tor-socks-proxy/README.md

105 lines
5.8 KiB
Markdown
Raw Normal View History

2018-05-03 10:12:30 +00:00
<p align="center">
<img width="300px" src="https://upload.wikimedia.org/wikipedia/commons/8/8f/Tor_project_logo_hq.png">
</p>
2018-07-22 06:17:09 +00:00
# Tor-socks-proxy
2017-01-10 01:17:07 +00:00
![license](https://img.shields.io/badge/license-GPLv3.0-brightgreen.svg?style=flat)
2018-07-12 17:00:45 +00:00
[![Build Status](https://travis-ci.com/PeterDaveHello/tor-socks-proxy.svg?branch=master)](https://travis-ci.com/PeterDaveHello/tor-socks-proxy)
2018-07-12 17:01:56 +00:00
[![Docker Hub pulls](https://img.shields.io/docker/pulls/peterdavehello/tor-socks-proxy.svg)](https://hub.docker.com/r/peterdavehello/tor-socks-proxy/)
[![Docker image layers](https://images.microbadger.com/badges/image/peterdavehello/tor-socks-proxy.svg)](https://microbadger.com/images/peterdavehello/tor-socks-proxy/)
[![Docker image version](https://images.microbadger.com/badges/version/peterdavehello/tor-socks-proxy.svg)](https://hub.docker.com/r/peterdavehello/tor-socks-proxy/tags/)
2018-02-12 17:46:10 +00:00
[![Docker Hub badge](http://dockeri.co/image/peterdavehello/tor-socks-proxy)](https://hub.docker.com/r/peterdavehello/tor-socks-proxy/)
The super easy way to setup a [Tor](https://www.torproject.org) [SOCKS5](https://en.wikipedia.org/wiki/SOCKS#SOCKS5) [proxy server](https://en.wikipedia.org/wiki/Proxy_server) inside a [Docker](https://en.wikipedia.org/wiki/Docker_(software)) [container](https://en.wikipedia.org/wiki/Container_(virtualization)) without relay/exit feature.
2017-01-10 01:17:07 +00:00
2018-07-22 06:17:09 +00:00
## Usage
2017-01-10 01:17:07 +00:00
1. Setup the proxy server at the **first time**
2018-07-14 13:59:02 +00:00
2017-01-10 01:17:07 +00:00
```sh
2020-05-21 13:22:53 +00:00
$ docker run -d --restart=always --name tor-socks-proxy -p 127.0.0.1:9150:9150/tcp peterdavehello/tor-socks-proxy:latest
2017-01-10 01:17:07 +00:00
```
- With parameter `--restart=always` the container will always start on daemon startup, which means it'll automatically start after system reboot.
2017-11-05 21:12:30 +00:00
- Use `127.0.0.1` to limit the connections from localhost, do not change it unless you know you're going to expose it to a local network or to the Internet.
2018-02-23 19:15:27 +00:00
- Change to first `9150` to any valid and free port you want, please note that port `9050`/`9150` may already taken if you are also running other Tor client, like TorBrowser.
2017-11-05 21:12:30 +00:00
- Do not touch the second `9150` as it's the port inside the docker container unless you're going to change the port in Dockerfile.
If you want to expose Tor's DNS port, also add `-p 127.0.0.1:53:8853/udp` in the command, see [DNS over Tor](#dns-over-tor) for more details.
2020-05-21 13:22:53 +00:00
If you already setup the instance before *(not the first time)* but it's in stopped state, you can just start it instead of creating a new one:
2018-07-14 13:59:02 +00:00
```sh
$ docker start tor-socks-proxy
2017-01-10 01:17:07 +00:00
```
2017-11-05 21:12:30 +00:00
2. Make sure it's running, it'll take a short time to bootstrap
2018-07-14 13:59:02 +00:00
2018-07-22 06:17:09 +00:00
```sh
$ docker logs tor-socks-proxy
2017-01-10 01:17:07 +00:00
.
.
.
Jan 10 01:06:59.000 [notice] Bootstrapped 85%: Finishing handshake with first hop
Jan 10 01:07:00.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Jan 10 01:07:02.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Jan 10 01:07:02.000 [notice] Bootstrapped 100%: Done
```
2017-11-05 21:12:30 +00:00
3. Configure your client to use it, target on `127.0.0.1` port `9150`(Or the other port you setup in step 1)
2017-01-10 01:17:07 +00:00
2020-05-21 13:22:53 +00:00
Take `curl` as an example, checkout what's your IP address via Tor network using one of the following IP checking services:
2018-07-14 13:59:02 +00:00
2017-01-10 01:33:41 +00:00
```sh
$ curl --socks5-hostname 127.0.0.1:9150 https://ipinfo.tw/ip
$ curl --socks5-hostname 127.0.0.1:9150 https://ipinfo.io/ip
$ curl --socks5-hostname 127.0.0.1:9150 https://icanhazip.com
$ curl --socks5-hostname 127.0.0.1:9150 https://ipecho.net/plain
2017-01-10 01:33:41 +00:00
```
2018-02-17 17:04:32 +00:00
Take `ssh` and `nc` as an example, connect to a host via Tor:
2018-07-14 13:59:02 +00:00
2017-01-10 01:33:41 +00:00
```sh
$ ssh -o ProxyCommand='nc -x 127.0.0.1:9150 %h %p' target.hostname.blah
```
2017-01-10 01:17:07 +00:00
4. After using it, you can turn it off
2018-07-14 13:59:02 +00:00
2017-01-10 01:17:07 +00:00
```sh
$ docker stop tor-socks-proxy
2017-01-10 01:17:07 +00:00
```
2017-11-05 21:19:59 +00:00
2018-07-22 06:17:09 +00:00
## IP renewal
2019-03-29 10:01:01 +00:00
- Tor changes circuit automatically every 10 minutes by default, which usually bring you the new IP address, it's affected by `MaxCircuitDirtiness` config, you can override it with your own `torrc`. See the official [manual](https://www.torproject.org/docs/tor-manual.html.en) for more details.
- To manually renew the IP that Tor gives you, simply restart your docker container to open a new circuit:
2018-07-14 13:59:02 +00:00
```sh
$ docker restart tor-socks-proxy
```
2019-03-29 10:01:01 +00:00
Just note that all the connections will be terminated and need to be reestablished.
2020-05-21 13:22:53 +00:00
## DNS over Tor
If you publish the DNS port in the first step of [Usage](#usage) section, you can query DNS request over Tor
The DNSPort here is set to `8853` by default, but not the common `53`, because non-privileged port is preferred, and then [`libcap`](https://pkgs.alpinelinux.org/package/edge/main/x86/libcap)/[`CAP_NET_BIND_SERVICE` capability](https://man7.org/linux/man-pages/man7/capabilities.7.html) won't be needed, which is more *[Alpine Linux](https://alpinelinux.org/about/)(Small. Simple. Secure.)*
You can still expose the port to `53` for outside the container by the parameter `-p 127.0.0.1:53:8853/udp. `nslookup` also supports to specify the port to `8853` by `-port=8853`, e.g. `nslookup -port=8853 ipinfo.tw 127.0.0.1`
2020-05-21 13:22:53 +00:00
This port only handles A, AAAA, and PTR requests, see details on [official manual](https://www.torproject.org/docs/tor-manual.html.en)
Set the DNS server to `127.0.0.1` (Or another IP you set), use [macvk/dnsleaktest](https://github.com/macvk/dnsleaktest) or go to one of the following DNS leaking test websites to verify the result:
- DNS leak test: <https://www.dnsleaktest.com>
- IP Leak Tests: <https://ipleak.org/>
- IP/DNS Detect: <https://ipleak.net/>
2017-11-05 21:19:59 +00:00
## Note
2017-11-05 21:12:30 +00:00
**For the Tor project sustainability, I strongly encourage you to help [setup Tor bridge/exit nodes](https://trac.torproject.org/projects/tor/wiki/TorRelayGuide)([**script**](https://github.com/PeterDaveHello/ubuntu-tor-simply-setup)) and [donate](https://donate.torproject.org/) money to the Tor project *(Not this proxy project)* when you have the ability/capacity!**