[tor-bugs] #30708 [Circumvention/Obfs4]: Create a docker image for obfs4proxy
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jun 28 04:23:16 UTC 2019
#30708: Create a docker image for obfs4proxy
------------------------------------------------+--------------------------
Reporter: phw | Owner: phw
Type: task | Status:
| needs_review
Priority: Medium | Milestone:
Component: Circumvention/Obfs4 | Version:
Severity: Normal | Resolution:
Keywords: anti-censorship-roadmap, sponsor28 | Actual Points:
Parent ID: #30777 | Points: 3
Reviewer: | Sponsor:
| Sponsor28-must
------------------------------------------------+--------------------------
Changes (by phw):
* status: assigned => needs_review
Comment:
I created a docker image for an obfs4 Tor bridge:
https://dip.torproject.org/anti-censorship/docker-obfs4-bridge. You can
test it by cloning the repository and, after entering the directory,
running:
{{{
docker build -t phwinter/obfs4-bridge:0.1 .
}}}
Then, you can start the docker image by running:
{{{
./deploy-container.sh
}}}
I had to work around a docker design issue: we cannot use a static OR port
or obfs4 port in the image because that would make it possible to scan the
IPv4 address space for these ports and block all bridges you find that
way. We therefore need random ports. Docker's `build` command has a `-P`
switch that picks a random, external port and forwards it to an internal,
static port but the issue is that the image has no easy way of learning
what external port docker picked. Tor however needs to know because it has
to advertise these ports in its descriptor.
My workaround is a shell script that automatically determines a random
port and passes it to the image via environment variables. It's not pretty
but it works.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30708#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list