium_ferdium.entrypoints: "websecure" - traefik.http.routers.production-ferdium_ferdium.tls: "true" - traefik.http.routers.production-ferdium_ferdium.tls.certresolver: "letsencryptresolver" - traefik.http.routers.production-ferdium_ferdium.service: "production-ferdium_ferdium" - traefik.http.services.production-ferdium_ferdium.loadbalancer.server.port: "3333" - traefik.docker.network: "traefik" - # traefik.http.routers.production_ferdium.middlewares: 'authelia_authelia@docker' - # traefik.http.routers.production-ferdium_ferdium.middlewares: 'authelia_authelia@docker' + traefik.enable: "false" update_config: order: stop-first failure_action: rollback diff --git a/stack.staging.yml b/stack.staging.yml index f2e1ff3..b9f2973 100644 --- a/stack.staging.yml +++ b/stack.staging.yml @@ -1,35 +1,12 @@ -networks: - traefik: - external: true - default: - driver: overlay services: - ferdium: - image: git.nixc.us/nixius/ferdium-server:staging - networks: - - traefik - # volumes: - # - /mnt/tank/persist/nixc.us/ferdium/staging/data:/data - # - /mnt/tank/persist/nixc.us/ferdium/staging/recipes:/app/build/recipes + tor-relay: + image: git.nixc.us/nixius/tor-relay:staging deploy: placement: constraints: - node.hostname == macmini14 labels: - homepage.group: apps - homepage.name: ferdium - homepage.href: https://ferdium.nixc.us/ - homepage.description: ferdium - traefik.enable: "true" - traefik.http.routers.staging-ferdium_ferdium.rule: "Host(`ferdium.nixc.us`)" - traefik.http.routers.staging-ferdium_ferdium.entrypoints: "websecure" - traefik.http.routers.staging-ferdium_ferdium.tls: "true" - traefik.http.routers.staging-ferdium_ferdium.tls.certresolver: "letsencryptresolver" - traefik.http.routers.staging-ferdium_ferdium.service: "staging-ferdium_ferdium" - traefik.http.services.staging-ferdium_ferdium.loadbalancer.server.port: "3333" - traefik.docker.network: "traefik" - # traefik.http.routers.staging_ferdium.middlewares: 'authelia_authelia@docker' - traefik.http.routers.staging-ferdium_ferdium.middlewares: 'authelia_authelia@docker' + traefik.enable: "false" update_config: order: stop-first failure_action: rollback