-
Notifications
You must be signed in to change notification settings - Fork 58
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding security routines #42
Comments
Hey @cmehay, thanks for considering my open issue. I personally don't think it's a good idea to embed vanguards in docker-tor-hidden-service image. Just looking at the WIP code #43, it's clear the complexity has gone up. Also, embedding it in the image I lost the ability to set different container settings (memory limits, logging etc) for Tor and Vanguards. Is there a reason why you don't want to maintain vanguards as a separate docker image? |
This final image will give the ability to run Vanguards in the same container or in a separate one. The goal is to be able to run Vanguards with just one env variable, but also to fine tune the settings if needed. I figured out some file are missing in this commit, I added them. For your last question, I like the idea to provide all needed tools in one single image, but one image does not mean one container to run, and it will be possible to setup complex network to isolate control port from hidden service network for instance. |
I didn't look at the code all that much, so correct me if I'm wrong. Are you saying that a single image will contain both Tor and Vanguards and depending on the container configuration, one or both processes will run? If so, this is in "violation" of Docker best practices[1], adds unnecessary complexity and generally feels like a bad engineering, with all due respect. [1] https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#decouple-applications |
Yes, but it's not really a problem as long Vangards cannot work without accessing to tor data directory and not intended to work with something else than tor. The goal of containerization is to embed a service prior than a binary, it's my goal when I started to work on this tor image, if I can add some binaries to provide a better service with less efforts for the user, it's good for me. |
True, vanguards requires access to the Tor's directory however Docker already has mechanisms for doing exactly that: volumes. This is an example
|
This ticket is open to discuss about adding security routines in this project.
Regarding #40, I'm starting to work on adding Vanguards in this project, and issuing a convenient way to run a hidden service with it.
Please feel free to add any useful resources to increase security and privacy for running hidden services.
The text was updated successfully, but these errors were encountered: