[tor-bugs] #31834 [Circumvention]: Make obfs4 Docker image more usable
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 19 23:12:05 UTC 2019
#31834: Make obfs4 Docker image more usable
-------------------------------+-------------------------------
Reporter: phw | Owner: phw
Type: defect | Status: assigned
Priority: Medium | Milestone:
Component: Circumvention | Version:
Severity: Normal | Resolution:
Keywords: docker, s30-o24a2 | Actual Points:
Parent ID: #31281 | Points: 1
Reviewer: | Sponsor: Sponsor30-can
-------------------------------+-------------------------------
Old description:
> Here is some feedback we got from an operator (see
> [https://www.securimancy.com/dockerizing-tor-bridge/ this blog post] for
> the full story):
>
> * Make it easier to get the bridge's fingerprint and/or bridge line. At
> the moment, users have to spawn a shell in the container, which is
> tedious.
> * Maybe provide a docker-compose file.
> * Improve our
> [https://community.torproject.org/relay/setup/bridge/docker/ official
> setup instructions]. [https://dip.torproject.org/torproject/anti-
> censorship/docker-obfs4-bridge These instructions] were more helpful to
> an operator.
> * Add a note that operators can run `docker logs <container>` to check if
> it's up and running.
> * Mention concerns regarding permanence: Ideally, a container should run
> as long as possible.
> * Allow running a bridge on a port <1024 (as per mrphs's request in
> comment:2).
New description:
Here is some feedback we got from an operator (see
[https://www.securimancy.com/dockerizing-tor-bridge/ this blog post] for
the full story):
* ~~Make it easier to get the bridge's fingerprint and/or bridge line. At
the moment, users have to spawn a shell in the container, which is
tedious.~~
* Maybe provide a docker-compose file.
* ~~Improve our
[https://community.torproject.org/relay/setup/bridge/docker/ official
setup instructions]. [https://dip.torproject.org/torproject/anti-
censorship/docker-obfs4-bridge These instructions] were more helpful to an
operator.~~
* ~~Add a note that operators can run `docker logs <container>` to check
if it's up and running.~~
* Mention concerns regarding permanence: Ideally, a container should run
as long as possible.
* ~~Allow running a bridge on a port <1024 (as per mrphs's request in
comment:2).~~
--
Comment (by phw):
Here's a brief update with what I've managed to address so far:
> Make it easier to get the bridge's fingerprint and/or bridge line. At
the moment, users have to spawn a shell in the container, which is
tedious.
[[br]]
Commit [https://dip.torproject.org/torproject/anti-censorship/docker-
obfs4-bridge/commit/d2335c91ecc04e2236158ed80bd432ee8b07e6bd d2335c91]
adds a script that determines the bridge line. Users can run it like this:
{{{
$ docker exec 9d66b756b3cc get-bridge-line
obfs4 1.2.3.4:1234 A177E491C751488E7ADA397C7E47E4B3155723BD
cert=KrQlXDh826TGTSywmtRaAZkq/dLI45m3Jl/drkYeaVD1ykghcJeFjyubff6hf1ZMG7ujeA
iat-mode=0
}}}
[[br]]
> Improve our [https://community.torproject.org/relay/setup/bridge/docker/
official setup instructions]. [https://dip.torproject.org/torproject/anti-
censorship/docker-obfs4-bridge These instructions] were more helpful to an
operator.
[[br]]
I improved [https://community.torproject.org/relay/setup/bridge/docker/
our official instructions] in commit
[https://gitweb.torproject.org/project/web/community.git/commit/?id=bfe821bc6466793d8cffdec579b43df219dd28e5
bfe821bc].
[[br]]
> Add a note that operators can run `docker logs <container>` to check if
it's up and running.
[[br]]
Documented in commit
[https://gitweb.torproject.org/project/web/community.git/commit/?id=bfe821bc6466793d8cffdec579b43df219dd28e5
bfe821bc] and made possible in commit
[https://dip.torproject.org/torproject/anti-censorship/docker-
obfs4-bridge/commit/1f5fd1e8a094f15c4a98cd84040b33bda1861481 1f5fd1e8].
[[br]]
> Allow running a bridge on a port <1024 (as per mrphs's request in
comment:2).
[[br]]
Fixed in commit [https://dip.torproject.org/torproject/anti-censorship
/docker-obfs4-bridge/commit/aceb0c10a326ed5276d3bf291d3c6b5c7945cd26
aceb0c10].
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31834#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list