-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile
77 lines (66 loc) · 3.71 KB
/
Dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
FROM alpine
RUN apk add --update nodejs npm \
&& apk add -U --no-cache --allow-untrusted udev ttf-freefont chromium git \
&& addgroup -S node && adduser -S tor -G node \
&& apk --no-cache --no-progress upgrade && \
apk --no-cache --no-progress add bash curl privoxy shadow tini tor tzdata&&\
file='/etc/privoxy/config' && \
sed -i 's|^\(accept-intercepted-requests\) .*|\1 1|' $file && \
sed -i '/^listen/s|127\.0\.0\.1||' $file && \
sed -i '/^listen.*::1/s|^|#|' $file && \
sed -i 's|^\(logfile\)|#\1|' $file && \
sed -i 's|^#\(log-messages\)|\1|' $file && \
sed -i 's|^#\(log-highlight-messages\)|\1|' $file && \
sed -i '/forward *localhost\//a forward-socks5t / 127.0.0.1:9050 .' $file&&\
sed -i '/^forward-socks5t \//a forward 172.16.*.*/ .' $file && \
sed -i '/^forward 172\.16\.\*\.\*\//a forward 172.17.*.*/ .' $file && \
sed -i '/^forward 172\.17\.\*\.\*\//a forward 172.18.*.*/ .' $file && \
sed -i '/^forward 172\.18\.\*\.\*\//a forward 172.19.*.*/ .' $file && \
sed -i '/^forward 172\.19\.\*\.\*\//a forward 172.20.*.*/ .' $file && \
sed -i '/^forward 172\.20\.\*\.\*\//a forward 172.21.*.*/ .' $file && \
sed -i '/^forward 172\.21\.\*\.\*\//a forward 172.22.*.*/ .' $file && \
sed -i '/^forward 172\.22\.\*\.\*\//a forward 172.23.*.*/ .' $file && \
sed -i '/^forward 172\.23\.\*\.\*\//a forward 172.24.*.*/ .' $file && \
sed -i '/^forward 172\.24\.\*\.\*\//a forward 172.25.*.*/ .' $file && \
sed -i '/^forward 172\.25\.\*\.\*\//a forward 172.26.*.*/ .' $file && \
sed -i '/^forward 172\.26\.\*\.\*\//a forward 172.27.*.*/ .' $file && \
sed -i '/^forward 172\.27\.\*\.\*\//a forward 172.28.*.*/ .' $file && \
sed -i '/^forward 172\.28\.\*\.\*\//a forward 172.29.*.*/ .' $file && \
sed -i '/^forward 172\.29\.\*\.\*\//a forward 172.30.*.*/ .' $file && \
sed -i '/^forward 172\.30\.\*\.\*\//a forward 172.31.*.*/ .' $file && \
sed -i '/^forward 172\.31\.\*\.\*\//a forward 10.*.*.*/ .' $file && \
sed -i '/^forward 10\.\*\.\*\.\*\//a forward 192.168.*.*/ .' $file && \
sed -i '/^forward 192\.168\.\*\.\*\//a forward 127.*.*.*/ .' $file && \
sed -i '/^forward 127\.\*\.\*\.\*\//a forward localhost/ .' $file && \
echo 'ControlSocket /etc/tor/run/control' >>/etc/tor/torrc && \
echo 'ControlSocketsGroupWritable 1' >>/etc/tor/torrc && \
echo 'ControlPort 9051' >>/etc/tor/torrc && \
echo 'CookieAuthentication 1' >>/etc/tor/torrc && \
echo 'CookieAuthFileGroupReadable 1' >>/etc/tor/torrc && \
echo 'CookieAuthFile /etc/tor/run/control.authcookie' >>/etc/tor/torrc && \
echo 'DataDirectory /var/lib/tor' >>/etc/tor/torrc && \
echo 'RunAsDaemon 0' >>/etc/tor/torrc && \
echo 'User tor' >>/etc/tor/torrc && \
echo 'AutomapHostsOnResolve 1' >>/etc/tor/torrc && \
echo 'ExitPolicy reject *:*' >>/etc/tor/torrc && \
echo 'VirtualAddrNetworkIPv4 10.192.0.0/10' >>/etc/tor/torrc && \
echo 'DNSPort 5353' >>/etc/tor/torrc && \
echo 'SocksPort 0.0.0.0:9050 IsolateDestAddr' >>/etc/tor/torrc && \
echo 'TransPort 0.0.0.0:9040' >>/etc/tor/torrc && \
mkdir -p /etc/tor/run && \
chown -Rh tor. /var/lib/tor /etc/tor/run && \
chmod 0750 /etc/tor/run && \
rm -rf /tmp/*
ENV PUPPETEER_SKIP_CHROMIUM_DOWNLOAD true
ENV CHROMIUM_PATH /usr/bin/chromium-browser
RUN mkdir -p /app/node_modules && chown -R tor:node /app
WORKDIR /app
COPY --chown=tor:node . /app
COPY torproxy.sh /usr/bin/
RUN npm install
EXPOSE 8118 9050 9051
HEALTHCHECK --interval=60s --timeout=15s --start-period=20s \
CMD curl -sx localhost:8118 'https://check.torproject.org/' | \
grep -qm1 Congratulations
VOLUME ["/etc/tor", "/var/lib/tor"]
ENTRYPOINT ["/sbin/tini", "--", "/usr/bin/torproxy.sh"]