github/tor-guard-relay
1
1
Fork 0
mirror of https://github.com/r3bo0tbx1/tor-guard-relay.git synced 2026-04-06 00:32:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
be4f2bc12592abda8d3947190c61f378a5ac2fb6
tor-guard-relay/Dockerfile.edge
rE-Bo0t.bx1 be4f2bc125 feat(v1.1.7): Happy Family support (Tor 0.4.9+ FamilyId) 
🔧 New tool: gen-family - generate/view Happy Family keys
  - Supports --force flag to overwrite existing keys without backup prompt

🐳 Dockerfiles: gen-family in both Dockerfile and Dockerfile.edge

🔧 Entrypoint:
- Phase 2: detect *.secret_family_key, log found keys (informational only)
- Guard/exit config gen: append FamilyId + MyFamily from ENV vars
- Bridge intentionally excluded

📊 Status tool: show family key count + Happy Family config state

📚 Docs:
- README: Happy Family section (generate / import), persistence table, flowchart
- ARCHITECTURE: all mermaid diagrams updated (Phase 2, config gen, tools, dirs)
- TOOLS: full gen-family reference with examples and exit codes
- DEPLOYMENT, MIGRATION, MIGRATION-V1.1.X, TROUBLESHOOTING: 5 -> 6 tools
- FAQ, example configs: version bump + FamilyId/MyFamily placeholders
- Directory authority voting: how 9 dirauths vote on relay flags (5/9 consensus)
- CIISS v2 ContactInfo: field reference, generator link, proof:uri-rsa verification
- All TOR_CONTACT_INFO examples updated to CIISS v2 format across templates and docs

📋 Templates:
- Guard/exit/multi-relay compose: TOR_FAMILY_ID + TOR_MY_FAMILY env vars
- All cosmos-compose + docker-compose versions -> 1.1.7

👷 CI: validate.yml gen-family in 8 spots (threshold 6), security tests, quick-test

🛡️ SECURITY.md: 1.1.7 active, 1.1.6 maintenance, gen-family in tools list

🔖 Version bump 1.1.6 -> 1.1.7 across 30+ files, tool count 5 -> 6, CHANGELOG entry

No breaking changes. TOR_FAMILY_ID and TOR_MY_FAMILY are optional.
2026-03-02 16:23:10 +08:00

100 lines
3.8 KiB
Docker
Raw Blame History

# syntax=docker/dockerfile:1.21
FROM golang:1.26-alpine AS builder
RUN apk add --no-cache git
WORKDIR /go/src/lyrebird
RUN git clone https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird.git . \
&& go get golang.org/x/crypto@latest \
&& go get golang.org/x/net@latest \
&& go get github.com/pion/interceptor@latest \
&& go get github.com/cloudflare/circl@latest \
&& go mod tidy \
&& CGO_ENABLED=0 go build -ldflags="-s -w" -o /usr/bin/lyrebird ./cmd/lyrebird
FROM alpine:edge
ARG BUILD_DATE
ARG BUILD_VERSION
ARG TARGETARCH
LABEL maintainer="rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" \
org.opencontainers.image.title="Tor Guard Relay (Edge)" \
org.opencontainers.image.description="🧅 Ultra-optimized Tor Guard/Exit/Bridge Relay AIO (Bleeding Edge/Unstable)" \
org.opencontainers.image.version="${BUILD_VERSION}-edge" \
org.opencontainers.image.created="${BUILD_DATE}" \
org.opencontainers.image.source="https://github.com/r3bo0tbx1/tor-guard-relay" \
org.opencontainers.image.documentation="https://github.com/r3bo0tbx1/tor-guard-relay#readme" \
org.opencontainers.image.licenses="MIT" \
org.opencontainers.image.vendor="r3bo0tbx1" \
org.opencontainers.image.authors="rE-Bo0t.bx1 <r3bo0tbx1@brokenbotnet.com>" \
org.opencontainers.image.url="https://github.com/r3bo0tbx1/tor-guard-relay" \
org.opencontainers.image.base.name="docker.io/library/alpine:edge" \
org.opencontainers.image.revision="${TARGETARCH}"
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
RUN set -eux \
&& deluser klogd || true \
&& addgroup -g 101 -S tor \
&& adduser -u 100 -S -D -H -h /var/lib/tor -G tor -s /sbin/nologin tor \
&& apk upgrade --no-cache \
&& apk add --no-cache \
tor \
tini \
&& mkdir -p /var/lib/tor /var/log/tor /run/tor /etc/tor \
&& chown -R tor:tor /var/lib/tor /var/log/tor /run/tor /etc/tor \
&& chmod 700 /var/lib/tor \
&& chmod 755 /var/log/tor /run/tor /etc/tor \
&& rm -f /etc/tor/torrc \
&& printf "Version: %s-edge\nBuild Date: %s\nArchitecture: %s\nBase: Alpine edge (bleeding edge)\n" \
"${BUILD_VERSION:-unversioned}" "${BUILD_DATE:-unknown}" "${TARGETARCH:-amd64}" > /build-info.txt \
&& rm -rf /var/cache/apk/*
COPY --from=builder /usr/bin/lyrebird /usr/bin/lyrebird
COPY docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh
COPY healthcheck.sh /usr/local/bin/healthcheck.sh
COPY tools/status /usr/local/bin/status
COPY tools/health /usr/local/bin/health
COPY tools/fingerprint /usr/local/bin/fingerprint
COPY tools/bridge-line /usr/local/bin/bridge-line
COPY tools/gen-auth /usr/local/bin/gen-auth
COPY tools/gen-family /usr/local/bin/gen-family
RUN set -eux \
&& chmod +x /usr/local/bin/docker-entrypoint.sh \
/usr/local/bin/healthcheck.sh \
/usr/local/bin/status \
/usr/local/bin/health \
/usr/local/bin/fingerprint \
/usr/local/bin/bridge-line \
/usr/local/bin/gen-auth \
/usr/local/bin/gen-family \
&& echo "🧩 Registered diagnostic tools:" \
&& ls -lh /usr/local/bin/status /usr/local/bin/health /usr/local/bin/fingerprint /usr/local/bin/bridge-line
ENV TOR_DATA_DIR=/var/lib/tor \
TOR_LOG_DIR=/var/log/tor \
TOR_CONFIG=/etc/tor/torrc \
TOR_RELAY_MODE=guard \
TOR_NICKNAME="" \
TOR_CONTACT_INFO="" \
TOR_ORPORT=9001 \
TOR_OBFS4_PORT=9002 \
TOR_BANDWIDTH_RATE="" \
TOR_BANDWIDTH_BURST="" \
TOR_EXIT_POLICY="" \
PATH="/usr/local/bin:$PATH"
RUN rm -rf /usr/share/man /tmp/* /var/tmp/* /root/.cache/*
USER tor
EXPOSE 9001 9002
HEALTHCHECK --interval=10m --timeout=15s --start-period=30s --retries=3 \
CMD /usr/local/bin/healthcheck.sh
ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/docker-entrypoint.sh"]
CMD ["tor", "-f", "/etc/tor/torrc"]
Reference in New Issue View Git Blame Copy Permalink