zet4 / alpine-tor Goto Github PK

Just a simple rotating tor pool with haproxy load balancer. (with opt-in privoxy support)

HTML 10.05% Ruby 80.29% Dockerfile 9.66%

alpine-tor's Introduction

alpine-tor

               Docker Container
               -------------------------------------
               (Optional)           <-> Tor Proxy 1
Client <---->   Privoxy <-> HAproxy <-> Tor Proxy 2
                                    <-> Tor Proxy n

Parents

Why: Lots of IP addresses. One single endpoint for your client. Load-balancing by HAproxy.

Optionaly adds support for Privoxy using -e privoxy=1, useful for http (default 8118, changable via -e privoxy_port=<port>) proxy forward and ad removal.

Environment Variables

tors - Integer, number of tor instances to run. (Default: 20)
new_circuit_period - Integer, NewCircuitPeriod parameter value in seconds. (Default: 2 minutes)
max_circuit_dirtiness - Integer, MaxCircuitDirtiness parameter value in seconds. (Default: 10 minutes)
circuit_build_timeout - Integer, CircuitBuildTimeout parameter value in seconds. (Default: 60 seconds)
privoxy - Boolean, whatever to run insance of privoxy in front of haproxy.
privoxy_port - Integer, port for privoxy. (Default: 8118)
privoxy_permit - Space-separated list of source addresses for permit-access option. (Default: Unset)
privoxy_deny - Space-separated list of source addresses for deny-access option. (Default: Unset)
haproxy_port - Integer, port for haproxy. (Default: 5566)
haproxy_stats - Integer, port for haproxy monitor. (Default: 2090)
haproxy_login and haproxy_pass - BasicAuth config for haproxy monitor. (Default: admin in both variables)
test_url - URL for health check throught Tor proxy. (Default: http://google.com)
test_status - Integer, HTTP status code for test_url in working case. (Default: 302)

Usage

# build docker container
docker build -t zeta0/alpine-tor:latest .

# ... or pull docker container
docker pull zeta0/alpine-tor:latest

# start docker container
docker run -d -p 5566:5566 -p 2090:2090 -e tors=25 zeta0/alpine-tor

# start docker with privoxy enabled and exposed
docker run -d -p 8118:8118 -p 2090:2090 -e tors=25 -e privoxy=1 zeta0/alpine-tor

# test with ...
curl --socks5 localhost:5566 http://httpbin.org/ip

# or if privoxy enabled ...
curl --proxy localhost:8118 http://httpbin.org/ip

# or to run chromium with your new found proxy
chromium --proxy-server="http://localhost:8118" \
    --host-resolver-rules="MAP * 0.0.0.0 , EXCLUDE localhost"

# monitor
# auth login:admin
# auth pass:admin
http://localhost:2090 or http://admin:admin@localhost:2090

# start docket container with new auth
docker run -d -p 5566:5566 -p 2090:2090 -e haproxy_login=MySecureLogin \
    -e haproxy_pass=MySecurePassword zeta0/alpine-tor

alpine-tor's People

Contributors

Stargazers

Watchers

alpine-tor's Issues

Explicitly set ExitPolicy and make configurable

How about adding explicit ExitPolicy to tor start command? At present running this containers makes you a Tor exit node which is undesired by most. I suggest it should be configurable with default set to reject, i.e. --ExitPolicy "reject *:*" in command line.

Network Problem

v3 Hidden Service Addresses

The current docker container does not seem to work with TOR v3 Hidden Service URLs; e.g.: http://dlegal66uj5u2dvcbrev7vv6fjtwnd4moqu7j6jnd42rmbypv3coigyd.onion/.

cURL:

~ ❯❯❯ curl --socks5 localhost:32779 http://dlegal66uj5u2dvcbrev7vv6fjtwnd4moqu7j6jnd42rmbypv3coigyd.onion
curl: (6) Could not resolve host: dlegal66uj5u2dvcbrev7vv6fjtwnd4moqu7j6jnd42rmbypv3coigyd.onion

Possible fix: update the tor package from 0.3.0.8 to 0.3.4.9 using apk or alpine:latest?

/ # which tor
/usr/bin/tor
/ # tor --version
Tor version 0.3.0.8 (git-802d30d9b71a6d54).

If anyone has had luck with v3 Hidden Service URLs, please let me know.

500 Internal Privoxy Error when Privoxy enabled

When Privoxy enabled sometimes this error appears as a response:

500 Internal Privoxy Error

Privoxy encountered an error while processing your request:

Could not load template file no-server-data or one of its included components.

Please contact your proxy administrator.

If you are the proxy administrator, please put the required file(s)in the (confdir)/templates directory. The location of the (confdir) directory is specified in the main Privoxy config file. (It's typically the Privoxy install directory, or /etc/privoxy/).

Steps to reproduce:

docker run -d -p 8118:8118 -p 2090:2090 -e tors=25 -e privoxy=1 zeta0/alpine-tor
Make a request with HTTP proxy
Get error

Any chance for an HAProxy update? :)

Love this project! Any chance of updating the version of HAProxy?

Invalid header received from client

When using Privoxy for HTTP and trying to add auth header, I am getting the following error:
Invalid header received from client

Remove the unneeded Privoxy layer

Newer Tor versions support HTTPTunnelPort , making Privoxy unneeded.
Can just pass --HTTPTunnelPort and connect HAProxy directly to Tor.

Login pass

Is it possible to set a password for a proxy connect?

Error on build

I am unable to build latest, command:

docker build -t zeta0/alpine-tor:latest .

error:

ERROR: While executing gem ... (OptionParser::InvalidOption) invalid option: --no-ri Did you mean? no-force The command '/bin/sh -c apk --update add --virtual build-dependencies ruby-bundler ruby-dev && apk add ruby-nokogiri --update-cache --repository http://dl-4.alpi nelinux.org/alpine/v3.3/main/ && gem install --no-ri --no-rdoc socksify && apk del build-dependencies && rm -rf /var/cache/apk/*' returned a non-zero code: 1

Exit node country

Is it possible to specify the exit node country?

windows support

Hello there.
At first, i must appreciate the work you have done here, it is amazing.
Second, i just wanted to know, putting aside the HAproxy solution, is it possible to extend your scenario on windows machine as well? btw: the privoxy idea is really brilliant because it opens a layer of interception for the developer, nice work.
thanks in advance.