[tor-bugs] #31834 [Circumvention]: Make obfs4 Docker image more usable

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Oct 30 21:47:50 UTC 2019


#31834: Make obfs4 Docker image more usable
-------------------------------+-------------------------------
 Reporter:  phw                |          Owner:  phw
     Type:  defect             |         Status:  assigned
 Priority:  Medium             |      Milestone:
Component:  Circumvention      |        Version:
 Severity:  Normal             |     Resolution:
 Keywords:  docker, s30-o24a2  |  Actual Points:
Parent ID:  #31281             |         Points:  1
 Reviewer:                     |        Sponsor:  Sponsor30-can
-------------------------------+-------------------------------

Comment (by thymbahutymba):

 Replying to [ticket:31834 phw]:

 During these days I figure out some solutions about some problems pointed
 by Philipp.
 \\
 > * Make it easier to get the bridge's fingerprint and/or bridge line. At
 the moment, users have to spawn a shell in the container, which is
 tedious.

 For make easier get not only the fingerprint but all the log available I
 added to the {{{start-tor.sh}}} file one more log line {{{Log notice
 stdout}}}. In this way with {{{docker logs CONTAINER}}}.
 \\
 > * Maybe provide a docker-compose file.

 I had to make a choice between docker-compose and Makefile, I chose the
 Makefile. The reason that convince me in this choice was the fact that
 each container, that are not related each other, provides an instance of
 tor (they don't be part of a whole service which is the purpose of docker-
 compose). Using the Makefle give also others advantages like embed the
 build command and the config target. Just to be more clear here the
 Makefile that I wrote:
 {{{
 FLAGS=-d --restart unless-stopped --log-opt "max-size=30m"
 EMAIL=
 VOLUME=/var/lib/tor

 .PHONY: build
 build:
         docker build -t obfs4-proxy

 .PHONY: deploy
 deploy: DockerObfs4Proxy-1 DockerObfs4Proxy-2

 DockerObfs4Proxy-%: config-%
         docker run \
                 -e  "OR_PORT=${OR_PORT}" -e "PT_PORT=${PT_PORT}" -e
 "EMAIL=${EMAIL}" \
                 -p "${OR_PORT}":"${OR_PORT}" -p "${PT_PORT}":"${PT_PORT}"
 \
                 -v "$@-vol":"${VOLUME}" \
                 --name $@       \
                 ${FLAGS}        \
                 obfs4-proxy

 config-1:
         $(eval OR_PORT = 993)
         $(eval PT_PORT = 443)

 config-2:
         $(eval OR_PORT = 143)
         $(eval PT_PORT = 995)
 }}}

 In this case can be even replaced the {{{deploy-container.sh}}} file also
 due to the fact that the user have to be able to chose the ports that he
 prefers.
 Is worth to notice that using this approach the user can deploy as many
 containers as he wants just changing few things: what is required by the
 deploy target and adding the respective {{{config-X}}} target.
 \\
 > * Mention concerns regarding permanence: Ideally, a container should run
 as long as possible.
 I also added a volume for the {{{/var/lib/tor}}} directory keeping the
 seniority earned by the bridge. In that way if an update is required is
 easy to build the new image and deploy it.

 I would also like to say that just editing the section about the
 {{{torrc}}} file in {{{start-tor.sh}}} there is the chance to deploy
 container for guard, middle and exit nodes.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31834#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list