From a694122a4144818b6a0747e10899daea25626d04 Mon Sep 17 00:00:00 2001 From: casjay Date: Mon, 6 Jan 2025 12:37:35 -0500 Subject: [PATCH] =?UTF-8?q?=F0=9F=97=83=EF=B8=8F=20Committing=20everything?= =?UTF-8?q?=20that=20changed=20=F0=9F=97=83=EF=B8=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit rootfs/tmp/etc/tor/torrc rootfs/usr/local/etc/docker/init.d/tor.sh rootfs/usr/share/tor/ --- rootfs/tmp/etc/tor/torrc | 8 +- rootfs/usr/local/etc/docker/init.d/tor.sh | 23 +- rootfs/usr/share/tor/html/exit.html | 337 ++++++++++++++++++++++ 3 files changed, 359 insertions(+), 9 deletions(-) create mode 100644 rootfs/usr/share/tor/html/exit.html diff --git a/rootfs/tmp/etc/tor/torrc b/rootfs/tmp/etc/tor/torrc index 318f613..0df9a3e 100644 --- a/rootfs/tmp/etc/tor/torrc +++ b/rootfs/tmp/etc/tor/torrc @@ -20,10 +20,11 @@ TransPort 9040 SOCKSPort 9050 ControlPort 9051 HTTPTunnelPort 9080 +AddressDisableIPv6 0 ##### socks option SafeSocks 0 -SocksTimeout 30 +SocksTimeout 10 ##### dns forwarder %include /config/tor/conf.d/dns.conf @@ -31,5 +32,8 @@ SocksTimeout 30 ##### hidden services %include /config/tor/hidden/*.conf -##### relay and bridge +##### relay %include /config/tor/relay/*.conf + +#### bridge +%include /config/tor/bridge/*.conf diff --git a/rootfs/usr/local/etc/docker/init.d/tor.sh b/rootfs/usr/local/etc/docker/init.d/tor.sh index d5203fe..fd30500 100755 --- a/rootfs/usr/local/etc/docker/init.d/tor.sh +++ b/rootfs/usr/local/etc/docker/init.d/tor.sh @@ -169,8 +169,9 @@ CMD_ENV="" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Per Application Variables or imports TOR_DNS="${TOR_DNS:-yes}" -TOR_HIDDEN="${TOR_HIDDEN:-yes}" +TOR_RELAY="${TOR_RELAY:-yes}" TOR_BRIDGE="${TOR_BRIDGE:-yes}" +TOR_HIDDEN="${TOR_HIDDEN:-yes}" RANDOM_NICK="$(head -n50 '/dev/random' | tr -dc 'a-zA-Z' | tr -d '[:space:]\042\047\134' | fold -w "32" | sed 's| ||g' | head -n 1)" # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - # Custom commands to run before copying to /config @@ -253,22 +254,30 @@ EOF HiddenServiceDir /data/tor/hidden_service/default HiddenServicePort 80 127.0.0.1:80 +EOF + fi + if [ "$TOR_RELAY" = "yes" ]; then + mkdir -p "/config/tor/bridge" + cat <"/config/tor/bridge/default.conf" +BridgeRelay 1 +PublishServerDescriptor 1 + EOF fi if [ "$TOR_BRIDGE" = "yes" ]; then mkdir -p "/config/tor/relay" cat <"/config/tor/relay/default.conf" -BridgeRelay ${TOR_RELAY:-1} -ExtORPort auto -Nickname ${TOR_NICK_NAME:-$RANDOM_NICK} ServerTransportPlugin obfs4 exec /usr/bin/lyrebird -ORPort ${TOR_OR_PORT:-8444} ServerTransportListenAddr obfs4 0.0.0.0:${TOR_PT_PORT:-8445} -ContactInfo ${TOR_ADMIN:-tor-admin@$HOSTNAME} +ExtORPort auto Exitpolicy accept *:* +ORPort ${TOR_OR_PORT:-8444} +Nickname ${TOR_NICK_NAME:-$RANDOM_NICK} +ContactInfo ${TOR_ADMIN:-tor-admin@$HOSTNAME} AccountingMax ${TOR_ACCOUNT_MAX:-1000} GBytes AccountingStart month 1 00:00 -AddressDisableIPv6 0 +DirPort ${TOR_DIR_PORT:-8080} +DirPortFrontPage /usr/share/tor/html/exit.html EOF fi diff --git a/rootfs/usr/share/tor/html/exit.html b/rootfs/usr/share/tor/html/exit.html new file mode 100644 index 0000000..ab702b3 --- /dev/null +++ b/rootfs/usr/share/tor/html/exit.html @@ -0,0 +1,337 @@ + + + + + + This is a Tor Exit Router + + + + +

+ This is a Tor Exit Router +

+ +

+ Most likely you are accessing this website because you had some issue with + the traffic coming from this IP. This router is part of the + Tor Anonymity Network, which is + dedicated to + providing privacy + to people who need it most: average computer users. This router IP should + be generating no other traffic, unless it has been compromised. +

+ +

+ + How Tor works + +

+ +

+ Tor sees use by + many important segments of the population, including whistle blowers, journalists, Chinese dissidents skirting the + Great Firewall and oppressive censorship, abuse victims, stalker targets, + the US military, and law enforcement, just to name a few. While Tor is not + designed for malicious computer users, it is true that they can use the + network for malicious ends. In reality however, the actual amount of + abuse is quite + low. This is largely because criminals and hackers have significantly + better access to privacy and anonymity than do the regular users whom they + prey upon. Criminals can and do + build, sell, and trade + far larger and + more powerful networks + than Tor on a daily basis. Thus, in the mind of this operator, the social + need for easily accessible censorship-resistant private, anonymous + communication trumps the risk of unskilled bad actors, who are almost + always more easily uncovered by traditional police work than by extensive + monitoring and surveillance anyway. +

+ +

+ In terms of applicable law, the best way to understand Tor is to consider + it a network of routers operating as common carriers, much like the + Internet backbone. However, unlike the Internet backbone routers, Tor + routers explicitly do not contain identifiable routing information about + the source of a packet, and no single Tor node can determine both the + origin and destination of a given transmission. +

+ +

+ As such, there is little the operator of this router can do to help you + track the connection further. This router maintains no logs of any of the + Tor traffic, so there is little that can be done to trace either + legitimate or illegitimate traffic (or to filter one from the other). + Attempts to seize this router will accomplish nothing. +

+ + + +

+ Furthermore, this machine also serves as a carrier of email, which means + that its contents are further protected under the ECPA. + 18 USC 2707 + explicitly allows for civil remedies ($1000/account + plus legal fees) in the event of a seizure executed without + good faith or probable cause (it should be clear at this point that + traffic with an originating IP address of FIXME_DNS_NAME should not + constitute probable cause to seize the machine). Similar considerations + exist for 1st amendment content on this machine. +

+ + + +

+ If you are a representative of a company who feels that this router is + being used to violate the DMCA, please be aware that this machine does not + host or contain any illegal content. Also be aware that network + infrastructure maintainers are not liable for the type of content that + passes over their equipment, in accordance with + DMCA "safe harbor" provisions. In other words, you will have just as much luck sending a takedown + notice to the Internet backbone providers. Please consult + EFF's prepared response + for more information on this matter. +

+ +

For more information, please consult the following documentation:

+ +
    +
  1. + Tor Overview +
    2. +
  2. + Tor Abuse FAQ +
    3. +
  3. + Tor Legal FAQ +
    4. +
+ +

+ That being said, if you still have a complaint about the router, you may + email the maintainer. If + complaints are related to a particular service that is being abused, I + will consider removing that service from my exit policy, which would + prevent my router from allowing that traffic to exit through it. I can + only do this on an IP+destination port basis, however. Common P2P ports + are already blocked. +

+ +

+ You also have the option of blocking this IP address and others on the Tor + network if you so desire. The Tor project provides a + web service + to fetch a list of all IP addresses of Tor exit nodes that allow exiting + to a specified IP:port combination, and an official + DNSRBL is also + available to determine if a given IP address is actually a Tor exit + server. Please be considerate when using these options. It would be + unfortunate to deny all Tor users access to your site indefinitely simply + because of a few bad apples. +

+ +