correct yt link
Docker improvements - Run onionr by default rather than bash - Run as unprivileged user by default instead of root - Use /app for all code - Specify python 3.7 (3.8 fails to build cffi) - Use apt-get rather than apt (apt's CLI is not stable) - Slight reformatting and consolidation Added custom port and bind address args
This commit is contained in:
parent
2bd58945da
commit
c44d6624ff
34
Dockerfile
34
Dockerfile
@ -1,28 +1,30 @@
|
|||||||
FROM python
|
FROM python:3.7
|
||||||
|
|
||||||
#Base settings
|
USER root
|
||||||
ENV HOME /root
|
|
||||||
|
RUN mkdir /app
|
||||||
|
WORKDIR /app
|
||||||
|
|
||||||
|
ENV PORT=8080
|
||||||
|
EXPOSE 8080
|
||||||
|
|
||||||
#Install needed packages
|
#Install needed packages
|
||||||
RUN apt update && apt install -y tor locales
|
RUN apt-get update && apt-get install -y tor locales
|
||||||
|
|
||||||
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
|
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
|
||||||
locale-gen
|
locale-gen
|
||||||
ENV LANG en_US.UTF-8
|
ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8
|
||||||
ENV LANGUAGE en_US:en
|
|
||||||
ENV LC_ALL en_US.UTF-8
|
|
||||||
|
|
||||||
WORKDIR /srv/
|
ADD ./requirements.txt /app/requirements.txt
|
||||||
ADD ./requirements.txt /srv/requirements.txt
|
|
||||||
RUN pip3 install --require-hashes -r requirements.txt
|
RUN pip3 install --require-hashes -r requirements.txt
|
||||||
|
|
||||||
WORKDIR /root/
|
|
||||||
#Add Onionr source
|
#Add Onionr source
|
||||||
COPY . /root/
|
COPY . /app/
|
||||||
VOLUME /root/data/
|
|
||||||
|
|
||||||
#Set upstart command
|
VOLUME /app/data/
|
||||||
CMD bash
|
|
||||||
|
|
||||||
#Expose ports
|
#Default to running as nonprivileged user
|
||||||
EXPOSE 8080
|
RUN chmod g=u -R /app
|
||||||
|
USER 1000
|
||||||
|
|
||||||
|
CMD ["bash", "./onionr.sh"]
|
||||||
|
@ -70,7 +70,7 @@ Not yet usable:
|
|||||||
|
|
||||||
## Watch the talk from BSidesPDX 2019
|
## Watch the talk from BSidesPDX 2019
|
||||||
|
|
||||||
<a href="https://invidio.us/watch?v=mrULtmSkKxg">
|
<a href="https://www.youtube.com/watch?v=mrULtmSkKxg">
|
||||||
<img src="docs/talk.png" alt="improving anonymous networking talk link" width="600">
|
<img src="docs/talk.png" alt="improving anonymous networking talk link" width="600">
|
||||||
</a>
|
</a>
|
||||||
|
|
||||||
|
@ -55,6 +55,12 @@ def show_info(p: Process):
|
|||||||
|
|
||||||
parser = argparse.ArgumentParser()
|
parser = argparse.ArgumentParser()
|
||||||
|
|
||||||
|
parser.add_argument(
|
||||||
|
"--bind-address", help="Address to bind to. Be very careful with non-loopback",
|
||||||
|
type=str, default="")
|
||||||
|
parser.add_argument(
|
||||||
|
"--port", help="Port to bind to, must be available and possible",
|
||||||
|
type=int, default=0)
|
||||||
parser.add_argument(
|
parser.add_argument(
|
||||||
"--use-bootstrap-file", help="Use bootstrap node list file",
|
"--use-bootstrap-file", help="Use bootstrap node list file",
|
||||||
type=int, default=1)
|
type=int, default=1)
|
||||||
@ -129,6 +135,13 @@ config['general']['dev_mode'] = False
|
|||||||
config['general']['store_plaintext_blocks'] = True
|
config['general']['store_plaintext_blocks'] = True
|
||||||
config['general']['use_bootstrap_list'] = True
|
config['general']['use_bootstrap_list'] = True
|
||||||
config['transports']['tor'] = True
|
config['transports']['tor'] = True
|
||||||
|
config['general']['bind_port'] = 0 # client api server port
|
||||||
|
config['general']['bind_address'] = '' # client api server address
|
||||||
|
|
||||||
|
if args.bind_address:
|
||||||
|
config['general']['bind_address'] = args.bind_address
|
||||||
|
if args.port:
|
||||||
|
config['client']['client']['port'] = args.port
|
||||||
|
|
||||||
if not args.use_bootstrap_file:
|
if not args.use_bootstrap_file:
|
||||||
config['general']['use_bootstrap_list'] = False
|
config['general']['use_bootstrap_list'] = False
|
||||||
|
@ -50,11 +50,18 @@ class PrivateAPI:
|
|||||||
|
|
||||||
self.startTime = epoch.get_epoch()
|
self.startTime = epoch.get_epoch()
|
||||||
app = flask.Flask(__name__)
|
app = flask.Flask(__name__)
|
||||||
|
|
||||||
|
|
||||||
bind_port = int(config.get('client.client.port', 59496))
|
bind_port = int(config.get('client.client.port', 59496))
|
||||||
self.bindPort = bind_port
|
self.bindPort = bind_port
|
||||||
|
|
||||||
self.clientToken = config.get('client.webpassword')
|
self.clientToken = config.get('client.webpassword')
|
||||||
|
|
||||||
|
if config.get('general.bind_address'):
|
||||||
|
with open(private_API_host_file, 'w') as bindFile:
|
||||||
|
bindFile.write(config.get('general.bind_address'))
|
||||||
|
self.host = config.get('general.bind_address')
|
||||||
|
else:
|
||||||
self.host = httpapi.apiutils.setbindip.set_bind_IP(
|
self.host = httpapi.apiutils.setbindip.set_bind_IP(
|
||||||
private_API_host_file)
|
private_API_host_file)
|
||||||
logger.info('Running api on %s:%s' % (self.host, self.bindPort))
|
logger.info('Running api on %s:%s' % (self.host, self.bindPort))
|
||||||
|
@ -8,6 +8,7 @@
|
|||||||
"general": {
|
"general": {
|
||||||
"allow_public_api_dns_rebinding": false,
|
"allow_public_api_dns_rebinding": false,
|
||||||
"announce_node": true,
|
"announce_node": true,
|
||||||
|
"bind_address": "",
|
||||||
"dev_mode": false,
|
"dev_mode": false,
|
||||||
"display_header": true,
|
"display_header": true,
|
||||||
"ephemeral_tunnels": false,
|
"ephemeral_tunnels": false,
|
||||||
|
@ -24,6 +24,7 @@ class OnionrConfig(unittest.TestCase):
|
|||||||
self.assertEqual(conf['allocations']['disk'], 1073741824)
|
self.assertEqual(conf['allocations']['disk'], 1073741824)
|
||||||
self.assertEqual(conf['allocations']['disk'], 1073741824)
|
self.assertEqual(conf['allocations']['disk'], 1073741824)
|
||||||
self.assertEqual(conf['general']['announce_node'], True)
|
self.assertEqual(conf['general']['announce_node'], True)
|
||||||
|
self.assertEqual(conf['general']['bind_address'], '')
|
||||||
self.assertEqual(conf['general']['dev_mode'], False)
|
self.assertEqual(conf['general']['dev_mode'], False)
|
||||||
self.assertEqual(conf['general']['display_header'], True)
|
self.assertEqual(conf['general']['display_header'], True)
|
||||||
self.assertEqual(conf['general']['ephemeral_tunnels'], False)
|
self.assertEqual(conf['general']['ephemeral_tunnels'], False)
|
||||||
|
Loading…
Reference in New Issue
Block a user