This gist belongs to the blog post Digital Civil Rights and Privacy: Networking, VPN, Tor, Onion over VPN, I2P (Invisible Internet Project), Nym Mixnet.
Last active
December 17, 2024 02:26
-
-
Save cs224/f55f8fa69e936a705833d2011878cf94 to your computer and use it in GitHub Desktop.
Digital Civil Rights and Privacy: Networking, VPN, Tor, Onion over VPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mkdir -p /opt/docker-services/socks5-vpn-tor | |
| cp ./docker-compose-socks5-shadowsocks-nordvpn-tor.yaml /opt/docker-services/socks5-vpn-tor/docker-compose.yaml | |
| cp ./docker-compose-socks5-shadowsocks-nordvpn-tor.service /etc/systemd/system/ | |
| cp ./docker-compose-socks5-shadowsocks-nordvpn-tor-restart.service /etc/systemd/system/ | |
| cp ./docker-compose-socks5-shadowsocks-nordvpn-tor-restart.timer /etc/systemd/system/ | |
| systemctl daemon-reload | |
| # systemctl enable --now docker-compose-socks5-shadowsocks-nordvpn-tor.service | |
| # systemctl enable --now docker-compose-socks5-shadowsocks-nordvpn-tor-restart.timer | |
| # systemctl status docker-compose-socks5-shadowsocks-nordvpn-tor.service | |
| # systemctl status docker-compose-socks5-shadowsocks-nordvpn-tor-restart.timer | |
| # systemctl list-timers | |
| # journalctl -u docker-compose-socks5-shadowsocks-nordvpn-tor.service | |
| # systemctl start docker-compose-socks5-shadowsocks-nordvpn-tor-restart.service | |
| # systemctl status docker-compose-socks5-shadowsocks-nordvpn-tor-restart.service | |
| # journalctl -u docker-compose-socks5-shadowsocks-nordvpn-tor-restart.service |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Docker Compose Socks5 + NordVPN + Tor Service Restart Service | |
| [Service] | |
| Type=oneshot | |
| WorkingDirectory=/opt/docker-services/socks5-vpn-tor | |
| Environment=COMPOSE_HTTP_TIMEOUT=600 | |
| User=root | |
| Group=root | |
| ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml --profile all down | |
| ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml pull --quiet --parallel | |
| ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml --profile all up -d | |
| StandardOutput=journal | |
| StandardError=journal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Docker Compose Socks5 + NordVPN + Tor Service Restart Timer | |
| [Timer] | |
| Unit=docker-compose-socks5-shadowsocks-nordvpn-tor-restart.service | |
| OnCalendar=*-*-* 03:00:00 | |
| Persistent=true | |
| [Install] | |
| WantedBy=timers.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Docker Compose Socks5 + NordVPN + Tor Service | |
| Requires=docker.service | |
| After=docker.service network-online.target | |
| [Service] | |
| Type=oneshot | |
| RemainAfterExit=yes | |
| WorkingDirectory=/opt/docker-services/socks5-vpn-tor | |
| Environment=COMPOSE_HTTP_TIMEOUT=600 | |
| User=root | |
| Group=root | |
| ExecStartPre=/usr/bin/docker compose -f ./docker-compose.yaml pull --quiet --parallel | |
| ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml --profile all up -d | |
| ExecStop=/usr/bin/docker compose -f ./docker-compose.yaml --profile all down | |
| StandardOutput=journal | |
| StandardError=journal | |
| # StandardOutput=file:/tmp/docker-compose-socks5-shadowsocks-nordvpn-tor.txt | |
| # StandardError=inherit | |
| ExecReload=/usr/bin/docker compose -f ./docker-compose.yaml pull --quiet --parallel && /usr/bin/docker compose -f ./docker-compose.yaml --profile all up -d | |
| [Install] | |
| WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ########################### EXTENSION FIELDS | |
| # Helps eliminate repetition of sections | |
| # Keys common to some of the core services that we always to automatically restart on failure | |
| x-common-keys-core: &common-keys-core | |
| restart: always | |
| services: | |
| # vpn: | |
| # <<: *common-keys-apps | |
| # image: ghcr.io/bubuntux/nordvpn | |
| # ports: | |
| # - "127.0.0.1:8853:53/udp" | |
| # - "127.0.0.1:1081:9150/tcp" | |
| # - "127.0.0.1:1080:1080" | |
| # environment: # Review https://github.com/bubuntux/nordvpn#environment-variables | |
| # - TOKEN=_xXx_access_token_xXx_ # https://support.nordvpn.com/hc/en-us/articles/20286980309265-How-to-use-a-token-with-NordVPN-on-Linux | |
| # - CONNECT=Germany | |
| # - TECHNOLOGY=NordLynx | |
| # - DNS=9.9.9.9,149.112.112.112 | |
| # sysctls: | |
| # - net.ipv6.conf.all.disable_ipv6=1 # Recomended if using ipv4 only | |
| # cap_add: | |
| # - NET_ADMIN | |
| # - NET_RAW | |
| vpn: | |
| <<: *common-keys-core | |
| image: ghcr.io/bubuntux/nordlynx | |
| ports: | |
| - "127.0.0.1:8853:53/udp" | |
| - "127.0.0.1:1081:9150/tcp" | |
| - "127.0.0.1:1080:1080" | |
| cap_add: | |
| - NET_ADMIN | |
| environment: | |
| - PRIVATE_KEY=_xXx_private_key_xXx_ # get after first start above from running ghcr.io/bubuntux/nordvpn | |
| - COUNTRY_CODE=DE # https://api.nordvpn.com/v1/servers/countries | |
| tor-socks-proxy: | |
| <<: *common-keys-core | |
| # image: peterdavehello/tor-socks-proxy:latest | |
| image: tor-socks-proxy-debian:latest | |
| profiles: ["all"] | |
| network_mode: service:vpn | |
| depends_on: | |
| - vpn | |
| ssserver: | |
| <<: *common-keys-core | |
| image: ghcr.io/shadowsocks/ssserver-rust:latest | |
| command: ssserver -v -s 127.0.0.1:8388 -k hello-kitty -m none | |
| network_mode: service:vpn | |
| depends_on: | |
| - vpn | |
| sslocal: | |
| <<: *common-keys-core | |
| image: ghcr.io/shadowsocks/sslocal-rust:latest | |
| command: sslocal -b 0.0.0.0:1080 -s 127.0.0.1:8388 -k hello-kitty -m none | |
| network_mode: service:vpn | |
| depends_on: | |
| - ssserver |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Use Debian Bookworm as the base image | |
| FROM debian:bookworm-slim | |
| LABEL maintainer="me <[email protected]>" | |
| LABEL name="tor-socks-proxy-debian" | |
| LABEL version="latest" | |
| #Update & upgrade | |
| RUN apt-get update && apt-get upgrade -y | |
| #Install needed packages | |
| RUN apt-get install -y --no-install-recommends lsb-release apt-transport-https ca-certificates wget curl gnupg | |
| # https://support.torproject.org/apt/ | |
| # Download and install the Tor Project GPG key | |
| RUN wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg >/dev/null | |
| # Add the Tor Project repository | |
| RUN echo "deb [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main" | tee /etc/apt/sources.list.d/tor.list && \ | |
| echo "deb-src [signed-by=/usr/share/keyrings/deb.torproject.org-keyring.gpg] https://deb.torproject.org/torproject.org bookworm main" | tee -a /etc/apt/sources.list.d/tor.list | |
| # Update package lists after adding the repository | |
| RUN apt-get update | |
| # Install the tor package | |
| RUN apt-get install -y --no-install-recommends tor | |
| RUN groupadd -r tor && useradd -r -g tor tor && mkdir -p /var/lib/tor && chown -R tor:tor /var/lib/tor && rm -rf /var/lib/apt/lists/* | |
| RUN chmod 700 /var/lib/tor && tor --version | |
| COPY --chown=tor:root torrc /etc/tor/ | |
| # [SecureDrop](https://securedrop.org) instance on `heise.de` for [whistle-blowers](https://www.heise.de/investigativ/briefkasten/) available via the [tor network](http://ayznmonmewb2tjvgf7ym4t2726muprjvwckzx2vhf2hbarbbzydm7oad.onion) | |
| HEALTHCHECK --timeout=10s --start-period=60s \ | |
| CMD curl --fail --socks5-hostname localhost:9150 -I -L 'http://ayznmonmewb2tjvgf7ym4t2726muprjvwckzx2vhf2hbarbbzydm7oad.onion/' || exit 1 | |
| USER tor | |
| EXPOSE 8853/udp 9150/tcp | |
| CMD ["/usr/bin/tor", "-f", "/etc/tor/torrc"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TAG_DATE=201412131213 | |
| tor-socks-proxy-debian-image: | |
| docker build -f tor-socks-proxy-debian.dockerfile --progress=plain --build-arg HTTP_PROXY=${HTTP_PROXY} --build-arg HTTPS_PROXY=${HTTPS_PROXY} --build-arg http_proxy=${HTTP_PROXY} --build-arg https_proxy=${HTTPS_PROXY} --tag tor-socks-proxy-debian:${TAG_DATE} --tag tor-socks-proxy-debian:latest . | |
| test: | |
| docker run -it --rm tor-socks-proxy-debian:latest /bin/bash |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| HardwareAccel 1 | |
| Log notice stdout | |
| DNSPort 0.0.0.0:8853 | |
| SocksPort 0.0.0.0:9150 | |
| DataDirectory /var/lib/tor |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment