diff --git a/rootfs/tmp/etc/nginx/nginx.conf b/rootfs/tmp/etc/nginx/nginx.conf
index b563b98..c883493 100644
--- a/rootfs/tmp/etc/nginx/nginx.conf
+++ b/rootfs/tmp/etc/nginx/nginx.conf
@@ -21,7 +21,7 @@ http {
access_log /data/logs/nginx/access.REPLACE_SERVER_NAME.log;
server {
- listen REPLACE_SERVER_PORT;
+ listen REPLACE_SERVER_PORT default_server;
server_name REPLACE_SERVER_NAME;
root REPLACE_SERVER_WWW_DIR;
index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php;
@@ -119,4 +119,5 @@ http {
fastcgi_param REDIRECT_STATUS 200;
}
}
+ include /etc/nginx/vhosts.d/*.conf;
}
diff --git a/rootfs/tmp/etc/nginx/vhosts.d/template b/rootfs/tmp/etc/nginx/vhosts.d/template
new file mode 100644
index 0000000..6ec2dcc
--- /dev/null
+++ b/rootfs/tmp/etc/nginx/vhosts.d/template
@@ -0,0 +1,103 @@
+#DO NOT CHANGE THIS FILE
+#Use as template and copy to /etc/nginx/vhosts.d/servername.conf
+
+#Reverse Proxy
+#See /etc/nginx/conf.d/default.conf for proxy servers
+server {
+ server_name REPLACE_ONION_SITE;
+ listen REPLACE_ONION_PORT;
+ keepalive_timeout 75 75;
+ access_log /data/logs/nginx/access.REPLACE_ONION_SITE.log;
+ error_log /data/logs/nginx/error.REPLACE_ONION_SITE.log info;
+ index index.php index.html index.cgi index.pl index.aspx index.txt index.json index.unknown.php index.default.php;
+ add_header X-Frame-Options "SAMEORIGIN" always;
+ add_header X-XSS-Protection "1; mode=block" always;
+ add_header X-Content-Type-Options "nosniff" always;
+ add_header Referrer-Policy "no-referrer-when-downgrade" always;
+ add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
+ add_header Content-Security-Policy "script-src 'self' 'unsafe-inline' 'unsafe-eval' *; frame-src 'self' *; object-src 'self'" always;
+ root REPLACE_ONION_WWW_DIR;
+
+ location / {
+ root REPLACE_ONION_WWW_DIR;
+ }
+
+ location ^~ /favicon.ico {
+ alias REPLACE_SERVER_WWW_DIR/favicon.ico;
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+ location ^~ /robots.txt {
+ default_type "text/plain";
+ alias REPLACE_SERVER_WWW_DIR/robots.txt;
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+ location ^~ /.well-known {
+ default_type "text/plain";
+ alias REPLACE_SERVER_WWW_DIR/.well-known;
+ allow all;
+ log_not_found on;
+ access_log off;
+
+ location ^~ /.well-known/security.txt {
+ default_type "text/plain";
+ alias REPLACE_SERVER_WWW_DIR/security.txt;
+ allow all;
+ log_not_found off;
+ access_log off;
+ }
+ location ^~ /health {
+ default_type "text/plain";
+ allow all;
+ access_log off;
+ return 200 'ok';
+
+ location ^~ /health/txt {
+ default_type "text/plain";
+ allow all;
+ access_log off;
+ return 200 'ok';
+ }
+
+ location ^~ /health/json {
+ default_type "application/json";
+ allow all;
+ access_log off;
+ return 200 '{"status":"OK"}';
+
+ location ^~ /health/status {
+ stub_status;
+
+ location ~ [^/]\.php(/|$) {
+ fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+ if (!-f $document_root$fastcgi_script_name) {
+ return 404;
+ }
+ fastcgi_param HTTP_PROXY "";
+ fastcgi_pass 127.0.0.1:9000;
+ fastcgi_index index.php;
+ fastcgi_param QUERY_STRING $query_string;
+ fastcgi_param REQUEST_METHOD $request_method;
+ fastcgi_param CONTENT_TYPE $content_type;
+ fastcgi_param CONTENT_LENGTH $content_length;
+ fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+ fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+ fastcgi_param REQUEST_URI $request_uri;
+ fastcgi_param DOCUMENT_URI $document_uri;
+ fastcgi_param DOCUMENT_ROOT $document_root;
+ fastcgi_param SERVER_PROTOCOL $server_protocol;
+ fastcgi_param REQUEST_SCHEME $scheme;
+ fastcgi_param HTTPS $https if_not_empty;
+ fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+ fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+ fastcgi_param REMOTE_ADDR $remote_addr;
+ fastcgi_param REMOTE_PORT $remote_port;
+ fastcgi_param SERVER_ADDR $server_addr;
+ fastcgi_param SERVER_PORT $server_port;
+ fastcgi_param SERVER_NAME $server_name;
+ fastcgi_param REDIRECT_STATUS 200;
+ }
+}
diff --git a/rootfs/tmp/etc/unbound/unbound.conf b/rootfs/tmp/etc/unbound/unbound.conf
index 7d4e6e0..bd35acb 100644
--- a/rootfs/tmp/etc/unbound/unbound.conf
+++ b/rootfs/tmp/etc/unbound/unbound.conf
@@ -5,7 +5,7 @@ server:
interface: 0.0.0.0
interface: ::0
interface-automatic: yes
- interface-automatic-ports: "53 8053"
+ interface-automatic-ports: "53 9053"
access-control: 0.0.0.0/0 allow
access-control: ::/0 allow
domain-insecure: "onion"
@@ -18,4 +18,5 @@ forward-zone:
forward-addr: 127.0.0.1@8053
forward-zone:
name: "."
+ forward-addr:
forward-addr: 1.1.1.1
diff --git a/rootfs/usr/local/etc/docker/init.d/03-tor-server.sh b/rootfs/usr/local/etc/docker/init.d/03-tor-server.sh
index aea63e3..965d422 100755
--- a/rootfs/usr/local/etc/docker/init.d/03-tor-server.sh
+++ b/rootfs/usr/local/etc/docker/init.d/03-tor-server.sh
@@ -189,6 +189,7 @@ __execute_prerun() {
# Define environment
local hostname=${HOSTNAME}
# Define actions/commands
+ touch "/tmp/init_tor_services"
sleep 30
# allow custom functions
if builtin type -t __execute_prerun_local | grep -q 'function'; then __execute_prerun_local; fi
@@ -232,6 +233,7 @@ __update_conf_files() {
# custom commands
chmod 600 $RUN_DIR
chown -Rf ${SERVICE_USER:-$RUNAS_USER}:${SERVICE_GROUP:-$RUNAS_USER} $RUN_DIR
+ mkdir -p "/run/tor/sites" && chmod 777 "/run/tor/sites"
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# replace variables
@@ -379,9 +381,11 @@ __post_execute() {
url="$(<"$host")"
echo "$name: $url"
echo ''$name'
' >>"$WWW_ROOT_DIR/hostnames.html"
+ touch "/run/tor/sites/$name"
done
echo "End current hidden services"
fi
+ [ -f "/tmp/init_tor_services" ] && rm -Rf "/tmp/init_tor_services"
(while :; do sleep 10 && __pgrep $EXEC_CMD_BIN >/dev/null || eval $EXEC_CMD_BIN $EXEC_CMD_ARGS >/dev/null; done &)
# show exit message
__banner "$postMessageEnd: Status $retVal"
diff --git a/rootfs/usr/local/etc/docker/init.d/zz-nginx.sh b/rootfs/usr/local/etc/docker/init.d/zz-nginx.sh
index 9c60cd4..f162991 100755
--- a/rootfs/usr/local/etc/docker/init.d/zz-nginx.sh
+++ b/rootfs/usr/local/etc/docker/init.d/zz-nginx.sh
@@ -246,7 +246,20 @@ __update_conf_files() {
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# define actions
-
+ while [ -f "/tmp/init_tor_services" ]; do sleep 5; done
+ for onion_site in "/run/tor/sites"/*; do
+ mkdir -p "/data/htdocs/onions/$onion_site"
+ if [ "$(ls -A "/data/htdocs/onions/$onion_site" | wc -l)" -eq 0 ]; then
+ cp -Rf "/usr/share/httpd/default/hidden_service.html" "/data/htdocs/onions/$onion_site/index.html"
+ fi
+ if [ ! -f "/etc/nginx/vhosts.d/$onion_site.onion.conf" ]; then
+ cp -Rf "/etc/nginx/vhosts.d/template" "/etc/nginx/vhosts.d/$onion_site.onion.conf"
+ sed -i 's|REPLACE_ONION_PORT|'$SERVICE_PORT'|g' "/etc/nginx/vhosts.d/$onion_site.onion.conf"
+ sed -i 's|REPLACE_ONION_SITE|'$onion_site.onion'|g' "/etc/nginx/vhosts.d/$onion_site.onion.conf"
+ sed -i 's|REPLACE_ONION_WWW_DIR|/data/htdocs/onions/'$onion_site'|g' "/etc/nginx/vhosts.d/$onion_site.onion.conf"
+ sed -i 's|REPLACE_ONION_WWW_DIR|/data/htdocs/onions/'$onion_site'|g' "/data/htdocs/onions/$onion_site/index.html"
+ fi
+ done
# allow custom functions
if builtin type -t __update_conf_files_local | grep -q 'function'; then __update_conf_files_local; fi
# exit function
diff --git a/rootfs/usr/share/httpd/default/hidden_service.html b/rootfs/usr/share/httpd/default/hidden_service.html
new file mode 100644
index 0000000..a834212
--- /dev/null
+++ b/rootfs/usr/share/httpd/default/hidden_service.html
@@ -0,0 +1,22 @@
+
+
+
+
+
+
+
+ Welcome!
+
+
+
+
+
+ Welcome to your hidden onion site!
+ This document is located in: REPLACE_ONION_WWW_DIR
+
+
+
+