~hacktivista/4get

0b68d6b2a9928d1b9dae389fbf5b95056e678be0 — lolcat 5 months ago 40da72e + a0b3189
Merge pull request 'docker_tor_documentation' (#22) from docker_tor_documentation into master

Reviewed-on: https://git.lolcat.ca/lolcat/4get/pulls/22
M docker-compose.yaml => docker-compose.yaml +0 -1
@@ 6,7 6,6 @@ services:
    image: luuul/4get:latest
    restart: unless-stopped
    environment:
      - FOURGET_VERSION=6
      - FOURGET_SERVER_NAME=4get.ca

    ports:

M docker/gen_config.php => docker/gen_config.php +2 -2
@@ 66,10 66,10 @@ foreach(($merged_config) as $key => $val){
            // Handle case when original type of field is array and there is a type mismatch when a comma separted string is passed, 
            // then split on comma if string (and not numeric, boolean, null, etc)
            // 
            // except in the case where the inital value in default config is null. Assuming null
            // except in the case where the inital value in default config is null or boolean. Assuming null and boolean
            // in default config will be never be assigned an array
            
            if(gettype($from_config[$key]) != gettype($val) && !is_numeric($val) && !is_null($from_config[$key])) {
            if(gettype($from_config[$key]) != gettype($val) && !is_numeric($val) && !is_null($from_config[$key]) && gettype($from_config[$key]) != "boolean") {
                $stored_value = explode(",", $val);
            } 
            $output = $output . "\tconst " . $key . " = " . type_to_string($stored_value) . ";\n";

A docker/tor/Dockerfile => docker/tor/Dockerfile +18 -0
@@ 0,0 1,18 @@
FROM alpine:edge

RUN apk add --no-cache curl tor 

EXPOSE 9050

HEALTHCHECK --interval=60s --timeout=15s --start-period=20s \
    CMD curl -x socks5h://127.0.0.1:9050 'https://check.torproject.org/api/ip' | grep -qm1 -E '"IsTor"\s*:\s*true'


# default owner is tor, but running as root to avoid docker volume mount issue
RUN chown -R root:root /var/lib/tor

VOLUME ["/var/lib/tor/4get"]

COPY ./torrc /etc/tor/torrc

ENTRYPOINT ["/usr/bin/tor"]

A docker/tor/torrc => docker/tor/torrc +1 -0
@@ 0,0 1,1 @@
SocksPort 0.0.0.0:9050

M docs/docker.md => docs/docker.md +4 -4
@@ 72,7 72,6 @@ services:
    image: luuul/4get:latest
    restart: unless-stopped
    environment:
      - FOURGET_VERSION=6
      - FOURGET_PROTO=http
      - FOURGET_SERVER_NAME=4get.ca



@@ 91,7 90,6 @@ services:
    image: luuul/4get:latest
    restart: unless-stopped
    environment:
      - FOURGET_VERSION=6
      - FOURGET_PROTO=https
      - FOURGET_SERVER_NAME=4get.ca



@@ 117,7 115,6 @@ services:
    image: luuul/4get:latest
    restart: unless-stopped
    environment:
      - FOURGET_VERSION=6
      - FOURGET_PROTO=http
      - FOURGET_SERVER_NAME=4get.ca
      - FOURGET_BOT_PROTECTION=1


@@ 140,7 137,6 @@ services:
    image: luuul/4get:latest
    restart: unless-stopped
    environment:
      - FOURGET_VERSION=6
      - FOURGET_PROTO=http
      - FOURGET_SERVER_NAME=4get.ca



@@ 150,3 146,7 @@ services:
    volumes:
      - ./banners:/var/www/html/4get/banner
```

##### Tor

You can route incoming and outgoing requests through tor by following [docker tor documentation](./docker_tor.md)

A docs/docker_tor.md => docs/docker_tor.md +174 -0
@@ 0,0 1,174 @@
#### Overview

This guide will walk you through using 4get in docker with tor running in
another container. This guide covers how to make outgoing and incoming traffic
go through tor.


##### Starting tor

This guide will use `luuul/tor` which is a simple image that installs and starts
tor in an alpine container SocksPort set to 0.0.0.0:9050 

For additional configuration you can mount your own `torrc` file to `/etc/tor/torrc` 
Remember to set `SocksPort 0.0.0.0:9050` otherwise communication between containers won't work.

You will see this warning `Other people on the Internet might find your computer and use it as an open proxy. Please don't allow this unless you have a good reason.`

This setting is in the torrc of this `luuul/tor` image. If you mount your own torrc then that will be read instead.

If you use `SocksPort 0.0.0.0:9050` anywhere make sure it is inaccessible to outside world.
As long as you don't publish this port (-p or --publish) it shouldn't be accessible to outside world.


Tor always starts a socks5 proxy on port 9050 by default.


##### Route outgoing requests over tor

create a folder named `proxies` and create a file in that folder named `onion.txt`
this folder will be mounted to `/var/www/html/4get/data/proxies/`

directory structure

```
proxies/
  onion.txt
```

put the following content into `onion.txt`
More information about this file available in [proxy documentation](./configure.md#Proxies).

```
# proxies/onion.txt
# Note: "tor" is the service name of luuul/tor in docker-compose.yaml
socks5:tor:9050::
```

create a file named `docker-compose.yaml` with the following content
This docker compose file will run `luuul/tor` and `luuul/4get` and configure 4get to load `proxies/onion.txt` for outgoing requests.

If you mount your own torrc make sure you include `SocksPort 0.0.0.0:9050`
Read the warning in [starting tor](./docker_tor.md#Starting-tor)!

```
# docker-compose.yaml
version: "3.7"

services:
  tor:
    image: luuul/tor:latest
    restart: unless-stopped
    # Warning: Do not publish port 9050
    
  fourget:
    image: luuul/4get:latest
    restart: unless-stopped
    environment:
      - FOURGET_PROTO=http
      - FOURGET_SERVER_NAME=4get.ca
      # loads proxies/onion.txt
      - FOURGET_PROXY_DDG="onion" 
      - FOURGET_PROXY_BRAVE="onion"
      - FOURGET_PROXY_FB="onion"
      - FOURGET_PROXY_GOOGLE="onion"
      - FOURGET_PROXY_QWANT="onion"
      - FOURGET_PROXY_MARGINALIA="onion"
      - FOURGET_PROXY_MOJEEK="onion"
      - FOURGET_PROXY_SC="onion"
      - FOURGET_PROXY_SPOTIFY="onion"
      - FOURGET_PROXY_WIBY="onion"
      - FOURGET_PROXY_CURLIE="onion"
      - FOURGET_PROXY_YT="onion"
      - FOURGET_PROXY_YEP="onion"
      - FOURGET_PROXY_PINTEREST="onion"
      - FOURGET_PROXY_SEZNAM="onion"
      - FOURGET_PROXY_NAVER="onion"
      - FOURGET_PROXY_GREPPR="onion"
      - FOURGET_PROXY_CROWDVIEW="onion"
      - FOURGET_PROXY_MWMBL="onion"
      - FOURGET_PROXY_FTM="onion"
      - FOURGET_PROXY_IMGUR="onion"
      - FOURGET_PROXY_YANDEX_W="onion"
      - FOURGET_PROXY_YANDEX_I="onion"
      - FOURGET_PROXY_YANDEX_V="onion"

    ports:
      - "80:80"
      
    depends_on:
     - tor
     
    volumes:
      - ./proxies/:/var/www/html/4get/data/proxies/
```

You can now start both containers with `docker compose up -d`


#### Route incoming requests over tor

This will create a hidden service that will be accessible via an onion link.

1. create a file named `torrc` with the following content

```
# torrc
User root

HiddenServiceDir /var/lib/tor/4get/
HiddenServicePort 80 fourget:80

```

2. create a folder named "4get" which will contain your hidden service keys.

Make sure it has permission `600` otherwise you will get an error

> Permissions on directory /var/lib/tor/4get/ are too permissive.

you can change permissions with 

```
chmod 600 4get
```

3. Create a folder named "data" that will contain your DataDirectory


4. create a `docker-compose.yaml` with the following content

```
# docker-compose.yaml
version: "3.7"

services:
  fourget:
    image: luuul/4get:latest
    restart: unless-stopped
    environment:
      - FOURGET_PROTO=http
      - FOURGET_SERVER_NAME=4get.ca

    depends_on:
     - tor
     
  tor:
    image: luuul/tor:latest
    restart: unless-stopped
    
    volumes:
      - ./torrc:/etc/tor/torrc
      - ./4get:/var/lib/tor/4get
      - ./data:/root/.tor
```

5. You can now start both with `docker compose up -d`

6. print onion hostname with 

```
docker exec `docker ps -qf ancestor=luuul/tor:latest` sh -c "cat /var/lib/tor/4get/hostname"
```

or `cat ./4get/hostname`