🐳 Tiny Docker image (🤏 10MB) as 🧅 Tor SOCKS5 proxy 🛡

hacktoberfest onion privacy proxy proxy-server socks socks5 socks-proxy tor tor-socks-proxy web

Go to file

Peter Dave Hello 0f48b9bd61 Add Docker Hub and GitHub Container Registry registry info in README.md cc #24		2023-06-11 23:16:59 +08:00
.github	Upgrade to GitHub-native Dependabot	2021-04-29 19:05:30 +00:00
.dockerignore	Update .dockerignore to ignore .github/	2021-05-28 23:32:54 +08:00
.travis.yml	Update node.js on Travis CI from v12 to v18	2022-06-17 02:02:02 +08:00
Dockerfile	Bump alpine from 3.17 to 3.18	2023-05-10 21:58:37 +00:00
LICENSE	Add LICENSE	2023-02-04 22:57:47 +08:00
README.md	Add Docker Hub and GitHub Container Registry registry info in README.md	2023-06-11 23:16:59 +08:00
docker-compose.yml	Limit the whole Tor process to tor user, change default DNSPort to 8853	2021-01-25 22:58:10 +08:00
renovate.json	Add renovate.json	2019-11-24 08:41:25 +00:00
torrc	Limit the whole Tor process to tor user, change default DNSPort to 8853	2021-01-25 22:58:10 +08:00

README.md

Tor-socks-proxy

The super easy way to setup a Tor SOCKS5 proxy server inside a Docker container without relay/exit feature.

Docker image Repository

We push the built image to Docker Hub and GitHub Container Registry:

GitHub Container Registry:
- ghcr.io/peterdavehello/tor-socks-proxy
- https://github.com/PeterDaveHello/tor-socks-proxy/pkgs/container/tor-socks-proxy
Docker Hub:
- peterdavehello/tor-socks-proxy
- https://hub.docker.com/r/peterdavehello/tor-socks-proxy/

Use the prefix ghcr.io/ if you prefer to use GitHub Container Registry.

Usage

Setup the proxy server at the first time
```
docker run -d --restart=always --name tor-socks-proxy -p 127.0.0.1:9150:9150/tcp peterdavehello/tor-socks-proxy:latest
```
- With parameter --restart=always the container will always start on daemon startup, which means it'll automatically start after system reboot.
- Use 127.0.0.1 to limit the connections from localhost, do not change it unless you know you're going to expose it to a local network or to the Internet.
- Change to first 9150 to any valid and free port you want, please note that port 9050/9150 may already taken if you are also running other Tor client, like TorBrowser.
- Do not touch the second 9150 as it's the port inside the docker container unless you're going to change the port in Dockerfile.
If you want to expose Tor's DNS port, also add -p 127.0.0.1:53:8853/udp in the command, see DNS over Tor for more details.

If you already setup the instance before (not the first time) but it's in stopped state, you can just start it instead of creating a new one:
```
docker start tor-socks-proxy
```

Make sure it's running, it'll take a short time to bootstrap

$ docker logs tor-socks-proxy
.
.
.
Jan 10 01:06:59.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Jan 10 01:07:00.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jan 10 01:07:02.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jan 10 01:07:02.000 [notice] Bootstrapped 100%: Done

Configure your client to use it, target on 127.0.0.1 port 9150(Or the other port you setup in step 1)

Take curl as an example, if you'd like to checkout what's your IP address via Tor network, using one of the following IP checking services:
```
curl --socks5-hostname 127.0.0.1:9150 https://ipinfo.tw/ip
```
Take ssh and nc as an example, connect to a host via Tor:
```
ssh -o ProxyCommand='nc -x 127.0.0.1:9150 %h %p' target.hostname.blah
```
Tor Project also have an API if you want to be sure if you'on Tor network: https://check.torproject.org/api/ip, the result would look like:
```
{"IsTor":true,"IP":"151.80.58.219"}
```
After using it, you can turn it off
```
docker stop tor-socks-proxy
```

IP renewal

Tor changes circuit automatically every 10 minutes by default, which usually bring you the new IP address, it's affected by MaxCircuitDirtiness config, you can override it with your own torrc, or edit the config file and restart the container. See the official manual for more details.
To manually renew the IP that Tor gives you, simply restart your docker container to open a new circuit:
```
docker restart tor-socks-proxy
```
Just note that all the connections will be terminated and need to be reestablished.

DNS over Tor

If you publish the DNS port in the first step of Usage section, you can query DNS request over Tor

The DNSPort here is set to 8853 by default, but not the common 53, because non-privileged port is preferred, and then libcap/CAP_NET_BIND_SERVICE capability won't be needed, which is more Alpine Linux(Small. Simple. Secure.)

You can still expose the port to 53 for outside the container by the parameter -p 127.0.0.1:53:8853/udp. nslookup also supports to specify the port to 8853 by -port=8853, e.g. nslookup -port=8853 ipinfo.tw 127.0.0.1

This port only handles A, AAAA, and PTR requests, see details on official manual

Set the DNS server to 127.0.0.1 (Or another IP you set), use macvk/dnsleaktest or go to one of the following DNS leaking test websites to verify the result:

DNS leak test: https://www.dnsleaktest.com
IP Leak Tests: https://ipleak.org/
IP/DNS Detect: https://ipleak.net/

Note

For the Tor project sustainability, I strongly encourage you to help setup Tor bridge/exit nodes(script) and donate money to the Tor project (Not this proxy project) when you have the ability/capacity!