github/tor-guard-relay
1
1
Fork 0
mirror of https://github.com/r3bo0tbx1/tor-guard-relay.git synced 2026-04-06 00:32:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

feat(v1.1.4): modernize templates, security, and build variants

Browse Source 
This update refines the Tor relay configuration and build process:
- Security: Disables DirPort and adopts ciissversion:2 for ContactInfo.
- Performance: Adds IPv6 support and hardware acceleration options.
- Builds: Establishes Stable vs. Edge variants for better testing cycles.
- Tooling: Integrates nyx.config and cleans up legacy tags.
- Sync: Aligns cosmos-compose and docker-compose templates.
- Update retention policy: Keep last 7 versions

No breaking changes introduced.
This commit is contained in:
rE-Bo0t.bx1
2025-12-21 03:14:39 +08:00
parent ce8cd42875
commit 5120d0d0e9
26 changed files with 329 additions and 282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
.github/workflows/cleanup.yml vendored
View File

@@ -4,12 +4,17 @@ on:
schedule: schedule:
- cron: '0 0 * * 0' - cron: '0 0 * * 0'
workflow_dispatch: workflow_dispatch:
push:
tags:
- 'v*.*.*'
permissions: permissions:
actions: write actions: write
packages: write
jobs: jobs:
clear-cache: clear-cache:
name: 💥 Nuke Caches
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: 💥 Nuke GitHub Actions Cache - name: 💥 Nuke GitHub Actions Cache
@@ -18,4 +23,63 @@ jobs:
run: | run: |
echo "🔍 meaningful-text: check for caches..." echo "🔍 meaningful-text: check for caches..."
gh cache delete --all --repo ${{ github.repository }} || true gh cache delete --all --repo ${{ github.repository }} || true
echo "✅ Cache storage is now empty." echo "✅ Cache storage is now empty."
prune-ghcr:
name: 🧊 Prune GHCR
runs-on: ubuntu-latest
steps:
- name: 🗑️ Delete old GHCR versions
uses: actions/delete-package-versions@v5
with:
package-name: 'onion-relay'
package-type: 'container'
min-versions-to-keep: 14
ignore-versions: '^(latest|edge)$'
delete-only-untagged-versions: 'false'
prune-dockerhub:
name: 🐋 Prune Docker Hub
runs-on: ubuntu-latest
steps:
- name: 📥 Checkout Repository
uses: actions/checkout@v5
- name: 🪄 Clean Docker Hub Tags
env:
DOCKER_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
REPOSITORY: "r3bo0tbx1/onion-relay"
run: |
set -e
echo "🔑 Authenticating with Docker Hub..."
TOKEN=$(curl -s -H "Content-Type: application/json" -X POST \
-d "{\"username\": \"$DOCKER_USERNAME\", \"password\": \"$DOCKER_PASSWORD\"}" \
https://hub.docker.com/v2/users/login/ | jq -r .token)
if [ "$TOKEN" == "null" ] || [ -z "$TOKEN" ]; then
echo "❌ Authentication failed. Check DOCKERHUB_TOKEN."
exit 1
fi
echo "🔍 Fetching tags for $REPOSITORY..."
ALL_TAGS=$(curl -s -H "Authorization: JWT $TOKEN" \
"https://hub.docker.com/v2/repositories/$REPOSITORY/tags/?page_size=100")
# Filter out moving tags and count only the real version tags
VERSION_TAGS=$(echo "$ALL_TAGS" | jq -r '.results | sort_by(.last_updated) | reverse | .[].name' | grep -E -v "^(latest|edge)$" || true)
COUNT=$(echo "$VERSION_TAGS" | wc -w)
echo "📊 Found $COUNT versioned tags."
if [ "$COUNT" -gt 14 ]; then
OLD_TAGS=$(echo "$VERSION_TAGS" | awk 'NR>14')
for TAG in $OLD_TAGS; do
echo "🗑️ Deleting old versioned tag: $TAG"
curl -s -H "Authorization: JWT $TOKEN" -X DELETE \
"https://hub.docker.com/v2/repositories/$REPOSITORY/tags/$TAG/"
done
echo "✅ Docker Hub cleanup complete."
else
echo "✨ Current version count ($COUNT) is within the limit. No deletion needed."
fi

39
.github/workflows/release.yml vendored
View File

@@ -69,7 +69,7 @@ jobs:
run: | run: |
set -e set -e
echo "🔍 Determining version context..." echo "🔍 Determining version context..."
BUILD_VARIANTS="both" # Default: build both variants BUILD_VARIANTS="both"
if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then if [[ "${GITHUB_REF}" == refs/tags/v* ]]; then
VERSION="${GITHUB_REF#refs/tags/v}" VERSION="${GITHUB_REF#refs/tags/v}"
@@ -83,14 +83,12 @@ jobs:
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v1.0.0") LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v1.0.0")
if [[ "${BUILD_MODE}" == "rebuild" ]]; then if [[ "${BUILD_MODE}" == "rebuild" ]]; then
# Rebuild mode: Use last release version (same as weekly)
VERSION="${LATEST_TAG#v}" VERSION="${LATEST_TAG#v}"
BUILD_TYPE="manual-rebuild" BUILD_TYPE="manual-rebuild"
IS_RELEASE="false" IS_RELEASE="false"
echo "🔄 Manual rebuild of last release: ${VERSION} (with updated packages)" echo "🔄 Manual rebuild of last release: ${VERSION} (with updated packages)"
echo " Variants: ${BUILD_VARIANTS}" echo " Variants: ${BUILD_VARIANTS}"
else else
# Version bump mode: Create new version with suffix
VERSION="${LATEST_TAG#v}-manual-${GITHUB_RUN_NUMBER}" VERSION="${LATEST_TAG#v}-manual-${GITHUB_RUN_NUMBER}"
BUILD_TYPE="manual" BUILD_TYPE="manual"
IS_RELEASE="false" IS_RELEASE="false"
@@ -98,25 +96,21 @@ jobs:
echo " Variants: ${BUILD_VARIANTS}" echo " Variants: ${BUILD_VARIANTS}"
fi fi
elif [[ "${GITHUB_EVENT_NAME}" == "schedule" ]]; then elif [[ "${GITHUB_EVENT_NAME}" == "schedule" ]]; then
# Scheduled rebuild: Determine which schedule based on time
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v1.0.0") LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v1.0.0")
VERSION="${LATEST_TAG#v}" VERSION="${LATEST_TAG#v}"
IS_RELEASE="false" IS_RELEASE="false"
CURRENT_HOUR=$(date -u +%H) CURRENT_HOUR=$(date -u +%H)
if [[ "${CURRENT_HOUR}" == "18" ]]; then if [[ "${CURRENT_HOUR}" == "18" ]]; then
# Weekly rebuild (Sundays 18:30 UTC): Build stable only
BUILD_TYPE="weekly" BUILD_TYPE="weekly"
BUILD_VARIANTS="latest" BUILD_VARIANTS="latest"
echo "📅 Weekly rebuild of last release: ${VERSION} (stable variant with updated packages)" echo "📅 Weekly rebuild of last release: ${VERSION} (stable variant with updated packages)"
else else
# Edge-only rebuild (Every 3 days at 12:00 UTC): Build edge only
BUILD_TYPE="edge-rebuild" BUILD_TYPE="edge-rebuild"
BUILD_VARIANTS="edge" BUILD_VARIANTS="edge"
echo "⚡ Edge-only rebuild of last release: ${VERSION} (edge variant with updated packages)" echo "⚡ Edge-only rebuild of last release: ${VERSION} (edge variant with updated packages)"
fi fi
else else
# Fallback (shouldn't happen)
LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v1.0.0") LATEST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "v1.0.0")
VERSION="${LATEST_TAG#v}" VERSION="${LATEST_TAG#v}"
BUILD_TYPE="unknown" BUILD_TYPE="unknown"
@@ -179,7 +173,6 @@ jobs:
BUILD_VARIANTS="${{ needs.determine-version.outputs.build_variants }}" BUILD_VARIANTS="${{ needs.determine-version.outputs.build_variants }}"
VARIANT_NAME="${{ matrix.variant.name }}" VARIANT_NAME="${{ matrix.variant.name }}"
# Determine if this variant should be built
SHOULD_BUILD="false" SHOULD_BUILD="false"
if [ "$BUILD_VARIANTS" = "both" ]; then if [ "$BUILD_VARIANTS" = "both" ]; then
@@ -306,32 +299,24 @@ jobs:
TAGS=() TAGS=()
# Always add GHCR versioned tag
TAGS+=("${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE_NAME }}:${VERSION}${SUFFIX}") TAGS+=("${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE_NAME }}:${VERSION}${SUFFIX}")
if [ "$BUILD_TYPE" = "release" ]; then if [ "$BUILD_TYPE" = "release" ]; then
# New release: Add special tags
if [ "$IS_LATEST" = "true" ]; then if [ "$IS_LATEST" = "true" ]; then
# Stable variant gets :latest
TAGS+=("${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE_NAME }}:latest") TAGS+=("${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE_NAME }}:latest")
else else
# Edge variant gets :edge
TAGS+=("${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE_NAME }}:edge") TAGS+=("${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE_NAME }}:edge")
fi fi
# Add Docker Hub tags
if [ "$PUSH_DOCKERHUB" = "true" ]; then if [ "$PUSH_DOCKERHUB" = "true" ]; then
if [ "$IS_LATEST" = "true" ]; then if [ "$IS_LATEST" = "true" ]; then
# Stable: versioned tag + :latest
TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:${VERSION}") TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:${VERSION}")
TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:latest") TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:latest")
else else
# Edge: only :edge (no versioned tag for Docker Hub)
TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:edge") TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:edge")
fi fi
fi fi
elif [ "$BUILD_TYPE" = "weekly" ] || [ "$BUILD_TYPE" = "manual-rebuild" ] || [ "$BUILD_TYPE" = "edge-rebuild" ]; then elif [ "$BUILD_TYPE" = "weekly" ] || [ "$BUILD_TYPE" = "manual-rebuild" ] || [ "$BUILD_TYPE" = "edge-rebuild" ]; then
# Weekly rebuild, manual rebuild, or edge-only rebuild: Update version tag with fresh packages
if [ "$IS_LATEST" = "true" ]; then if [ "$IS_LATEST" = "true" ]; then
TAGS+=("${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE_NAME }}:latest") TAGS+=("${{ env.GHCR_REGISTRY }}/${{ env.GHCR_IMAGE_NAME }}:latest")
else else
@@ -340,21 +325,17 @@ jobs:
if [ "$PUSH_DOCKERHUB" = "true" ]; then if [ "$PUSH_DOCKERHUB" = "true" ]; then
if [ "$IS_LATEST" = "true" ]; then if [ "$IS_LATEST" = "true" ]; then
# Stable: versioned tag + :latest
TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:${VERSION}") TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:${VERSION}")
TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:latest") TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:latest")
else else
# Edge: only :edge (no versioned tag for Docker Hub)
TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:edge") TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:edge")
fi fi
fi fi
else else
# Manual/validated builds: version tag only
if [ "$PUSH_DOCKERHUB" = "true" ]; then if [ "$PUSH_DOCKERHUB" = "true" ]; then
if [ "$IS_LATEST" = "true" ]; then if [ "$IS_LATEST" = "true" ]; then
TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:${VERSION}") TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:${VERSION}")
else else
# Edge manual builds: only :edge for Docker Hub
TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:edge") TAGS+=("${{ env.DOCKERHUB_IMAGE_NAME }}:edge")
fi fi
fi fi
@@ -400,7 +381,6 @@ jobs:
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "" echo ""
# Install syft for SBOM generation
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
VERSION="${{ needs.determine-version.outputs.version }}" VERSION="${{ needs.determine-version.outputs.version }}"
@@ -412,27 +392,22 @@ jobs:
echo " Image: ${IMAGE}" echo " Image: ${IMAGE}"
echo "" echo ""
# Generate CycloneDX JSON
echo "📄 Generating CycloneDX JSON format..." echo "📄 Generating CycloneDX JSON format..."
syft "${IMAGE}" -o cyclonedx-json > "sbom-${VARIANT}-cyclonedx-v${VERSION}.json" syft "${IMAGE}" -o cyclonedx-json > "sbom-${VARIANT}-cyclonedx-v${VERSION}.json"
echo " ✅ sbom-${VARIANT}-cyclonedx-v${VERSION}.json" echo " ✅ sbom-${VARIANT}-cyclonedx-v${VERSION}.json"
# Generate CycloneDX XML
echo "📄 Generating CycloneDX XML format..." echo "📄 Generating CycloneDX XML format..."
syft "${IMAGE}" -o cyclonedx-xml > "sbom-${VARIANT}-cyclonedx-v${VERSION}.xml" syft "${IMAGE}" -o cyclonedx-xml > "sbom-${VARIANT}-cyclonedx-v${VERSION}.xml"
echo " ✅ sbom-${VARIANT}-cyclonedx-v${VERSION}.xml" echo " ✅ sbom-${VARIANT}-cyclonedx-v${VERSION}.xml"
# Generate SPDX JSON
echo "📄 Generating SPDX JSON format..." echo "📄 Generating SPDX JSON format..."
syft "${IMAGE}" -o spdx-json > "sbom-${VARIANT}-spdx-v${VERSION}.json" syft "${IMAGE}" -o spdx-json > "sbom-${VARIANT}-spdx-v${VERSION}.json"
echo " ✅ sbom-${VARIANT}-spdx-v${VERSION}.json" echo " ✅ sbom-${VARIANT}-spdx-v${VERSION}.json"
# Generate SPDX tag-value
echo "📄 Generating SPDX tag-value format..." echo "📄 Generating SPDX tag-value format..."
syft "${IMAGE}" -o spdx-tag-value > "sbom-${VARIANT}-spdx-v${VERSION}.spdx" syft "${IMAGE}" -o spdx-tag-value > "sbom-${VARIANT}-spdx-v${VERSION}.spdx"
echo " ✅ sbom-${VARIANT}-spdx-v${VERSION}.spdx" echo " ✅ sbom-${VARIANT}-spdx-v${VERSION}.spdx"
# Generate human-readable table
echo "📄 Generating human-readable table..." echo "📄 Generating human-readable table..."
syft "${IMAGE}" -o table > "sbom-${VARIANT}-table-v${VERSION}.txt" syft "${IMAGE}" -o table > "sbom-${VARIANT}-table-v${VERSION}.txt"
echo " ✅ sbom-${VARIANT}-table-v${VERSION}.txt" echo " ✅ sbom-${VARIANT}-table-v${VERSION}.txt"
@@ -453,7 +428,7 @@ jobs:
sbom-${{ matrix.variant.name }}-*.xml sbom-${{ matrix.variant.name }}-*.xml
sbom-${{ matrix.variant.name }}-*.spdx sbom-${{ matrix.variant.name }}-*.spdx
sbom-${{ matrix.variant.name }}-*.txt sbom-${{ matrix.variant.name }}-*.txt
retention-days: 90 retention-days: 7
release-notes: release-notes:
name: 📝 Generate Release Notes name: 📝 Generate Release Notes
@@ -478,7 +453,6 @@ jobs:
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "" echo ""
# Try to extract from CHANGELOG.md first
CHANGELOG_FOUND=0 CHANGELOG_FOUND=0
if [ -f CHANGELOG.md ]; then if [ -f CHANGELOG.md ]; then
@@ -490,9 +464,10 @@ jobs:
p p
' CHANGELOG.md > tmp_notes.txt ' CHANGELOG.md > tmp_notes.txt
sed -i '/^$/N;/^\n$/D' tmp_notes.txt 2>/dev/null || true
if [ -s tmp_notes.txt ]; then if [ -s tmp_notes.txt ]; then
sed -i '${/^---[[:space:]]*$/d;}' tmp_notes.txt
sed -i ':a; /^[ \n\r\t]*$/ { $d; N; ba }' tmp_notes.txt 2>/dev/null || true
echo "✅ Found changelog section for v${VERSION} in CHANGELOG.md" echo "✅ Found changelog section for v${VERSION} in CHANGELOG.md"
CHANGELOG_FOUND=1 CHANGELOG_FOUND=1
@@ -506,17 +481,14 @@ jobs:
echo "⚠️ CHANGELOG.md not found" echo "⚠️ CHANGELOG.md not found"
fi fi
# Fall back to auto-generated notes from commits
if [ "$CHANGELOG_FOUND" = "0" ]; then if [ "$CHANGELOG_FOUND" = "0" ]; then
echo "📋 Auto-generating release notes from commits..." echo "📋 Auto-generating release notes from commits..."
if [ -x scripts/release/generate-release-notes.sh ]; then if [ -x scripts/release/generate-release-notes.sh ]; then
# Use auto-generation script
chmod +x scripts/release/generate-release-notes.sh chmod +x scripts/release/generate-release-notes.sh
./scripts/release/generate-release-notes.sh --format github "${VERSION}" > release_notes.md ./scripts/release/generate-release-notes.sh --format github "${VERSION}" > release_notes.md
echo "✅ Auto-generated release notes from conventional commits" echo "✅ Auto-generated release notes from conventional commits"
else else
# Simple fallback
echo "## 🧅 Tor Guard Relay v${VERSION}" > release_notes.md echo "## 🧅 Tor Guard Relay v${VERSION}" > release_notes.md
echo "" >> release_notes.md echo "" >> release_notes.md
echo "### Changes" >> release_notes.md echo "### Changes" >> release_notes.md
@@ -529,7 +501,6 @@ jobs:
fi fi
fi fi
# Append Docker images and SBOM info
echo "" >> release_notes.md echo "" >> release_notes.md
echo "---" >> release_notes.md echo "---" >> release_notes.md
echo "" >> release_notes.md echo "" >> release_notes.md

2
.github/workflows/validate.yml vendored
View File

@@ -508,7 +508,7 @@ jobs:
with: with:
name: trivy-security-report name: trivy-security-report
path: trivy-full-report.json path: trivy-full-report.json
retention-days: 30 retention-days: 7
continue-on-error: true continue-on-error: true
- name: 📋 Generate Security Summary - name: 📋 Generate Security Summary

9
.gitignore vendored
View File

@@ -1,21 +1,12 @@
# Act secrets file
.secrets .secrets
# Docker volumes
tor-data/ tor-data/
tor-logs/ tor-logs/
# IDE
.vscode/ .vscode/
.idea/ .idea/
*.swp *.swp
*.swo *.swo
*~ *~
# OS
.DS_Store .DS_Store
Thumbs.db Thumbs.db
# Temporary files
*.tmp *.tmp
*.log *.log

36
CHANGELOG.md
View File

@@ -16,6 +16,33 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
--- ---
## [1.1.4] - 2025-12-21
### 🏗️ Build Variants
| Variant | Base Image | Tags | Registries | Notes |
| :--- | :--- | :--- | :--- | :--- |
| **🟢 Stable** | Alpine 3.23.2 | `:latest`, `:1.1.4` | Docker Hub, GHCR | **Recommended** for production. |
| **⚠️ Edge** | Alpine Edge | `:edge`, `:1.1.4-edge` | GHCR Only | Testing only; not for production. |
### ⚙️ Changed (Refactor)
* **Tor Configuration:** Modernized relay templates and hardened security defaults.
* **Networking:** Disabled `DirPort` (set to `0`) across all relay types and compose templates.
* **Metadata:** Updated `ContactInfo` to follow the `ciissversion:2` format.
* **Policy Refinement:** Enhanced exit policies and security for Exit, Guard, and Bridge roles.
* **Synchronization:** Unified configurations across `cosmos-compose` and `docker-compose`.
### Added
* **Monitoring:** Integrated `nyx.config` for enhanced relay visualization.
* **Performance:** Added support for **IPv6** and hardware acceleration.
### 🗑️ Removed
* **Maintenance:** Updated retention policy to keep the last **7 releases** (14 tags) and purge legacy build artifacts.
> **BREAKING CHANGES:** None.
---
## [1.1.3] - 2025-12-05 ## [1.1.3] - 2025-12-05
### ⚡ Optimization & Tooling Update ### ⚡ Optimization & Tooling Update
@@ -406,15 +433,16 @@ BREAKING CHANGES: None
| Version | Status | Support Level | | Version | Status | Support Level |
| --------- | --------------------- | ------------------------------------------- | | --------- | --------------------- | ------------------------------------------- |
| **1.1.3** | 🟢 🛡️ **Active** | Full support (current stable) | | **1.1.4** | 🟢 🛡️ **Active** | Full support (current stable) |
| **1.1.1** | 🟡 🔧 **Maintenance** | Security + critical fixes only | | **1.1.3** | 🟡 🔧 **Maintenance** | Security + critical fixes only |
| **1.0.8** | 🟠 ⚠️ **Legacy** | Security patches only upgrade recommended | | **1.1.2** | 🟠 ⚠️ **Legacy** | Security patches only upgrade recommended |
| **1.0.9** | 🔴 ❌ **EOL** | No support upgrade immediately | | **< 1.1.2** | 🔴 ❌ **EOL** | No support upgrade immediately |
--- ---
## 🔗 Release Links ## 🔗 Release Links
[1.1.4]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.4
[1.1.3]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.3 [1.1.3]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.3
[1.1.2]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.2 [1.1.2]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.2
[1.1.1]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.1 [1.1.1]: https://github.com/r3bo0tbx1/tor-guard-relay/releases/tag/v1.1.1

3
Dockerfile
View File

@@ -76,7 +76,6 @@ ENV TOR_DATA_DIR=/var/lib/tor \
TOR_NICKNAME="" \ TOR_NICKNAME="" \
TOR_CONTACT_INFO="" \ TOR_CONTACT_INFO="" \
TOR_ORPORT=9001 \ TOR_ORPORT=9001 \
TOR_DIRPORT=9030 \
TOR_OBFS4_PORT=9002 \ TOR_OBFS4_PORT=9002 \
TOR_BANDWIDTH_RATE="" \ TOR_BANDWIDTH_RATE="" \
TOR_BANDWIDTH_BURST="" \ TOR_BANDWIDTH_BURST="" \
@@ -87,7 +86,7 @@ RUN rm -rf /usr/share/man /tmp/* /var/tmp/* /root/.cache/*
USER tor USER tor
EXPOSE 9001 9030 9002 EXPOSE 9001 9002
HEALTHCHECK --interval=10m --timeout=15s --start-period=30s --retries=3 \ HEALTHCHECK --interval=10m --timeout=15s --start-period=30s --retries=3 \
CMD /usr/local/bin/healthcheck.sh CMD /usr/local/bin/healthcheck.sh

3
Dockerfile.edge
View File

@@ -76,7 +76,6 @@ ENV TOR_DATA_DIR=/var/lib/tor \
TOR_NICKNAME="" \ TOR_NICKNAME="" \
TOR_CONTACT_INFO="" \ TOR_CONTACT_INFO="" \
TOR_ORPORT=9001 \ TOR_ORPORT=9001 \
TOR_DIRPORT=9030 \
TOR_OBFS4_PORT=9002 \ TOR_OBFS4_PORT=9002 \
TOR_BANDWIDTH_RATE="" \ TOR_BANDWIDTH_RATE="" \
TOR_BANDWIDTH_BURST="" \ TOR_BANDWIDTH_BURST="" \
@@ -87,7 +86,7 @@ RUN rm -rf /usr/share/man /tmp/* /var/tmp/* /root/.cache/*
USER tor USER tor
EXPOSE 9001 9030 9002 EXPOSE 9001 9002
HEALTHCHECK --interval=10m --timeout=15s --start-period=30s --retries=3 \ HEALTHCHECK --interval=10m --timeout=15s --start-period=30s --retries=3 \
CMD /usr/local/bin/healthcheck.sh CMD /usr/local/bin/healthcheck.sh

179
README.md
View File

@@ -1,4 +1,3 @@
<a id="readme-top"></a> <a id="readme-top"></a>
<div align="center"> <div align="center">
@@ -14,13 +13,13 @@
**A hardened, production-ready Tor relay with built-in diagnostics and monitoring** **A hardened, production-ready Tor relay with built-in diagnostics and monitoring**
[Quick Start](#-quick-start) • [Features](#-key-features) • [Documentation](#-documentation) • [FAQ](docs/FAQ.md) • [Architecture](docs/ARCHITECTURE.md) • [Tools](#-diagnostic-tools) • [Contributing](#-contributing) [Quick Start](#quick-start) • [Features](#key-features) • [Documentation](#documentation) • [FAQ](docs/FAQ.md) • [Architecture](docs/ARCHITECTURE.md) • [Tools](#diagnostic-tools) • [Contributing](#contributing)
</div> </div>
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🚀 What is This?</div> ## 🚀 What is This?
**Tor Guard Relay** is a production-ready, self-healing Tor relay container designed for privacy advocates who want to contribute to the Tor network securely and efficiently. **Tor Guard Relay** is a production-ready, self-healing Tor relay container designed for privacy advocates who want to contribute to the Tor network securely and efficiently.
@@ -28,7 +27,7 @@
### Why Choose This Project? ### Why Choose This Project?
- 🛡️ **Security-First** - Hardened Alpine Linux, non-root operation - 🛡️ **Security-First** - Hardened Alpine Linux, non-root operation, and minimized port exposure
- 🪶 **Very light** - Ultra-minimal 16.8 MB image - 🪶 **Very light** - Ultra-minimal 16.8 MB image
- 🎯 **Simple** - One command to deploy, minimal configuration needed - 🎯 **Simple** - One command to deploy, minimal configuration needed
- 📊 **Observable** - 5 busybox-only diagnostic tools with JSON health API - 📊 **Observable** - 5 busybox-only diagnostic tools with JSON health API
@@ -37,29 +36,29 @@
- 📚 **Documented** - Comprehensive guides for deployment, monitoring, backup, and more - 📚 **Documented** - Comprehensive guides for deployment, monitoring, backup, and more
- 🏗️ **Multi-Arch** - Native support for AMD64 and ARM64 (Raspberry Pi, AWS Graviton, etc.) - 🏗️ **Multi-Arch** - Native support for AMD64 and ARM64 (Raspberry Pi, AWS Graviton, etc.)
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🔒 Security Model</div> ## 🔒 Security Model
**Port Exposure Policy** ### Port Exposure Policy
- **9001** ORPort, public - **9001** ORPort, public
- **9030** DirPort, public for guard and exit - **9030** DirPort, **Disabled (0)** by default in v1.1.4
- **9002** obfs4 for bridge mode - **9002** obfs4 for bridge mode
**Environment Variables** ### Environment Variables
- `TOR_ORPORT` default 9001 - `TOR_ORPORT` default 9001
- `TOR_DIRPORT` default 9030 - `TOR_DIRPORT` default 0 (Disabled)
- `TOR_OBFS4_PORT` default 9002 - `TOR_OBFS4_PORT` default 9002
Diagnostics are run only through `docker exec`, with no exposed monitoring ports. Diagnostics are run only through `docker exec`, with no exposed monitoring ports.
Minimal surface area, roughly 16.8 MB. Minimal surface area, roughly 16.8 MB.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ ⚡ Quick Start</div> ## ⚡ Quick Start
### System Requirements ### System Requirements
@@ -77,7 +76,7 @@ Minimal surface area, roughly 16.8 MB.
### Network Security Notes ### Network Security Notes
⚠️ **Port Exposure:** ⚠️ **Port Exposure:**
- **Guard/Middle/Exit:** Ports 9001 (ORPort) and 9030 (DirPort) should be publicly accessible - **Guard/Middle/Exit:** Port 9001 (ORPort) should be publicly accessible
- **Bridge:** Ports 9001 (ORPort) and 9002 (obfs4) should be publicly accessible - **Bridge:** Ports 9001 (ORPort) and 9002 (obfs4) should be publicly accessible
- **No monitoring ports** - all diagnostics via `docker exec` commands only - **No monitoring ports** - all diagnostics via `docker exec` commands only
- Use `--network host` for best IPv6 support (Tor recommended practice) - Use `--network host` for best IPv6 support (Tor recommended practice)
@@ -109,7 +108,7 @@ curl -o relay.conf https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/r
nano relay.conf nano relay.conf
``` ```
### **Step 2:** Run (Docker Hub) **Step 2:** Run (Docker Hub)
```bash ```bash
docker run -d \ docker run -d \
@@ -123,7 +122,8 @@ docker run -d \
r3bo0tbx1/onion-relay:latest r3bo0tbx1/onion-relay:latest
``` ```
### **Step 3:** Verify it's running: **Step 3:** Verify it's running:
```bash ```bash
# Check status # Check status
docker exec tor-relay status docker exec tor-relay status
@@ -139,15 +139,15 @@ docker logs -f tor-relay
> 📖 **Need more?** See our comprehensive [Deployment Guide](docs/DEPLOYMENT.md) for Docker Compose, Cosmos Cloud, Portainer, and advanced setups. > 📖 **Need more?** See our comprehensive [Deployment Guide](docs/DEPLOYMENT.md) for Docker Compose, Cosmos Cloud, Portainer, and advanced setups.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🎯 Choosing a Variant</div> ## 🎯 Choosing a Variant
We offer **two build variants** to match your risk tolerance and requirements: We offer **two build variants** to match your risk tolerance and requirements:
### Stable Variant (Recommended) ### Stable Variant (Recommended)
**Base:** Alpine 3.23.0 | **Recommended for:** Production relays **Base:** Alpine 3.23.2 | **Recommended for:** Production relays
- ✅ Battle-tested Alpine stable release - ✅ Battle-tested Alpine stable release
- ✅ Weekly automated rebuilds with latest security patches - ✅ Weekly automated rebuilds with latest security patches
@@ -157,11 +157,11 @@ We offer **two build variants** to match your risk tolerance and requirements:
```bash ```bash
# Pull from Docker Hub (easiest) # Pull from Docker Hub (easiest)
docker pull r3bo0tbx1/onion-relay:latest docker pull r3bo0tbx1/onion-relay:latest
docker pull r3bo0tbx1/onion-relay:1.1.3 docker pull r3bo0tbx1/onion-relay:1.1.4
# Pull from GHCR # Pull from GHCR
docker pull ghcr.io/r3bo0tbx1/onion-relay:latest docker pull ghcr.io/r3bo0tbx1/onion-relay:latest
docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.3 docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.4
``` ```
### Edge Variant (Testing Only) ### Edge Variant (Testing Only)
@@ -180,7 +180,7 @@ docker pull r3bo0tbx1/onion-relay:edge
# Pull from GHCR # Pull from GHCR
docker pull ghcr.io/r3bo0tbx1/onion-relay:edge docker pull ghcr.io/r3bo0tbx1/onion-relay:edge
docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.3-edge docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.4-edge
``` ```
**When to use edge:** **When to use edge:**
@@ -195,16 +195,16 @@ docker pull ghcr.io/r3bo0tbx1/onion-relay:1.1.3-edge
|---------|--------|------| |---------|--------|------|
| Production ready | ✅ Yes | ❌ No | | Production ready | ✅ Yes | ❌ No |
| Breaking changes | ❌ Rare | ⚠️ Possible | | Breaking changes | ❌ Rare | ⚠️ Possible |
| Security updates | Weekly | Weekly (newer packages) | | Security updates | Weekly | Every 3 days |
| Package versions | Proven | Bleeding edge | | Package versions | 3.23.2 | Bleeding edge |
| Docker Hub | ✅ Yes | ✅ Yes | | Docker Hub | ✅ Yes | ✅ Yes |
| GHCR | ✅ Yes | ✅ Yes | | GHCR | ✅ Yes | ✅ Yes |
> 💡 **Our recommendation:** Use **stable** for production relays, **edge** only for testing or when you specifically need the latest package versions. > 💡 **Our recommendation:** Use **stable** for production relays, **edge** only for testing or when you specifically need the latest package versions.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🏗️ Deployment Methods</div> ## 🏗️ Deployment Methods
Choose the method that fits your workflow. Choose the method that fits your workflow.
@@ -226,11 +226,11 @@ Running multiple relays? We have templates for that:
See [Deployment Guide](docs/DEPLOYMENT.md) for complete instructions. See [Deployment Guide](docs/DEPLOYMENT.md) for complete instructions.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🔧 Diagnostic Tools</div> ## 🔧 Diagnostic Tools
Version >=v1.1.1 includes five busybox-only tools. Version >v1.1.1 includes five busybox-only tools.
| Tool | Purpose | Usage | | Tool | Purpose | Usage |
|------|---------|--------| |------|---------|--------|
@@ -263,9 +263,9 @@ Example JSON:
> 📖 **Complete reference:** See [Tools Documentation](docs/TOOLS.md) for all 5 tools with examples, JSON schema, and integration guides. > 📖 **Complete reference:** See [Tools Documentation](docs/TOOLS.md) for all 5 tools with examples, JSON schema, and integration guides.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 📊 Monitoring and Observability</div> ## 📊 Monitoring and Observability
<br> <br>
<div align="center"> <div align="center">
@@ -273,17 +273,17 @@ Example JSON:
</div> </div>
<br> <br>
**>=v1.1.2 supports both real-time CLI monitoring and external observability** for minimal image size and maximum security. **>v1.1.2 supports both real-time CLI monitoring and external observability** for minimal image size and maximum security.
### Real-Time Monitoring (Nyx) ### Real-Time Monitoring (Nyx)
You can connect Nyx (formerly arm) to your relay securely using the Control Port. You can connect Nyx (formerly arm) to your relay securely using the Control Port.
1. Generate credentials: docker exec tor-relay gen-auth 1. Generate credentials: `docker exec tor-relay gen-auth`
2. Add the hash to your config. 2. Add the hash to your config
3. Connect via local socket or TCP. 3. Connect via local socket or TCP
> 📖 Full Setup: See the [Control Port Guide](docs/CONTROL-PORT.md) for step-by-step Nyx configuration. > 📖 **Full Setup:** See the [Control Port Guide](docs/CONTROL-PORT.md) for step-by-step Nyx configuration.
### JSON Health API ### JSON Health API
@@ -324,9 +324,9 @@ STATUS=$(echo "$HEALTH" | jq -r '.status')
> 📖 **Complete guide:** See [Monitoring Documentation](docs/MONITORING.md) for Prometheus, Grafana, alert integration, and observability setup. > 📖 **Complete guide:** See [Monitoring Documentation](docs/MONITORING.md) for Prometheus, Grafana, alert integration, and observability setup.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🎯 Key Features</div> ## 🎯 Key Features
### Security & Reliability ### Security & Reliability
- ✅ Non-root execution (runs as `tor` user) - ✅ Non-root execution (runs as `tor` user)
@@ -346,6 +346,7 @@ STATUS=$(echo "$HEALTH" | jq -r '.status')
-**Weekly security rebuilds** via GitHub Actions -**Weekly security rebuilds** via GitHub Actions
-**Docker Compose templates** for single/multi-relay -**Docker Compose templates** for single/multi-relay
-**Cosmos Cloud support** with one-click deploy -**Cosmos Cloud support** with one-click deploy
-**Automated Maintenance:** Keeps last 7 releases in registry
### Developer Experience ### Developer Experience
- ✅ Comprehensive documentation (8 guides) - ✅ Comprehensive documentation (8 guides)
@@ -355,9 +356,9 @@ STATUS=$(echo "$HEALTH" | jq -r '.status')
- ✅ CI/CD validation and testing - ✅ CI/CD validation and testing
- ✅ Multi-arch support (same command, any platform) - ✅ Multi-arch support (same command, any platform)
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🖼️ Gallery</div> ## 🖼️ Gallery
| Cosmos Cloud Dashboard | Docker Logs (Bootstrapping) | | Cosmos Cloud Dashboard | Docker Logs (Bootstrapping) |
|:-----------------------:|:---------------------------:| |:-----------------------:|:---------------------------:|
@@ -365,19 +366,18 @@ STATUS=$(echo "$HEALTH" | jq -r '.status')
| Relay Status Tool | Obfs4 Bridge Line | | Relay Status Tool | Obfs4 Bridge Line |
| ![Relay](src/screenshots/relay-status.png) | ![Obfs4](src/screenshots/bridge-line.png) | | ![Relay](src/screenshots/relay-status.png) | ![Obfs4](src/screenshots/bridge-line.png) |
---
<br> ## 📚 Documentation
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 📚 Documentation</div> **>v1.1.1 includes comprehensive documentation** organized by topic:
**>=v1.1.1 includes comprehensive documentation** organized by topic:
### Getting Started ### Getting Started
- **[FAQ](docs/FAQ.md)** - ⭐ **NEW!** Frequently asked questions with factual answers - **[FAQ](docs/FAQ.md)** - ⭐ **NEW!** Frequently asked questions with factual answers
- **[Quick Start Script](scripts/utilities/quick-start.sh)** - ⭐ **NEW!** Interactive relay deployment wizard - **[Quick Start Script](scripts/utilities/quick-start.sh)** - ⭐ **NEW!** Interactive relay deployment wizard
- **[Migration Assistant](scripts/migration/migrate-from-official.sh)** - ⭐ **NEW!** Automated migration from thetorproject/obfs4-bridge - **[Migration Assistant](scripts/migration/migrate-from-official.sh)** - ⭐ **NEW!** Automated migration from thetorproject/obfs4-bridge
- **[Deployment Guide](docs/DEPLOYMENT.md)** - ✨ **UPDATED!** Complete installation for Docker CLI, Compose, Cosmos Cloud, and Portainer - **[Deployment Guide](docs/DEPLOYMENT.md)** - ✨ **UPDATED!** Complete installation for Docker CLI, Compose, Cosmos Cloud, and Portainer
- **[Migration Guide](docs/MIGRATION-V1.1.X.md)** - Upgrade to >=v1.1.1 or migrate from other Tor setups - **[Migration Guide](docs/MIGRATION-V1.1.X.md)** - Upgrade to > v1.1.1 or migrate from other Tor setups
### Technical Reference ### Technical Reference
- **[Architecture](docs/ARCHITECTURE.md)** - ⭐ **NEW!** Technical architecture with Mermaid diagrams - **[Architecture](docs/ARCHITECTURE.md)** - ⭐ **NEW!** Technical architecture with Mermaid diagrams
@@ -399,9 +399,9 @@ STATUS=$(echo "$HEALTH" | jq -r '.status')
> 💡 **Tip:** Start with the [FAQ](docs/FAQ.md) for quick answers or [Documentation Index](docs/README.md) for complete navigation. > 💡 **Tip:** Start with the [FAQ](docs/FAQ.md) for quick answers or [Documentation Index](docs/README.md) for complete navigation.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🛠️ Configuration</div> ## 🛠️ Configuration
### Minimal Configuration ### Minimal Configuration
@@ -436,9 +436,9 @@ Examples are found in the [`examples/`](examples/) directory for complete, annot
> 📖 **Configuration help:** See [Deployment Guide](docs/DEPLOYMENT.md#configuration) for complete reference. > 📖 **Configuration help:** See [Deployment Guide](docs/DEPLOYMENT.md#configuration) for complete reference.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🔍 Monitoring Your Relay</div> ## 🔍 Monitoring Your Relay
### Check Bootstrap Status ### Check Bootstrap Status
@@ -451,7 +451,6 @@ docker exec tor-relay health
# Parse specific field with jq (requires jq on host) # Parse specific field with jq (requires jq on host)
docker exec tor-relay health | jq .bootstrap docker exec tor-relay health | jq .bootstrap
```r exec tor-relay health | jq .bootstrap
``` ```
### View on Tor Metrics ### View on Tor Metrics
@@ -476,9 +475,9 @@ Search by:
> 📖 **Detailed monitoring:** See [Monitoring Guide](docs/MONITORING.md) for complete observability setup with Prometheus and Grafana. > 📖 **Detailed monitoring:** See [Monitoring Guide](docs/MONITORING.md) for complete observability setup with Prometheus and Grafana.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🐛 Troubleshooting</div> ## 🐛 Troubleshooting
### Quick Diagnostics ### Quick Diagnostics
@@ -510,9 +509,9 @@ docker exec tor-relay gen-auth
> 📖 **Full troubleshooting:** See [Tools Documentation](docs/TOOLS.md#troubleshooting) for detailed diagnostic procedures. > 📖 **Full troubleshooting:** See [Tools Documentation](docs/TOOLS.md#troubleshooting) for detailed diagnostic procedures.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🏢 Architecture and Design</div> ## 🏢 Architecture and Design
> 📐 **NEW:** See the complete [Architecture Documentation](docs/ARCHITECTURE.md) for detailed technical design with Mermaid diagrams covering: > 📐 **NEW:** See the complete [Architecture Documentation](docs/ARCHITECTURE.md) for detailed technical design with Mermaid diagrams covering:
> - Container lifecycle and initialization flow (6 phases) > - Container lifecycle and initialization flow (6 phases)
@@ -522,7 +521,7 @@ docker exec tor-relay gen-auth
> - Diagnostic tools architecture > - Diagnostic tools architecture
> - Signal handling and graceful shutdown > - Signal handling and graceful shutdown
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 📊 Flowchart</div> ### Flowchart
```mermaid ```mermaid
flowchart TB flowchart TB
@@ -678,9 +677,9 @@ Verify what you got:
docker exec tor-relay cat /build-info.txt | grep Architecture docker exec tor-relay cat /build-info.txt | grep Architecture
``` ```
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🤝 Contributing</div> ## 🤝 Contributing
Contributions are welcome. Contributions are welcome.
@@ -707,19 +706,22 @@ docker run --rm tor-relay:dev status
See [Contributing Guide](CONTRIBUTING.md) for detailed instructions. See [Contributing Guide](CONTRIBUTING.md) for detailed instructions.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 📦 Templates and Examples</div> ## 📦 Templates and Examples
All templates are in the [`templates/`](templates/) directory: All templates are in the [`templates/`](templates/) directory:
### Docker Compose ### Docker Compose
- [docker-compose.yml](templates/docker-compose.yml) - Single relay - [docker-compose.yml](templates/docker-compose/docker-compose.yml) - Single relay
- [docker-compose-multi-relay.yml](templates/docker-compose-multi-relay.yml) - 3 relays + monitoring - [docker-compose-multi-relay.yml](templates/docker-compose/docker-compose-multi-relay.yml) - 3 relays + monitoring
### Cosmos Cloud ### Cosmos Cloud
- [cosmos-compose.json](templates/cosmos-compose.json) - Single relay - [cosmos-compose.json](templates/cosmos-compose/cosmos-compose.json) - Single relay
- [cosmos-compose-multi-relay.json](templates/cosmos-compose-multi-relay.json) - Multi-relay stack - [cosmos-compose-multi-relay.json](templates/cosmos-compose/cosmos-compose-multi-relay.json) - Multi-relay stack
### Tor Exit Notice
You can find them in [`templates/tor-exit-notice`](templates/tor-exit-notice) directory
### Monitoring ### Monitoring
See [Monitoring Guide](docs/MONITORING.md) for external monitoring integration examples with Prometheus, Nagios, and other tools See [Monitoring Guide](docs/MONITORING.md) for external monitoring integration examples with Prometheus, Nagios, and other tools
@@ -727,9 +729,9 @@ See [Monitoring Guide](docs/MONITORING.md) for external monitoring integration e
### Configuration Examples ### Configuration Examples
See [`examples/`](examples/) directory for relay configurations. See [`examples/`](examples/) directory for relay configurations.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🔐 Security</div> ## 🔐 Security
### Best Practices ### Best Practices
@@ -750,22 +752,22 @@ Images are automatically rebuilt on separate schedules to include security patch
**Stable Variant** (`:latest`) **Stable Variant** (`:latest`)
- **Schedule:** Every Sunday at 18:30 UTC - **Schedule:** Every Sunday at 18:30 UTC
- **Includes:** Latest Tor + Alpine 3.23.0 updates - **Includes:** Latest Tor + Alpine 3.23.2 updates
- **Strategy:** Overwrites last release version (e.g., `:1.1.3`) with updated packages - **Strategy:** Overwrites last release version (e.g., `:1.1.4`) with updated packages
- **Tags Updated:** `:latest` and version tags (e.g., `:1.1.3`) - **Tags Updated:** `:latest` and version tags (e.g., `:1.1.4`)
**Edge Variant** (`:edge`) **Edge Variant** (`:edge`)
- **Schedule:** Every 3 days at 12:00 UTC (independent schedule) - **Schedule:** Every 3 days at 12:00 UTC (independent schedule)
- **Includes:** Latest Tor + Alpine edge (bleeding-edge) updates - **Includes:** Latest Tor + Alpine edge (bleeding-edge) updates
- **Strategy:** Overwrites last release version (e.g., `:1.1.3-edge`) with updated packages - **Strategy:** Overwrites last release version (e.g., `:1.1.4-edge`) with updated packages
- **Tags Updated:** `:edge` and version tags (e.g., `:1.1.3-edge`) - **Tags Updated:** `:edge` and version tags (e.g., `:1.1.4-edge`)
- **Frequency:** ~2-3x more frequent updates than stable - **Frequency:** ~2-3x more frequent updates than stable
All images auto-published to Docker Hub and GitHub Container Registry All images auto-published to Docker Hub and GitHub Container Registry
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🌐 Resources</div> ## 🌐 Resources
### Container Registries ### Container Registries
- 🐳 [Docker Hub Repository](https://hub.docker.com/r/r3bo0tbx1/onion-relay) - 🐳 [Docker Hub Repository](https://hub.docker.com/r/r3bo0tbx1/onion-relay)
@@ -781,11 +783,11 @@ All images auto-published to Docker Hub and GitHub Container Registry
- 📖 [Documentation](docs/README.md) - 📖 [Documentation](docs/README.md)
- 🐛 [Issue Tracker](https://github.com/r3bo0tbx1/tor-guard-relay/issues) - 🐛 [Issue Tracker](https://github.com/r3bo0tbx1/tor-guard-relay/issues)
- 💬 [Discussions](https://github.com/r3bo0tbx1/tor-guard-relay/discussions) - 💬 [Discussions](https://github.com/r3bo0tbx1/tor-guard-relay/discussions)
- 📦 [Container Registry](https://github.com/r3bo0tbx1/tor-guard-relay/pkgs/container/onion-relay) - 📦 [Container Registry](https://github.com/r3bo0tbx1/tor-guard-relay/pkgs/container/onion-relay)
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 📊 Project Status</div> ## 📊 Project Status
<div align="center"> <div align="center">
@@ -793,31 +795,31 @@ All images auto-published to Docker Hub and GitHub Container Registry
![GitHub Repo stars](https://img.shields.io/github/stars/r3bo0tbx1/tor-guard-relay?style=for-the-badge) ![GitHub Repo stars](https://img.shields.io/github/stars/r3bo0tbx1/tor-guard-relay?style=for-the-badge)
![GitHub Issues](https://img.shields.io/github/issues/r3bo0tbx1/tor-guard-relay?style=for-the-badge) ![GitHub Issues](https://img.shields.io/github/issues/r3bo0tbx1/tor-guard-relay?style=for-the-badge)
**Current Version:** v1.1.3**Status:** Production Ready **Current Version:** v1.1.4**Status:** Production Ready
**Image Size:** 16.8 MB • **Rebuild:** Weekly **Image Size:** 16.8 MB • **Retention:** Last 7 Releases
**Registries:** Docker Hub • GHCR **Registries:** Docker Hub • GHCR
</div> </div>
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 📄 License</div> ## 📄 License
Project is licensed under the MIT License. Project is licensed under the MIT License.
See [License](LICENSE.txt) for full details. See [License](LICENSE.txt) for full details.
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 🙏 Acknowledgments</div> ## 🙏 Acknowledgments
- **The Tor Project** for maintaining the global privacy network - **The Tor Project** for maintaining the global privacy network
- **Alpine Linux** for a minimal and secure base image - **Alpine Linux** for a minimal and secure base image
- **azukaar** for Cosmos Cloud - **azukaar** for Cosmos Cloud
- **All relay operators** supporting privacy and anti-censorship worldwide - **All relay operators** supporting privacy and anti-censorship worldwide
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ 💖 Support the Project</div> ## 💖 Support the Project
This project is open source. Your support helps sustainability and improvements. This project is open source. Your support helps sustainability and improvements.
@@ -843,9 +845,9 @@ Or via **[AnonPay](https://trocador.app/anonpay?ticker_to=xmr&network_to=Mainnet
- 🤝 Submit patches - 🤝 Submit patches
- 🧅 Run a relay - 🧅 Run a relay
<br> ---
<div style="color:#7ce5ff;font-family:monospace;font-size:17px;margin-bottom:14px;">▍ ⭐ Star History</div> ## ⭐ Star History
<div align="center"> <div align="center">
@@ -859,11 +861,11 @@ Or via **[AnonPay](https://trocador.app/anonpay?ticker_to=xmr&network_to=Mainnet
</div> </div>
<br> ---
<div align="center"> <div align="center">
<div style="color:#7ce5ff;font-family:monospace;font-size:18px;margin-bottom:10px;">Made with 💜 for a freer, uncensored internet</div> ### Made with 💜 for a freer, uncensored internet
*Protecting privacy, one relay at a time* 🔁🧅✨ *Protecting privacy, one relay at a time* 🔁🧅✨
@@ -873,5 +875,4 @@ Or via **[AnonPay](https://trocador.app/anonpay?ticker_to=xmr&network_to=Mainnet
📚 [Documentation](docs/README.md) 📚 [Documentation](docs/README.md)
⬆ [Back to top](#readme-top) ⬆ [Back to top](#readme-top)
</div> </div>

16
SECURITY.md
View File

@@ -14,10 +14,10 @@ We actively support the following versions with security updates:
| Version | Status | Support Level | | Version | Status | Support Level |
| --------- | --------------------- | ------------------------------------------- | | --------- | --------------------- | ------------------------------------------- |
| **>=1.1.2** | 🟢 🛡️ **Active** | Full support (current stable) | | **1.1.4** | 🟢 🛡️ **Active** | Full support (current stable) |
| **1.1.1** | 🟡 🔧 **Maintenance** | Security + critical fixes only | | **1.1.3** | 🟡 🔧 **Maintenance** | Security + critical fixes only |
| **1.0.9** | 🟠 ⚠️ **Legacy** | Security patches only upgrade recommended | | **1.1.2** | 🟠 ⚠️ **Legacy** | Security patches only upgrade recommended |
| **1.0.8** | 🔴 ❌ **EOL** | No support upgrade immediately | | **< 1.1.1** | 🔴 ❌ **EOL** | No support upgrade immediately |
--- ---
@@ -25,7 +25,7 @@ We actively support the following versions with security updates:
### Ultra-Minimal Port Exposure ### Ultra-Minimal Port Exposure
**>=v1.1.1 follows an ultra-minimal security architecture:** **> v1.1.1 follows an ultra-minimal security architecture:**
-**NO monitoring HTTP endpoints** - Removed for maximum security -**NO monitoring HTTP endpoints** - Removed for maximum security
-**NO exposed metrics ports** - All monitoring via `docker exec` only -**NO exposed metrics ports** - All monitoring via `docker exec` only
@@ -40,14 +40,14 @@ We actively support the following versions with security updates:
``` ```
PUBLIC PORTS: PUBLIC PORTS:
TOR_ORPORT (default: 9001) → Tor ORPort (relay traffic) TOR_ORPORT (default: 9001) → Tor ORPort (relay traffic)
TOR_DIRPORT (default: 9030) → Directory service (optional, set to 0 to disable) TOR_DIRPORT → Directory service (optional, disabled by default)
``` ```
#### Exit Relay Mode: #### Exit Relay Mode:
``` ```
PUBLIC PORTS: PUBLIC PORTS:
TOR_ORPORT (default: 9001) → Tor ORPort (relay traffic) TOR_ORPORT (default: 9001) → Tor ORPort (relay traffic)
TOR_DIRPORT (default: 9030) → Directory service (optional, set to 0 to disable) TOR_DIRPORT → Directory service (optional, disabled by default)
``` ```
#### Bridge Relay Mode: #### Bridge Relay Mode:
@@ -659,4 +659,4 @@ Security researchers who responsibly disclose vulnerabilities will be listed her
--- ---
*Last Updated: 2025-12-05 | Version: 1.1.3* *Last Updated: 2025-12-21 | Version: 1.1.4*

2
docker-entrypoint.sh
View File

@@ -50,7 +50,7 @@ cleanup_and_exit() {
startup_banner() { startup_banner() {
log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
log "🧅 Tor Guard Relay v1.1.3 - Initialization" log "🧅 Tor Guard Relay v1.1.4 - Initialization"
log "https://github.com/r3bo0tbx1/tor-guard-relay" log "https://github.com/r3bo0tbx1/tor-guard-relay"
log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" log "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
log "" log ""

23
examples/nyx.config Normal file
View File

@@ -0,0 +1,23 @@
show_bits true
confirm_quit true
color_interface true
redraw_rate 2
connection_rate 5
resource_rate 5
logged_events NOTICE
deduplicate_log true
prepopulate_log true
max_log_size 1000
graph_stat bandwidth
graph_interval 5 seconds
graph_bound local_max
graph_height 10
connection_order CATEGORY, UPTIME, IP_ADDRESS
resolve_processes true
show_addresses true
show_graph true
show_accounting true
show_log true
show_connections true
show_config true
show_torrc true

36
examples/relay-bridge.conf
View File

@@ -1,24 +1,28 @@
Nickname MyTorBridge Nickname ShinobiKage
ContactInfo your-email@example.com <0xYOUR_PGP_FINGERPRINT> ContactInfo email:your-email[]example.com pgp:YOUR_PGP_FINGERPRINT ciissversion:2
Address YOUR.IPV4.IP.ADDRESS
ORPort 24819 IPv4Only
ORPort [YOUR:IPV6:IP:ADDRESS::]:24819
BridgeRelay 1 BridgeRelay 1
ORPort 24819 PublishServerDescriptor bridge
ORPort [::]:24819 BridgeDistribution any
AssumeReachable 1
ExtORPort auto
AddressDisableIPv6 0
ServerTransportPlugin obfs4 exec /usr/bin/lyrebird ServerTransportPlugin obfs4 exec /usr/bin/lyrebird
ServerTransportListenAddr obfs4 0.0.0.0:443 ServerTransportListenAddr obfs4 0.0.0.0:443
ServerTransportListenAddr obfs4 [::]:443 NumCPUs 1
ExtORPort auto MaxMemInQueues 256 MB
PublishServerDescriptor bridge AvoidDiskWrites 1
RunAsDaemon 0
RelayBandwidthRate 75 KBytes
RelayBandwidthBurst 1 MBytes
HardwareAccel 1
DataDirectory /var/lib/tor DataDirectory /var/lib/tor
Log notice file /var/log/tor/notices.log Log notice file /var/log/tor/bridge_log
Log notice stdout Log notice stdout
ControlPort 0 ControlPort 0
ControlSocket /var/lib/tor/control_socket ControlSocket /var/lib/tor/control_socket_bridge
ControlSocketsGroupWritable 1 ControlSocketsGroupWritable 1
#HashedControlPassword 16:YOUR_HASHED_PASSWORD_HERE #HashedControlPassword 16:YOUR_HASHED_PASSWORD_HERE
SocksPort 0 SocksPort 0
RelayBandwidthRate 20 MBytes
RelayBandwidthBurst 40 MBytes
NumCPUs 1
MaxMemInQueues 512 MB
AvoidDiskWrites 1
DisableDebuggerAttachment 1

127
examples/relay-exit.conf
View File

@@ -1,98 +1,59 @@
Nickname MyTorExitRelay Nickname MyTorExitRelay
ContactInfo your-email@example.com <0xYOUR_PGP_FINGERPRINT> ContactInfo email:your-email[]example.com pgp:YOUR_PGP_FINGERPRINT ciissversion:2
ORPort 9001 Address YOUR.IPV4.IP.ADDRESS
ORPort [::]:9001 ORPort 9001 IPv4Only
DirPort 9030 ORPort [YOUR:IPV6:IP:ADDRESS::]:9001
DirPort 0
ExitRelay 1 ExitRelay 1
IPv6Exit 1 IPv6Exit 1
PublishServerDescriptor 1
RelayBandwidthRate 10 MBytes RelayBandwidthRate 10 MBytes
RelayBandwidthBurst 20 MBytes RelayBandwidthBurst 20 MBytes
NumCPUs 1 NumCPUs 1
MaxMemInQueues 1024 MB MaxMemInQueues 1024 MB
DisableDebuggerAttachment 1
AvoidDiskWrites 1 AvoidDiskWrites 1
DisableDebuggerAttachment 1
DataDirectory /var/lib/tor DataDirectory /var/lib/tor
HardwareAccel 1
Sandbox 1
SafeLogging 1
NoExec 1
ExitPolicy reject VPS.DNS.IP.ADDRESS:*
ExitPolicy reject VPS.DNS.IP.ADDRESS:*
ExitPolicy reject VPS.DNS.IP.ADDRESS:*
ExitPolicy reject VPS.DNS.IP.ADDRESS:*
ExitPolicy reject [VPS:DNS:IP:ADDRESS::1]:*
ExitPolicy reject [VPS:DNS:IP:ADDRESS::2]:*
ExitPolicy reject [VPS:DNS:IP:ADDRESS::3]:*
ExitPolicy reject [VPS:DNS:IP:ADDRESS::4]:*
ExitPolicy reject 0.0.0.0/8:*
ExitPolicy reject 169.254.0.0/16:*
ExitPolicy reject 127.0.0.0/8:*
ExitPolicy reject 192.168.0.0/16:*
ExitPolicy reject 10.0.0.0/8:*
ExitPolicy reject 172.16.0.0/12:*
ExitPolicy reject YOUR.IPV4.IP.ADDRESS:*
ExitPolicy reject [YOUR:IPV6:IP:ADDRESS::]:*
ExitPolicy accept *:20-21
ExitPolicy accept *:43
ExitPolicy accept *:53
ExitPolicy accept *:80-81
ExitPolicy accept *:443
ExitPolicy accept *:5222-5223
ExitPolicy accept *:6667-7000
ExitPolicy accept *:8008
ExitPolicy accept *:8082
ExitPolicy accept *:8332-8333
ExitPolicy accept *:8888
ExitPolicy accept *:9418
ExitPolicy accept *:18080-18081
ExitPolicy accept *:50002
ExitPolicy accept *:64738
ExitPolicy reject *:*
Log notice file /var/log/tor/notices.log Log notice file /var/log/tor/notices.log
Log notice stdout Log notice stdout
ControlPort 0 ControlPort 0
ControlSocket /var/lib/tor/control_socket ControlSocket /var/lib/tor/control_socket
ControlSocketsGroupWritable 1 ControlSocketsGroupWritable 1
#HashedControlPassword 16:YOUR_HASHED_PASSWORD_HERE #HashedControlPassword 16:YOUR_HASHED_PASSWORD_HERE
SocksPort 0 SocksPort 0
ExitPolicy accept *:20-21
ExitPolicy accept *:22
ExitPolicy accept *:43
ExitPolicy accept *:53
ExitPolicy accept *:79-81
ExitPolicy accept *:88
ExitPolicy accept *:110
ExitPolicy accept *:143
ExitPolicy accept *:194
ExitPolicy accept *:220
ExitPolicy accept *:389
ExitPolicy accept *:443
ExitPolicy accept *:464
ExitPolicy accept *:465
ExitPolicy accept *:531
ExitPolicy accept *:543-544
ExitPolicy accept *:554
ExitPolicy accept *:563
ExitPolicy accept *:587
ExitPolicy accept *:636
ExitPolicy accept *:706
ExitPolicy accept *:749
ExitPolicy accept *:873
ExitPolicy accept *:902-904
ExitPolicy accept *:981
ExitPolicy accept *:989-990
ExitPolicy accept *:991
ExitPolicy accept *:992
ExitPolicy accept *:993
ExitPolicy accept *:994
ExitPolicy accept *:995
ExitPolicy accept *:1194
ExitPolicy accept *:1220
ExitPolicy accept *:1293
ExitPolicy accept *:1500
ExitPolicy accept *:1533
ExitPolicy accept *:1677
ExitPolicy accept *:1723
ExitPolicy accept *:1755
ExitPolicy accept *:1863
ExitPolicy accept *:2082
ExitPolicy accept *:2083
ExitPolicy accept *:2086-2087
ExitPolicy accept *:2095-2096
ExitPolicy accept *:2102-2104
ExitPolicy accept *:3128
ExitPolicy accept *:3389
ExitPolicy accept *:3690
ExitPolicy accept *:4321
ExitPolicy accept *:4643
ExitPolicy accept *:5050
ExitPolicy accept *:5190
ExitPolicy accept *:5222-5223
ExitPolicy accept *:5228
ExitPolicy accept *:5900
ExitPolicy accept *:6660-6669
ExitPolicy accept *:6679
ExitPolicy accept *:6697
ExitPolicy accept *:8000
ExitPolicy accept *:8008
ExitPolicy accept *:8074
ExitPolicy accept *:8080
ExitPolicy accept *:8082
ExitPolicy accept *:8087-8088
ExitPolicy accept *:8232-8233
ExitPolicy accept *:8332-8333
ExitPolicy accept *:8443
ExitPolicy accept *:8888
ExitPolicy accept *:9418
ExitPolicy accept *:9999
ExitPolicy accept *:10000
ExitPolicy accept *:11371
ExitPolicy accept *:19294
ExitPolicy accept *:19638
ExitPolicy accept *:50002
ExitPolicy accept *:64738
ExitPolicy reject *:*

20
examples/relay-guard.conf
View File

@@ -1,16 +1,22 @@
Nickname MyTorGuardRelay Nickname MyTorGuardRelay
ContactInfo your-email@example.com <0xYOUR_PGP_FINGERPRINT> ContactInfo email:your-email[]example.com pgp:YOUR_PGP_FINGERPRINT ciissversion:2
ORPort 9001 Address YOUR.IPV4.IP.ADDRESS
ORPort [::]:9001 ORPort 9001 IPv4Only
DirPort 9030 ORPort [YOUR:IPV6:IP:ADDRESS::]:9001
DirPort 0
ExitRelay 0 ExitRelay 0
IPv6Exit 0
ExitPolicy reject *:* ExitPolicy reject *:*
RelayBandwidthRate 10 MBytes PublishServerDescriptor 1
RelayBandwidthBurst 20 MBytes
NumCPUs 1 NumCPUs 1
MaxMemInQueues 1024 MB MaxMemInQueues 1024 MB
DisableDebuggerAttachment 1
AvoidDiskWrites 1 AvoidDiskWrites 1
DisableDebuggerAttachment 1
RelayBandwidthRate 10 MBytes
RelayBandwidthBurst 20 MBytes
HardwareAccel 1
Sandbox 1
SafeLogging 1
DataDirectory /var/lib/tor DataDirectory /var/lib/tor
Log notice file /var/log/tor/notices.log Log notice file /var/log/tor/notices.log
Log notice stdout Log notice stdout

16
templates/README.md
View File

@@ -65,7 +65,7 @@ TOR_CONTACT_INFO=admin@example.com # Contact email
# Ports (configurable) # Ports (configurable)
TOR_ORPORT=9001 # ORPort for relay traffic (default: 9001) TOR_ORPORT=9001 # ORPort for relay traffic (default: 9001)
TOR_DIRPORT=9030 # DirPort for guard/exit only (default: 9030, set to 0 to disable) TOR_DIRPORT= # DirPort for guard/exit only (default: 0)
TOR_OBFS4_PORT=9002 # obfs4 port for bridge mode (default: 9002) TOR_OBFS4_PORT=9002 # obfs4 port for bridge mode (default: 9002)
# Bandwidth (optional) # Bandwidth (optional)
@@ -179,14 +179,14 @@ For advanced torrc options (like `AddressDisableIPv6`, `MaxMemInQueues`, etc.):
Both work identically, choose based on your preference or migration needs. Both work identically, choose based on your preference or migration needs.
### Q: Why is TOR_DIRPORT set in Dockerfile when bridges don't use it? ~~Q: Why is TOR_DIRPORT set in Dockerfile when bridges don't use it?~~
**A:** TOR_DIRPORT=9030 is a **Dockerfile default** for guard/exit modes. The entrypoint **DOES NOT** add DirPort to bridge configurations (see `docker-entrypoint.sh` lines 276-290). Bridges only use ORPort and obfs4 port. ~~**A:** TOR_DIRPORT=9030 is a **Dockerfile default** for guard/exit modes. The entrypoint **DOES NOT** add DirPort to bridge configurations (see `docker-entrypoint.sh` lines 276-290). Bridges only use ORPort and obfs4 port.~~
**Port usage by mode:** **Port usage by mode:**
- **Guard/Middle:** TOR_ORPORT (required), TOR_DIRPORT (optional, set to 0 to disable) - **Guard/Middle:** TOR_ORPORT (required), TOR_DIRPORT (optional, default = 0)
- **Exit:** TOR_ORPORT (required), TOR_DIRPORT (optional) - **Exit:** TOR_ORPORT (required), TOR_DIRPORT (optional, default = 0)
- **Bridge:** TOR_ORPORT (required), TOR_OBFS4_PORT (required), TOR_DIRPORT (ignored/not used) - **Bridge:** TOR_ORPORT (required), TOR_OBFS4_PORT (required), TOR_DIRPORT (ignored/default = 0)
### Q: Why does TOR_RELAY_MODE say "guard" in logs when I set PT_PORT? ### Q: Why does TOR_RELAY_MODE say "guard" in logs when I set PT_PORT?
@@ -297,6 +297,6 @@ If you still see this error after updating to v1.1.1:
--- ---
**Version:** 1.1.3 **Version:** 1.1.4
**Last Updated:** 2025-12-06 **Last Updated:** 2025-12-21
**Maintainer:** rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com> **Maintainer:** rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>

2
templates/cosmos-compose/cosmos-bind-config-guard-relay.json
View File

@@ -46,7 +46,7 @@
"cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/onion.png", "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/onion.png",
"cosmos-stack": "TorGuardRelay", "cosmos-stack": "TorGuardRelay",
"cosmos-stack-main": "TorGuardRelay", "cosmos-stack-main": "TorGuardRelay",
"cosmos-version": "1.1.3", "cosmos-version": "1.1.4",
"maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" "maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
} }
} }

2
templates/cosmos-compose/cosmos-bind-confing-bridge.json
View File

@@ -46,7 +46,7 @@
"cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/obfs4.png", "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/obfs4.png",
"cosmos-stack": "OBFS4-Bridge", "cosmos-stack": "OBFS4-Bridge",
"cosmos-stack-main": "OBFS4-Bridge", "cosmos-stack-main": "OBFS4-Bridge",
"cosmos-version": "1.1.3", "cosmos-version": "1.1.4",
"maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" "maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
} }
} }

2
templates/cosmos-compose/cosmos-compose-bridge-official.json
View File

@@ -52,7 +52,7 @@
"cosmos-stack-main": "OBFS4-Bridge", "cosmos-stack-main": "OBFS4-Bridge",
"cosmos-description": "🌉 Tor obfs4 Bridge - Drop-in replacement for thetorproject/obfs4-bridge", "cosmos-description": "🌉 Tor obfs4 Bridge - Drop-in replacement for thetorproject/obfs4-bridge",
"cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/obfs4.png", "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/obfs4.png",
"cosmos-version": "1.1.3", "cosmos-version": "1.1.4",
"maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" "maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
} }
} }

2
templates/cosmos-compose/cosmos-compose-bridge.json
View File

@@ -54,7 +54,7 @@
"cosmos-description": "🧅 Tor obfs4 Bridge - ENV-based config", "cosmos-description": "🧅 Tor obfs4 Bridge - ENV-based config",
"cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/obfs4.png", "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/obfs4.png",
"cosmos-force-network-secured": "false", "cosmos-force-network-secured": "false",
"cosmos-version": "1.1.3" "cosmos-version": "1.1.4"
} }
} }
}, },

6
templates/cosmos-compose/cosmos-compose-exit.json
View File

@@ -9,9 +9,9 @@
"environment": [ "environment": [
"TOR_RELAY_MODE=exit", "TOR_RELAY_MODE=exit",
"TOR_NICKNAME=MyExitRelay", "TOR_NICKNAME=MyExitRelay",
"TOR_CONTACT_INFO=admin@example.com <0xYOUR_PGP_KEY>", "TOR_CONTACT_INFO=admin@example.com",
"TOR_ORPORT=9001", "TOR_ORPORT=9001",
"TOR_DIRPORT=9030", "TOR_DIRPORT=0",
"TOR_BANDWIDTH_RATE=50 MBytes", "TOR_BANDWIDTH_RATE=50 MBytes",
"TOR_BANDWIDTH_BURST=100 MBytes", "TOR_BANDWIDTH_BURST=100 MBytes",
"TOR_EXIT_POLICY=accept *:80,accept *:443,reject *:*" "TOR_EXIT_POLICY=accept *:80,accept *:443,reject *:*"
@@ -58,7 +58,7 @@
"cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/exit.png", "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/exit.png",
"cosmos-auto-update": "true", "cosmos-auto-update": "true",
"cosmos-force-network-secured": "false", "cosmos-force-network-secured": "false",
"cosmos-version": "1.1.3" "cosmos-version": "1.1.4"
} }
} }
}, },

4
templates/cosmos-compose/cosmos-compose-guard.json
View File

@@ -11,7 +11,7 @@
"TOR_NICKNAME=MyGuardRelay", "TOR_NICKNAME=MyGuardRelay",
"TOR_CONTACT_INFO=admin@example.com", "TOR_CONTACT_INFO=admin@example.com",
"TOR_ORPORT=9001", "TOR_ORPORT=9001",
"TOR_DIRPORT=9030", "TOR_DIRPORT=0",
"TOR_BANDWIDTH_RATE=50 MBytes", "TOR_BANDWIDTH_RATE=50 MBytes",
"TOR_BANDWIDTH_BURST=100 MBytes" "TOR_BANDWIDTH_BURST=100 MBytes"
], ],
@@ -56,7 +56,7 @@
"cosmos-description": "🛡️ Tor Guard Relay | ENV-based config", "cosmos-description": "🛡️ Tor Guard Relay | ENV-based config",
"cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/onion.png", "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/refs/heads/main/src/onion.png",
"cosmos-force-network-secured": "false", "cosmos-force-network-secured": "false",
"cosmos-version": "1.1.3" "cosmos-version": "1.1.4"
} }
} }
}, },

6
templates/cosmos-compose/cosmos-compose-multi-relay.json
View File

@@ -56,7 +56,7 @@
"cosmos-description": "🛡️ Multi Tor Guard Relay - 1", "cosmos-description": "🛡️ Multi Tor Guard Relay - 1",
"cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/main/src/onion.png", "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/main/src/onion.png",
"cosmos-force-network-secured": "false", "cosmos-force-network-secured": "false",
"cosmos-version": "1.1.3", "cosmos-version": "1.1.4",
"maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" "maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
} }
}, },
@@ -114,7 +114,7 @@
"cosmos-description": "🛡️ Multi Tor Guard Relay - 2", "cosmos-description": "🛡️ Multi Tor Guard Relay - 2",
"cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/main/src/onion.png", "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/main/src/onion.png",
"cosmos-force-network-secured": "false", "cosmos-force-network-secured": "false",
"cosmos-version": "1.1.3", "cosmos-version": "1.1.4",
"maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" "maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
} }
}, },
@@ -172,7 +172,7 @@
"cosmos-description": "🛡️ Multi Tor Guard Relay - 3", "cosmos-description": "🛡️ Multi Tor Guard Relay - 3",
"cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/main/src/onion.png", "cosmos-icon": "https://raw.githubusercontent.com/r3bo0tbx1/tor-guard-relay/main/src/onion.png",
"cosmos-force-network-secured": "false", "cosmos-force-network-secured": "false",
"cosmos-version": "1.1.3", "cosmos-version": "1.1.4",
"maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" "maintainer": "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
} }
} }

2
templates/docker-compose/docker-compose-bridge-official.yml
View File

@@ -41,7 +41,7 @@ services:
labels: labels:
com.centurylinklabs.watchtower.enable: "true" com.centurylinklabs.watchtower.enable: "true"
description: "Tor obfs4 Bridge - Drop-in replacement for thetorproject/obfs4-bridge" description: "Tor obfs4 Bridge - Drop-in replacement for thetorproject/obfs4-bridge"
version: "1.1.3" version: "1.1.4"
maintainer: "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" maintainer: "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
volumes: volumes:

2
templates/docker-compose/docker-compose-bridge.yml
View File

@@ -36,7 +36,7 @@ services:
labels: labels:
com.centurylinklabs.watchtower.enable: "true" com.centurylinklabs.watchtower.enable: "true"
description: "Tor obfs4 Bridge" description: "Tor obfs4 Bridge"
version: "1.1.3" version: "1.1.4"
maintainer: "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" maintainer: "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
volumes: volumes:

4
templates/docker-compose/docker-compose-exit.yml
View File

@@ -11,7 +11,7 @@ services:
TOR_NICKNAME: MyExitRelay TOR_NICKNAME: MyExitRelay
TOR_CONTACT_INFO: "your-email@example.com <0xYOUR_PGP_KEY>" TOR_CONTACT_INFO: "your-email@example.com <0xYOUR_PGP_KEY>"
TOR_ORPORT: 9001 TOR_ORPORT: 9001
TOR_DIRPORT: 9030 TOR_DIRPORT: 0
TOR_BANDWIDTH_RATE: "50 MBytes" TOR_BANDWIDTH_RATE: "50 MBytes"
TOR_BANDWIDTH_BURST: "100 MBytes" TOR_BANDWIDTH_BURST: "100 MBytes"
TOR_EXIT_POLICY: "accept *:20-23,accept *:43,accept *:53,accept *:79-81,accept *:88,accept *:110,accept *:143,accept *:194,accept *:220,accept *:389,accept *:443,accept *:464,accept *:465,accept *:531,accept *:543-544,accept *:554,accept *:563,accept *:636,accept *:706,accept *:749,accept *:873,accept *:902-904,accept *:981,accept *:989-995,accept *:1194,accept *:1220,accept *:1293,accept *:1500,accept *:1533,accept *:1677,accept *:1723,accept *:1755,accept *:1863,accept *:2082,accept *:2083,accept *:2086-2087,accept *:2095-2096,accept *:2102-2104,accept *:3128,accept *:3389,accept *:3690,accept *:4321,accept *:4643,accept *:5050,accept *:5190,accept *:5222-5223,accept *:5228,accept *:5900,accept *:6660-6669,accept *:6679,accept *:6697,accept *:8000,accept *:8008,accept *:8074,accept *:8080,accept *:8082,accept *:8087-8088,accept *:8232-8233,accept *:8332-8333,accept *:8443,accept *:8888,accept *:9418,accept *:9999,accept *:10000,accept *:11371,accept *:19294,accept *:19638,accept *:50002,accept *:64738,reject *:*" TOR_EXIT_POLICY: "accept *:20-23,accept *:43,accept *:53,accept *:79-81,accept *:88,accept *:110,accept *:143,accept *:194,accept *:220,accept *:389,accept *:443,accept *:464,accept *:465,accept *:531,accept *:543-544,accept *:554,accept *:563,accept *:636,accept *:706,accept *:749,accept *:873,accept *:902-904,accept *:981,accept *:989-995,accept *:1194,accept *:1220,accept *:1293,accept *:1500,accept *:1533,accept *:1677,accept *:1723,accept *:1755,accept *:1863,accept *:2082,accept *:2083,accept *:2086-2087,accept *:2095-2096,accept *:2102-2104,accept *:3128,accept *:3389,accept *:3690,accept *:4321,accept *:4643,accept *:5050,accept *:5190,accept *:5222-5223,accept *:5228,accept *:5900,accept *:6660-6669,accept *:6679,accept *:6697,accept *:8000,accept *:8008,accept *:8074,accept *:8080,accept *:8082,accept *:8087-8088,accept *:8232-8233,accept *:8332-8333,accept *:8443,accept *:8888,accept *:9418,accept *:9999,accept *:10000,accept *:11371,accept *:19294,accept *:19638,accept *:50002,accept *:64738,reject *:*"
@@ -37,7 +37,7 @@ services:
labels: labels:
com.centurylinklabs.watchtower.enable: "true" com.centurylinklabs.watchtower.enable: "true"
description: "Tor Exit Relay" description: "Tor Exit Relay"
version: "1.1.3" version: "1.1.4"
maintainer: "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" maintainer: "rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>"
volumes: volumes:

2
templates/docker-compose/docker-compose-guard-env.yml
View File

@@ -11,7 +11,7 @@ services:
TOR_NICKNAME: MyGuardRelay TOR_NICKNAME: MyGuardRelay
TOR_CONTACT_INFO: "your-email@example.com <0xYOUR_PGP_KEY>" TOR_CONTACT_INFO: "your-email@example.com <0xYOUR_PGP_KEY>"
TOR_ORPORT: 9001 TOR_ORPORT: 9001
TOR_DIRPORT: 9030 TOR_DIRPORT: 0
TOR_BANDWIDTH_RATE: "50 MBytes" TOR_BANDWIDTH_RATE: "50 MBytes"
TOR_BANDWIDTH_BURST: "100 MBytes" TOR_BANDWIDTH_BURST: "100 MBytes"
volumes: volumes: