mirror of
https://github.com/r3bo0tbx1/tor-guard-relay.git
synced 2026-04-06 00:32:04 +02:00
a28ce0a4e6
Major refactor of Docker Compose configurations and tooling enhancements. - ✨ Add `gen-auth` script for generating Tor Control Port credentials - 🐳 Refactor Docker Compose templates: - Add native healthcheck configurations to all relay/bridge files - Standardize security capabilities (drop ALL, add SETUID/SETGID) - Remove verbose comments to streamline template usage - Update volume definitions for better data persistence - 🔧 Update base dependencies: - Alpine Linux -> 3.23.0 - Golang -> 1.25.5-alpine - 🧹 Standardize ENV variable names across all configurations
139 lines
3.0 KiB
YAML
139 lines
3.0 KiB
YAML
version: '3.8'
|
|
|
|
services:
|
|
tor-relay-1:
|
|
image: r3bo0tbx1/onion-relay:latest
|
|
container_name: guard-relay-1
|
|
restart: unless-stopped
|
|
network_mode: host
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_add:
|
|
- NET_BIND_SERVICE
|
|
- CHOWN
|
|
- SETUID
|
|
- SETGID
|
|
- DAC_OVERRIDE
|
|
cap_drop:
|
|
- ALL
|
|
volumes:
|
|
- ./relays/relay1.conf:/etc/tor/torrc:ro
|
|
- tor-guard-data-1:/var/lib/tor
|
|
- tor-guard-logs-1:/var/log/tor
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "/usr/local/bin/healthcheck.sh"]
|
|
interval: 10m
|
|
timeout: 15s
|
|
start_period: 30s
|
|
retries: 3
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1.5'
|
|
memory: 768M
|
|
reservations:
|
|
cpus: '0.5'
|
|
memory: 512M
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
tor-relay-2:
|
|
image: r3bo0tbx1/onion-relay:latest
|
|
container_name: guard-relay-2
|
|
restart: unless-stopped
|
|
network_mode: host
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_add:
|
|
- NET_BIND_SERVICE
|
|
- CHOWN
|
|
- SETUID
|
|
- SETGID
|
|
- DAC_OVERRIDE
|
|
cap_drop:
|
|
- ALL
|
|
volumes:
|
|
- ./relays/relay2.conf:/etc/tor/torrc:ro
|
|
- tor-guard-data-2:/var/lib/tor
|
|
- tor-guard-logs-2:/var/log/tor
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "/usr/local/bin/healthcheck.sh"]
|
|
interval: 10m
|
|
timeout: 15s
|
|
start_period: 30s
|
|
retries: 3
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1.5'
|
|
memory: 768M
|
|
reservations:
|
|
cpus: '0.5'
|
|
memory: 512M
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
tor-relay-3:
|
|
image: r3bo0tbx1/onion-relay:latest
|
|
container_name: guard-relay-3
|
|
restart: unless-stopped
|
|
network_mode: host
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
cap_add:
|
|
- NET_BIND_SERVICE
|
|
- CHOWN
|
|
- SETUID
|
|
- SETGID
|
|
- DAC_OVERRIDE
|
|
cap_drop:
|
|
- ALL
|
|
volumes:
|
|
- ./relays/relay3.conf:/etc/tor/torrc:ro
|
|
- tor-guard-data-3:/var/lib/tor
|
|
- tor-guard-logs-3:/var/log/tor
|
|
healthcheck:
|
|
test: ["CMD-SHELL", "/usr/local/bin/healthcheck.sh"]
|
|
interval: 10m
|
|
timeout: 15s
|
|
start_period: 30s
|
|
retries: 3
|
|
deploy:
|
|
resources:
|
|
limits:
|
|
cpus: '1.5'
|
|
memory: 768M
|
|
reservations:
|
|
cpus: '0.5'
|
|
memory: 512M
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
volumes:
|
|
tor-guard-data-1:
|
|
name: tor-guard-data-1
|
|
driver: local
|
|
tor-guard-logs-1:
|
|
name: tor-guard-logs-1
|
|
driver: local
|
|
tor-guard-data-2:
|
|
name: tor-guard-data-2
|
|
driver: local
|
|
tor-guard-logs-2:
|
|
name: tor-guard-logs-2
|
|
driver: local
|
|
tor-guard-data-3:
|
|
name: tor-guard-data-3
|
|
driver: local
|
|
tor-guard-logs-3:
|
|
name: tor-guard-logs-3
|
|
driver: local |