casjaysdevdocker/tor
1
0
Fork 0
mirror of https://github.com/casjaysdevdocker/tor synced 2025-05-09 14:11:20 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

🗃️ Committing everything that changed 🗃️

Browse Source 
rootfs/tmp/etc/nginx/nginx.conf
rootfs/tmp/etc/nginx/vhosts.d/
rootfs/tmp/etc/unbound/unbound.conf
rootfs/usr/local/etc/docker/init.d/03-tor-server.sh
rootfs/usr/local/etc/docker/init.d/zz-nginx.sh
rootfs/usr/share/httpd/default/hidden_service.html
This commit is contained in:
casjay 2025-05-01 10:32:45 -04:00
parent 938943e7cf
commit b445cbc0d5
Signed by untrusted user who does not match committer: jason
GPG Key ID: 1AB309F42A764145
6 changed files with 147 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
rootfs/tmp/etc/nginx/nginx.conf
View File

@ -21,7 +21,7 @@ http {
access_log /data/logs/nginx/access.REPLACE_SERVER_NAME.log;
server {
listen REPLACE_SERVER_PORT;
listen REPLACE_SERVER_PORT default_server;
server_name REPLACE_SERVER_NAME;
root REPLACE_SERVER_WWW_DIR;
index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php;
@ -119,4 +119,5 @@ http {
fastcgi_param REDIRECT_STATUS 200;
}
}
include /etc/nginx/vhosts.d/*.conf;
}

103
rootfs/tmp/etc/nginx/vhosts.d/template Normal file
View File

@ -0,0 +1,103 @@
#DO NOT CHANGE THIS FILE
#Use as template and copy to /etc/nginx/vhosts.d/servername.conf
#Reverse Proxy
#See /etc/nginx/conf.d/default.conf for proxy servers
server {
server_name REPLACE_ONION_SITE;
listen REPLACE_ONION_PORT;
keepalive_timeout 75 75;
access_log /data/logs/nginx/access.REPLACE_ONION_SITE.log;
error_log /data/logs/nginx/error.REPLACE_ONION_SITE.log info;
index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always;
root REPLACE_ONION_WWW_DIR;
location / {
root REPLACE_ONION_WWW_DIR;
}
location ^~ /favicon.ico {
alias REPLACE_SERVER_WWW_DIR/favicon.ico;
allow all;
log_not_found off;
access_log off;
}
location ^~ /robots.txt {
default_type "text/plain";
alias REPLACE_SERVER_WWW_DIR/robots.txt;
allow all;
log_not_found off;
access_log off;
}
location ^~ /.well-known {
default_type "text/plain";
alias REPLACE_SERVER_WWW_DIR/.well-known;
allow all;
log_not_found on;
access_log off;
location ^~ /.well-known/security.txt {
default_type "text/plain";
alias REPLACE_SERVER_WWW_DIR/security.txt;
allow all;
log_not_found off;
access_log off;
}
location ^~ /health {
default_type "text/plain";
allow all;
access_log off;
return 200 'ok';
location ^~ /health/txt {
default_type "text/plain";
allow all;
access_log off;
return 200 'ok';
}
location ^~ /health/json {
default_type "application/json";
allow all;
access_log off;
return 200 '{"status":"OK"}';
location ^~ /health/status {
stub_status;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REDIRECT_STATUS 200;
}
}

3
rootfs/tmp/etc/unbound/unbound.conf
View File

@ -5,7 +5,7 @@ server:
interface: 0.0.0.0
interface: ::0
interface-automatic: yes
interface-automatic-ports: "53 8053"
interface-automatic-ports: "53 9053"
access-control: 0.0.0.0/0 allow
access-control: ::/0 allow
domain-insecure: "onion"
@ -18,4 +18,5 @@ forward-zone:
forward-addr: 127.0.0.1@8053
forward-zone:
name: "."
forward-addr:
forward-addr: 1.1.1.1

4
rootfs/usr/local/etc/docker/init.d/03-tor-server.sh
View File

@ -189,6 +189,7 @@ __execute_prerun() {
# Define environment
local hostname=${HOSTNAME}
# Define actions/commands
touch "/tmp/init_tor_services"
sleep 30
# allow custom functions
if builtin type -t __execute_prerun_local | grep -q 'function'; then __execute_prerun_local; fi
@ -232,6 +233,7 @@ __update_conf_files() {
# custom commands
chmod 600 $RUN_DIR
chown -Rf ${SERVICE_USER:-$RUNAS_USER}:${SERVICE_GROUP:-$RUNAS_USER} $RUN_DIR
mkdir -p "/run/tor/sites" && chmod 777 "/run/tor/sites"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# replace variables
@ -379,9 +381,11 @@ __post_execute() {
url="$(<"$host")"
echo "$name: $url"
echo '<a href="http://'$url'">'$name'</a><br />' >>"$WWW_ROOT_DIR/hostnames.html"
touch "/run/tor/sites/$name"
done
echo "End current hidden services"
fi
[ -f "/tmp/init_tor_services" ] && rm -Rf "/tmp/init_tor_services"
(while :; do sleep 10 && __pgrep $EXEC_CMD_BIN >/dev/null || eval $EXEC_CMD_BIN $EXEC_CMD_ARGS >/dev/null; done &)
# show exit message
__banner "$postMessageEnd: Status $retVal"

15
rootfs/usr/local/etc/docker/init.d/zz-nginx.sh
View File

@ -246,7 +246,20 @@ __update_conf_files() {
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# define actions
while [ -f "/tmp/init_tor_services" ]; do sleep 5; done
for onion_site in "/run/tor/sites"/*; do
mkdir -p "/data/htdocs/onions/$onion_site"
if [ "$(ls -A "/data/htdocs/onions/$onion_site" | wc -l)" -eq 0 ]; then
cp -Rf "/usr/share/httpd/default/hidden_service.html" "/data/htdocs/onions/$onion_site/index.html"
fi
if [ ! -f "/etc/nginx/vhosts.d/$onion_site.onion.conf" ]; then
cp -Rf "/etc/nginx/vhosts.d/template" "/etc/nginx/vhosts.d/$onion_site.onion.conf"
sed -i 's|REPLACE_ONION_PORT|'$SERVICE_PORT'|g' "/etc/nginx/vhosts.d/$onion_site.onion.conf"
sed -i 's|REPLACE_ONION_SITE|'$onion_site.onion'|g' "/etc/nginx/vhosts.d/$onion_site.onion.conf"
sed -i 's|REPLACE_ONION_WWW_DIR|/data/htdocs/onions/'$onion_site'|g' "/etc/nginx/vhosts.d/$onion_site.onion.conf"
sed -i 's|REPLACE_ONION_WWW_DIR|/data/htdocs/onions/'$onion_site'|g' "/data/htdocs/onions/$onion_site/index.html"
fi
done
# allow custom functions
if builtin type -t __update_conf_files_local | grep -q 'function'; then __update_conf_files_local; fi
# exit function

22
rootfs/usr/share/httpd/default/hidden_service.html Normal file
View File

@ -0,0 +1,22 @@
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="color-scheme" content="dark" />
<link
rel="stylesheet"
href="https://cdn.jsdelivr.net/npm/@picocss/pico@2/css/pico.min.css"
/>
<title>Welcome!</title>
</head>
<body>
<main class="container">
<br /><br /><br />
<h1>
Welcome to your hidden onion site!<br />
This document is located in: REPLACE_ONION_WWW_DIR
</h1>
</main>
</body>
</html>