From c160c390a9ce6a857be8cc1f18e09013845350b2 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 09:04:18 +0000 Subject: [PATCH 01/10] [TOR] http tunnel capability --- tor/CHANGELOG.md | 4 ++++ tor/README.md | 4 ++++ tor/config.json | 12 ++++++++---- tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run | 15 ++++++++++----- 4 files changed, 26 insertions(+), 9 deletions(-) diff --git a/tor/CHANGELOG.md b/tor/CHANGELOG.md index 7e2c42038..9f4a8b0d9 100644 --- a/tor/CHANGELOG.md +++ b/tor/CHANGELOG.md @@ -13,3 +13,7 @@ ## 5.0.1-4 (14-08-2024) - Add execution permission for permission for /etc/s6-overlay/s6-overlay/s6-rc.d/init-tor/run file + +## 5.0.2-1 (13-02-2025) + +- HTTP tunneling diff --git a/tor/README.md b/tor/README.md index 63fa0b9ac..bfe201d1c 100644 --- a/tor/README.md +++ b/tor/README.md @@ -42,6 +42,10 @@ The installation of this add-on is pretty straightforward and not different in c You should follow to the initial guide for configuring base addon options. Here will described only extra options in comparisons with base: +### Option: `http_tunnel` + +Setting this option to true opens port 9080 to listen for connections from HTTP-speaking applications. Enabling this feature allows you to use other applications on your network to use the Tor network via http proxy. + ### Option: `bridges` > Ensure the option value is clear to avoid unintended use of transport plugins and bridges. diff --git a/tor/config.json b/tor/config.json index b43032ad7..ad5f0bcf0 100644 --- a/tor/config.json +++ b/tor/config.json @@ -21,13 +21,16 @@ "8123:80" ], "socks": false, + "http_tunnel": false, "stealth": false }, "ports": { - "9050/tcp": 9050 + "9050/tcp": 9050, + "9080/tcp": 9080 }, "ports_description": { - "9050/tcp": "Tor SOCKS proxy port" + "9050/tcp": "Tor SOCKS proxy port", + "9080/tcp": "Tor HTTP tunnel port" }, "schema": { "bridges": [ @@ -42,10 +45,11 @@ "match(^(.*:)?(?:[0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])?$)" ], "socks": "bool", + "http_tunnel": "bool", "stealth": "bool" }, "slug": "tor", "startup": "services", "url": "https://github.com/alexbelgium/hassio-addons", - "version": "5.0.1-4" -} + "version": "5.0.2-1" +} \ No newline at end of file diff --git a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run index e8c21ab7c..2f895ad6d 100755 --- a/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run +++ b/tor/rootfs/etc/s6-overlay/s6-rc.d/init-tor/run @@ -89,10 +89,15 @@ else echo 'SOCKSPort 127.0.0.1:9050' >> "${torrc}" fi +# Configure Http tunnel port +if bashio::config.true 'http_tunnel'; then + echo 'HTTPTunnelPort 9080' >> "${torrc}" +fi + # Configure hidden services if bashio::config.true 'hidden_services'; then echo "HiddenServiceDir ${hidden_service_dir}" >> "${torrc}" - + for port in $(bashio::config 'ports'); do count=$(echo "${port}" | sed 's/[^:]//g'| awk '{ print length }') if [[ "${count}" == 0 ]]; then @@ -134,13 +139,13 @@ then # Add client for OBFS transport echo "ClientTransportPlugin obfs2,obfs3,obfs4,scramblesuit exec /usr/local/bin/obfs4proxy managed" >> "${torrc}" - + # Add client for Snowflake transport echo "ClientTransportPlugin snowflake exec /usr/local/bin/snowflake" >> "${torrc}" # Add client for WebTunnel transport echo "ClientTransportPlugin webtunnel exec /usr/local/bin/webtunnel" >> "${torrc}" - + # Add bridges while read -r bridge; do bashio::log.info "Bridge ${bridge}" @@ -178,7 +183,7 @@ then while read -r clientname; do # Generate key is they do not exist yet if ! bashio::fs.file_exists "${authorized_clients_dir}/${clientname}.auth" - then + then key=$(openssl genpkey -algorithm x25519) private_key=$( @@ -226,7 +231,7 @@ then bashio::log.red "Private key:" bashio::log.red "${private_key}" bashio::log.red - bashio::log.red + bashio::log.red else bashio::log.info "Keys for ${clientname} already exists; skipping..." fi From 26987def092934dfacb53c901292fcebedbbbe08 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 11:17:53 +0000 Subject: [PATCH 02/10] [TOR] update dependencies --- tor/Dockerfile | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 6f46b6296..84d5abba9 100644 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -1,4 +1,4 @@ -ARG BUILD_FROM=ghcr.io/hassio-addons/base:16.2.0 +ARG BUILD_FROM=ghcr.io/hassio-addons/base:17.1.3 # hadolint ignore=DL3006 FROM ${BUILD_FROM} @@ -11,22 +11,22 @@ COPY rootfs / # Setup base RUN \ apk add --no-cache \ - coreutils=9.5-r1 \ - openssl=3.3.1-r3 \ - tor=0.4.8.12-r0 \ - go=1.22.6-r0 \ - git=2.45.2-r0 \ - ca-certificates=20240705-r0 \ - libcap=2.70-r0 + coreutils=9.5-r2 \ + openssl=3.3.2-r6 \ + tor=0.4.8.14-r1 \ + go=1.23.6-r0 \ + git=2.47.2-r0 \ + ca-certificates=20241121-r1 \ + libcap=2.71-r0 # Download pluggable-transports sources WORKDIR /go ARG OBFS_VERSION=obfs4proxy-0.0.14 -ARG SNOWFLAKE_VERSION=v2.9.2 -ARG WEBTUNNEL_VERSION=e64b1b3562f3ab50d06141ecd513a21ec74fe8c6 +ARG SNOWFLAKE_VERSION=v2.10.1 +ARG WEBTUNNEL_VERSION=v0.0.2 RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \ && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ - && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git + && git clone -b ${WEBTUNNEL_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git # Build obfs4proxy WORKDIR /go/obfs4 @@ -56,11 +56,11 @@ HEALTHCHECK \ --interval=60s \ --timeout=30s \ CMD curl \ - --silent \ - --location \ - --socks5-hostname localhost:9050 \ - https://check.torproject.org/?lang=en_US \ - | grep -qm1 Congratulations + --silent \ + --location \ + --socks5-hostname localhost:9050 \ + https://check.torproject.org/?lang=en_US \ + | grep -qm1 Congratulations # Build arguments ARG BUILD_ARCH From 00d7ac8356e19c9229922c0ef3df7eb9d04401e5 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 11:23:16 +0000 Subject: [PATCH 03/10] [TOR] downgrade dependencies to alpine 3.20 --- tor/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 84d5abba9..d36745c9e 100644 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -12,12 +12,12 @@ COPY rootfs / RUN \ apk add --no-cache \ coreutils=9.5-r2 \ - openssl=3.3.2-r6 \ - tor=0.4.8.14-r1 \ - go=1.23.6-r0 \ - git=2.47.2-r0 \ + openssl=3.3.3-r0 \ + tor=0.4.8.14-r0 \ + go=1.22.10-r0 \ + git=2.45.3-r0 \ ca-certificates=20241121-r1 \ - libcap=2.71-r0 + libcap=2.70-r0 # Download pluggable-transports sources WORKDIR /go From 0029fa694e8c67176d4a03dc7d07e02389d6785a Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 11:58:29 +0000 Subject: [PATCH 04/10] [TOR] upgrade dependencies to alpine 3.21 --- tor/Dockerfile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index d36745c9e..57c258a4e 100644 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -1,4 +1,4 @@ -ARG BUILD_FROM=ghcr.io/hassio-addons/base:17.1.3 +ARG BUILD_FROM=ghcr.io/hassio-addons/base:17.1.4 # hadolint ignore=DL3006 FROM ${BUILD_FROM} @@ -13,11 +13,11 @@ RUN \ apk add --no-cache \ coreutils=9.5-r2 \ openssl=3.3.3-r0 \ - tor=0.4.8.14-r0 \ - go=1.22.10-r0 \ - git=2.45.3-r0 \ + tor=0.4.8.14-r1 \ + go=1.23.6-r0 \ + git=2.47.2-r0 \ ca-certificates=20241121-r1 \ - libcap=2.70-r0 + libcap=2.71-r0 # Download pluggable-transports sources WORKDIR /go From cabd9fc5bb57d90dec01ac37ac3f318bc6359193 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 12:16:12 +0000 Subject: [PATCH 05/10] [TOR] downgrade dependencies to alpine 3.19 --- tor/Dockerfile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index 57c258a4e..d7c6f577c 100644 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -1,4 +1,4 @@ -ARG BUILD_FROM=ghcr.io/hassio-addons/base:17.1.4 +ARG BUILD_FROM=ghcr.io/hassio-addons/base:15.0.8 # hadolint ignore=DL3006 FROM ${BUILD_FROM} @@ -11,13 +11,13 @@ COPY rootfs / # Setup base RUN \ apk add --no-cache \ - coreutils=9.5-r2 \ - openssl=3.3.3-r0 \ - tor=0.4.8.14-r1 \ - go=1.23.6-r0 \ - git=2.47.2-r0 \ + coreutils=9.4-r2 \ + openssl=3.1.8-r0 \ + tor=0.4.8.14-r0 \ + go=1.21.10-r0 \ + git=2.43.6-r0 \ ca-certificates=20241121-r1 \ - libcap=2.71-r0 + libcap=2.69-r1 # Download pluggable-transports sources WORKDIR /go From 6b63360bcd6115d6df8ef560de7e7f441fba4d17 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 14:01:55 +0000 Subject: [PATCH 06/10] [TOR] upgrade dependencies to alpina 3.21 --- tor/Dockerfile | 14 +++++++------- tor/build.json | 8 ++++---- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index d7c6f577c..57c258a4e 100644 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -1,4 +1,4 @@ -ARG BUILD_FROM=ghcr.io/hassio-addons/base:15.0.8 +ARG BUILD_FROM=ghcr.io/hassio-addons/base:17.1.4 # hadolint ignore=DL3006 FROM ${BUILD_FROM} @@ -11,13 +11,13 @@ COPY rootfs / # Setup base RUN \ apk add --no-cache \ - coreutils=9.4-r2 \ - openssl=3.1.8-r0 \ - tor=0.4.8.14-r0 \ - go=1.21.10-r0 \ - git=2.43.6-r0 \ + coreutils=9.5-r2 \ + openssl=3.3.3-r0 \ + tor=0.4.8.14-r1 \ + go=1.23.6-r0 \ + git=2.47.2-r0 \ ca-certificates=20241121-r1 \ - libcap=2.69-r1 + libcap=2.71-r0 # Download pluggable-transports sources WORKDIR /go diff --git a/tor/build.json b/tor/build.json index 1069f2a36..2ae499745 100644 --- a/tor/build.json +++ b/tor/build.json @@ -1,11 +1,11 @@ { "build_from": { - "aarch64": "ghcr.io/hassio-addons/base:16.2.0", - "amd64": "ghcr.io/hassio-addons/base:16.2.0", - "armv7": "ghcr.io/hassio-addons/base:16.2.0" + "aarch64": "ghcr.io/hassio-addons/base:17.1.4", + "amd64": "ghcr.io/hassio-addons/base:17.1.4", + "armv7": "ghcr.io/hassio-addons/base:17.1.4" }, "codenotary": { "base_image": "codenotary@frenck.dev", "signer": "codenotary@frenck.dev" } -} +} \ No newline at end of file From 3c5ccc1402ca39f89aaf8e06207dc11ee73b429c Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 15:53:01 +0000 Subject: [PATCH 07/10] [TOR] fix snowflake build --- tor/CHANGELOG.md | 4 ++++ tor/Dockerfile | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/tor/CHANGELOG.md b/tor/CHANGELOG.md index 9f4a8b0d9..227ed355f 100644 --- a/tor/CHANGELOG.md +++ b/tor/CHANGELOG.md @@ -17,3 +17,7 @@ ## 5.0.2-1 (13-02-2025) - HTTP tunneling + +## 5.0.2-2 (13-02-2025) + +- Fix snowflake build \ No newline at end of file diff --git a/tor/Dockerfile b/tor/Dockerfile index 57c258a4e..f1da40e83 100644 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -1,4 +1,4 @@ -ARG BUILD_FROM=ghcr.io/hassio-addons/base:17.1.4 +ARG BUILD_FROM # hadolint ignore=DL3006 FROM ${BUILD_FROM} @@ -35,11 +35,11 @@ RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy # Build snowflake WORKDIR /go/snowflake/client RUN go get \ - && go build -o /usr/local/bin/snowflake + && go build -ldflags '-extldflags "-static" -w -s' -o /usr/local/bin/snowflake # Build webtunnel WORKDIR /go/webtunnel/main/client -RUN git reset --hard ${WEBTUNNEL_VERSION} \ +RUN go get \ && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel # Clean up after build From 066c85c47b9ef55704128ad0a513d55940207c61 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 16:02:04 +0000 Subject: [PATCH 08/10] [TOR] Lint --- tor/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tor/CHANGELOG.md b/tor/CHANGELOG.md index 227ed355f..c49223452 100644 --- a/tor/CHANGELOG.md +++ b/tor/CHANGELOG.md @@ -20,4 +20,4 @@ ## 5.0.2-2 (13-02-2025) -- Fix snowflake build \ No newline at end of file +- Fix snowflake build From 28ded80044102ac34f9847203b300ed7f3f458fd Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 16:15:09 +0000 Subject: [PATCH 09/10] [TOR] Lint --- tor/Dockerfile | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/tor/Dockerfile b/tor/Dockerfile index f1da40e83..78a81175c 100644 --- a/tor/Dockerfile +++ b/tor/Dockerfile @@ -11,13 +11,13 @@ COPY rootfs / # Setup base RUN \ apk add --no-cache \ - coreutils=9.5-r2 \ - openssl=3.3.3-r0 \ - tor=0.4.8.14-r1 \ - go=1.23.6-r0 \ - git=2.47.2-r0 \ - ca-certificates=20241121-r1 \ - libcap=2.71-r0 + coreutils=9.5-r2 \ + openssl=3.3.3-r0 \ + tor=0.4.8.14-r1 \ + go=1.23.6-r0 \ + git=2.47.2-r0 \ + ca-certificates=20241121-r1 \ + libcap=2.71-r0 # Download pluggable-transports sources WORKDIR /go @@ -25,8 +25,8 @@ ARG OBFS_VERSION=obfs4proxy-0.0.14 ARG SNOWFLAKE_VERSION=v2.10.1 ARG WEBTUNNEL_VERSION=v0.0.2 RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \ - && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ - && git clone -b ${WEBTUNNEL_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git + && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ + && git clone -b ${WEBTUNNEL_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git # Build obfs4proxy WORKDIR /go/obfs4 @@ -56,11 +56,11 @@ HEALTHCHECK \ --interval=60s \ --timeout=30s \ CMD curl \ - --silent \ - --location \ - --socks5-hostname localhost:9050 \ - https://check.torproject.org/?lang=en_US \ - | grep -qm1 Congratulations + --silent \ + --location \ + --socks5-hostname localhost:9050 \ + https://check.torproject.org/?lang=en_US \ + | grep -qm1 Congratulations # Build arguments ARG BUILD_ARCH From b09abe76ff06bb48e1e653badbdfd51e10bd7596 Mon Sep 17 00:00:00 2001 From: Renat Gabdulhakov Date: Thu, 13 Feb 2025 16:25:56 +0000 Subject: [PATCH 10/10] [TOR] Lint --- tor/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/tor/CHANGELOG.md b/tor/CHANGELOG.md index c49223452..a94c31080 100644 --- a/tor/CHANGELOG.md +++ b/tor/CHANGELOG.md @@ -21,3 +21,4 @@ ## 5.0.2-2 (13-02-2025) - Fix snowflake build +- Lint issues