forked from sethforprivacy/docker-tor-hidden-service
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdocker-compose.vanguards-network.yml
105 lines (86 loc) · 2.52 KB
/
docker-compose.vanguards-network.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
# Run secure vanguards using network
version: "3.1"
services:
# Tor container
tor:
image: goldy/tor-hidden-service:$CUR_TAG
environment:
# Enable control port with ip binding (see networks configuration bellow)
# Using network interface instead of 0.0.0.0 help to protect control port from hidden services.
TOR_CONTROL_PORT: 172.16.111.10
# Set controle port password (optionnal)
TOR_CONTROL_PASSWORD: something_secret
# You can change any options here, excepted control_* ones and state_file
VANGUARDS_EXTRA_OPTIONS: |
[Global]
enable_cbtverify = True
loglevel = DEBUG
HELLO_TOR_SERVICE_HOSTS: '80:hello:80'
HELLO_TOR_SERVICE_VERSION: '3'
# Keep keys in volumes
volumes:
# Keep keys in volumes
- tor-keys:/var/lib/tor/hidden_service/
- tor-data:/run/tor/data
# Set secret for key, use the same name as the service
secrets:
- source: hello
target: hello
mode: 0400
networks:
hidden_services:
ipv4_address: 172.16.222.10
tor_control:
# Set an ip address for tor_control network to bind for the good network
ipv4_address: 172.16.111.10
# Vanguards container
vanguards:
depends_on:
- tor
# Use the same image
image: goldy/tor-hidden-service:$CUR_TAG
# Run vanguards
command: vanguards
environment:
# Set tor hostname (or ip:port or unix:/path/to/socket.sock)
TOR_CONTROL_PORT: tor:9051
# set password if needed
TOR_CONTROL_PASSWORD: something_secret
# Vanguards is assigned to tor_control network
networks:
- tor_control
# Sharing tor-data volume with tor container
volumes:
- tor-data:/run/tor/data
# Hidden service container
hello:
image: tutum/hello-world
hostname: hello
depends_on:
- tor
# this hidden service is assigned to hidden_services network
networks:
- hidden_services
volumes:
tor-keys:
driver: local
tor-data:
driver: local
secrets:
hello:
file: ./private_key_bar_v3
networks:
# This network is used for hidden services
hidden_services:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.222.0/24
# This network is used for vagrands to get access to tor
tor_control:
driver: bridge
ipam:
driver: default
config:
- subnet: 172.16.111.0/24