Vincent Batts
a237673e5c
this container with NET_ADMIN and NET_RAW privileges is fully inside the tor router that it spins up. Which is nice for itself, but then other container can link and use the network as well. Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
31 lines
731 B
Docker
31 lines
731 B
Docker
# run a tor socks proxy in a container
|
|
#
|
|
# docker run -d \
|
|
# --restart always \
|
|
# -v /etc/localtime:/etc/localtime:ro \
|
|
# -p 9050:9050 \
|
|
# --name torproxy \
|
|
# jess/tor-proxy
|
|
#
|
|
FROM r.batts.cloud/debian:bookworm
|
|
LABEL maintainer "vbatts <vbatts@hashbangbash.com>"
|
|
|
|
RUN apt update && \
|
|
apt install -y --no-install-recommends tor iptables gosu && \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# expose socks port
|
|
EXPOSE 9050
|
|
|
|
# copy in our torrc file
|
|
COPY torrc.default /etc/tor/torrc.ours
|
|
COPY rc.firewall /etc/rc.firewall
|
|
COPY entrypoint.sh /entrypoint.sh
|
|
|
|
# make sure files are owned by tor user
|
|
RUN chown -R debian-tor /etc/tor
|
|
|
|
# running as limited user from inside the entrypoint.sh
|
|
#USER debian-tor
|
|
|
|
ENTRYPOINT [ "/entrypoint.sh" ]
|