docker: Use static ip for tor container.

This commit is contained in:
tecnovert 2022-03-27 11:28:17 +02:00
parent a5b192b931
commit 6b063d0582
No known key found for this signature in database
GPG key ID: 8ED6D8750C4E3F93
3 changed files with 26 additions and 14 deletions

View file

@ -385,12 +385,13 @@ def prepareCore(coin, version_pair, settings, data_dir):
def writeTorSettings(fp, coin, coin_settings, tor_control_password): def writeTorSettings(fp, coin, coin_settings, tor_control_password):
onionport = coin_settings['onionport'] onionport = coin_settings['onionport']
'''
TOR_PROXY_HOST must be an ip address.
BTC versions >21 and Particl with lookuptorcontrolhost=any can accept hostnames, XMR and LTC cannot
'''
fp.write(f'proxy={TOR_PROXY_HOST}:{TOR_PROXY_PORT}\n') fp.write(f'proxy={TOR_PROXY_HOST}:{TOR_PROXY_PORT}\n')
if coin == 'particl': fp.write(f'torpassword={tor_control_password}\n')
# TODO: lookuptorcontrolhost is default behaviour in later BTC versions fp.write(f'torcontrol={TOR_PROXY_HOST}:{TOR_CONTROL_PORT}\n')
fp.write(f'torpassword={tor_control_password}\n')
fp.write(f'torcontrol={TOR_PROXY_HOST}:{TOR_CONTROL_PORT}\n')
fp.write('lookuptorcontrolhost=any\n') # Particl only option
if coin == 'litecoin': if coin == 'litecoin':
fp.write(f'bind=0.0.0.0:{onionport}\n') fp.write(f'bind=0.0.0.0:{onionport}\n')
@ -517,9 +518,6 @@ def write_torrc(data_dir, tor_control_password):
if not os.path.exists(tor_dir): if not os.path.exists(tor_dir):
os.makedirs(tor_dir) os.makedirs(tor_dir)
torrc_path = os.path.join(tor_dir, 'torrc') torrc_path = os.path.join(tor_dir, 'torrc')
if os.path.exists(torrc_path):
logger.info(f'torrc file exists at {torrc_path}.')
return
tor_control_hash = rfc2440_hash_password(tor_control_password) tor_control_hash = rfc2440_hash_password(tor_control_password)
with open(torrc_path, 'w') as fp: with open(torrc_path, 'w') as fp:
@ -571,7 +569,7 @@ def modify_tor_config(settings, coin, tor_control_password=None, enable=False):
fp.write('proxy-allow-dns-leaks=0\n') fp.write('proxy-allow-dns-leaks=0\n')
fp.write('no-igd=1\n') fp.write('no-igd=1\n')
wallet_tor_settings = ('proxy=') wallet_tor_settings = ('proxy=',)
with open(wallet_conf_path, 'w') as fp: with open(wallet_conf_path, 'w') as fp:
with open(wallet_conf_path + '.last') as fp_in: with open(wallet_conf_path + '.last') as fp_in:
# Disable tor first # Disable tor first

View file

@ -8,6 +8,13 @@ Basicswap can be configured to route all traffic through a tor proxy.
basicswap-prepare can be configured to download all binaries through tor and to enable or disable tor in all active coin config files. basicswap-prepare can be configured to download all binaries through tor and to enable or disable tor in all active coin config files.
#### Create initial files
Docker will create directories instead of files if these don't exist.
touch $COINDATA_PATH/tor/torrc
#### For a new install #### For a new install
Note that some download links, notably for Litecoin, are unreachable when using tor. Note that some download links, notably for Litecoin, are unreachable when using tor.
@ -17,7 +24,7 @@ If running through docker start the tor container with the following command as
docker compose -f docker-compose_with_tor.yml run --name tor --rm tor \ docker compose -f docker-compose_with_tor.yml run --name tor --rm tor \
tor --allow-missing-torrc --SocksPort 0.0.0.0:9050 tor --allow-missing-torrc --SocksPort 0.0.0.0:9050
docker compose -f docker-compose_with_tor.yml run -e TOR_PROXY_HOST=tor --rm swapclient \ docker compose -f docker-compose_with_tor.yml run -e TOR_PROXY_HOST=172.16.238.200 --rm swapclient \
basicswap-prepare --usetorproxy --datadir=/coindata --withcoins=monero,particl basicswap-prepare --usetorproxy --datadir=/coindata --withcoins=monero,particl
@ -27,7 +34,7 @@ Start Basicswap with:
#### Enable tor on an existing datadir #### Enable tor on an existing datadir
docker compose -f docker-compose_with_tor.yml run -e TOR_PROXY_HOST=tor --rm swapclient \ docker compose -f docker-compose_with_tor.yml run -e TOR_PROXY_HOST=172.16.238.200 --rm swapclient \
basicswap-prepare --datadir=/coindata --enabletor basicswap-prepare --datadir=/coindata --enabletor
#### Disable tor on an existing datadir #### Disable tor on an existing datadir

View file

@ -19,6 +19,8 @@ services:
options: options:
max-size: "10m" max-size: "10m"
max-file: "5" max-file: "5"
networks:
- tor_net
tor: tor:
image: i_tor image: i_tor
@ -33,12 +35,17 @@ services:
options: options:
max-size: "10m" max-size: "10m"
max-file: "5" max-file: "5"
networks:
tor_net:
ipv4_address: 172.16.238.200
volumes: volumes:
coindata: coindata:
driver: local driver: local
networks: networks:
default: tor_net:
external: ipam:
name: coinswap_network driver: default
config:
- subnet: "172.16.238.0/24"