Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shard Tor hidden services across multiple daemons #920

Merged
merged 9 commits into from
Aug 20, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 21 additions & 2 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,33 @@ services:
user: toruser
restart: on-failure
volumes:
- ${PWD}/tor/torrc:/etc/tor/torrc
- ${PWD}/tor/torrc-umbrel:/etc/tor/torrc
- ${PWD}/tor/data:/var/lib/tor/
- ${PWD}/tor/run:/var/run/tor/
ports:
- "127.0.0.1:$TOR_PROXY_PORT:$TOR_PROXY_PORT"
networks:
default:
ipv4_address: $TOR_PROXY_IP
app_tor:
image: lncm/tor:0.4.5.7@sha256:a83e0d9fd1a35adf025f2f34237ec1810e2a59765988dce1dfb222ca8ef6583c
user: toruser
restart: on-failure
volumes:
- ${PWD}/tor/torrc-apps:/etc/tor/torrc
- ${PWD}/tor/data:/var/lib/tor/
networks:
default:
ipv4_address: $APPS_TOR_IP
app_2_tor:
image: lncm/tor:0.4.5.7@sha256:a83e0d9fd1a35adf025f2f34237ec1810e2a59765988dce1dfb222ca8ef6583c
user: toruser
restart: on-failure
volumes:
- ${PWD}/tor/torrc-apps-2:/etc/tor/torrc
- ${PWD}/tor/data:/var/lib/tor/
networks:
default:
ipv4_address: $APPS_2_TOR_IP
nginx:
container_name: nginx
image: nginx:1.17.8@sha256:380eb808e2a3b0dd954f92c1cae2f845e6558a15037efefcabc5b4e03d666d03
Expand Down
28 changes: 20 additions & 8 deletions scripts/configure
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,9 @@ echo
NGINX_CONF_FILE="./templates/nginx.conf"
BITCOIN_CONF_FILE="./templates/bitcoin.conf"
LND_CONF_FILE="./templates/lnd.conf"
TOR_CONF_FILE="./templates/torrc"
APPS_TOR_CONF_FILE="./templates/torrc-apps"
APPS_2_TOR_CONF_FILE="./templates/torrc-apps-2"
UMBREL_TOR_CONF_FILE="./templates/torrc-umbrel"
ELECTRS_CONF_FILE="./templates/electrs.toml"
ENV_FILE="./templates/.env"

Expand All @@ -80,15 +82,19 @@ ENV_FILE="./templates/.env"
[[ -f "$NGINX_CONF_FILE" ]] && rm -f "$NGINX_CONF_FILE"
[[ -f "$BITCOIN_CONF_FILE" ]] && rm -f "$BITCOIN_CONF_FILE"
[[ -f "$LND_CONF_FILE" ]] && rm -f "$LND_CONF_FILE"
[[ -f "$TOR_CONF_FILE" ]] && rm -f "$TOR_CONF_FILE"
[[ -f "$APPS_TOR_CONF_FILE" ]] && rm -f "$APPS_TOR_CONF_FILE"
[[ -f "$APPS_2_TOR_CONF_FILE" ]] && rm -f "$APPS_2_TOR_CONF_FILE"
[[ -f "$UMBREL_TOR_CONF_FILE" ]] && rm -f "$UMBREL_TOR_CONF_FILE"
[[ -f "$ELECTRS_CONF_FILE" ]] && rm -f "$ELECTRS_CONF_FILE"
[[ -f "$ENV_FILE" ]] && rm -f "$ENV_FILE"

# Copy template configs to intermediary configs
[[ -f "./templates/nginx-sample.conf" ]] && cp "./templates/nginx-sample.conf" "$NGINX_CONF_FILE"
[[ -f "./templates/bitcoin-sample.conf" ]] && cp "./templates/bitcoin-sample.conf" "$BITCOIN_CONF_FILE"
[[ -f "./templates/lnd-sample.conf" ]] && cp "./templates/lnd-sample.conf" "$LND_CONF_FILE"
[[ -f "./templates/torrc-sample" ]] && cp "./templates/torrc-sample" "$TOR_CONF_FILE"
[[ -f "./templates/torrc-apps-sample" ]] && cp "./templates/torrc-apps-sample" "$APPS_TOR_CONF_FILE"
[[ -f "./templates/torrc-apps-2-sample" ]] && cp "./templates/torrc-apps-2-sample" "$APPS_2_TOR_CONF_FILE"
[[ -f "./templates/torrc-umbrel-sample" ]] && cp "./templates/torrc-umbrel-sample" "$UMBREL_TOR_CONF_FILE"
[[ -f "./templates/electrs-sample.toml" ]] && cp "./templates/electrs-sample.toml" "$ELECTRS_CONF_FILE"
[[ -f "./templates/.env-sample" ]] && cp "./templates/.env-sample" "$ENV_FILE"

Expand Down Expand Up @@ -122,6 +128,8 @@ LND_REST_PORT="8080"
ELECTRUM_IP="10.21.21.10"
ELECTRUM_PORT="50001"
TOR_PROXY_IP="10.21.21.11"
APPS_TOR_IP="10.21.21.47"
APPS_2_TOR_IP="10.21.21.48"
TOR_PROXY_PORT="9050"

# Apps
Expand Down Expand Up @@ -243,8 +251,8 @@ fi
# Update RPC, P2P and ZMQ Ports
sed -i "s/rpcport=<port>/rpcport=$BITCOIN_RPC_PORT/g;" "$BITCOIN_CONF_FILE"
sed -i "s/port=<port>/port=$BITCOIN_P2P_PORT/g;" "$BITCOIN_CONF_FILE"
sed -i "s/<bitcoin-rpc-port>/$BITCOIN_RPC_PORT/g;" "$TOR_CONF_FILE"
sed -i "s/<bitcoin-p2p-port>/$BITCOIN_P2P_PORT/g;" "$TOR_CONF_FILE"
sed -i "s/<bitcoin-rpc-port>/$BITCOIN_RPC_PORT/g;" "$UMBREL_TOR_CONF_FILE"
sed -i "s/<bitcoin-p2p-port>/$BITCOIN_P2P_PORT/g;" "$UMBREL_TOR_CONF_FILE"
sed -i "/daemon_rpc_addr/s/<port>/$BITCOIN_RPC_PORT/g;" "$ELECTRS_CONF_FILE"
sed -i "s/BITCOIN_RPC_PORT=<port>/BITCOIN_RPC_PORT=$BITCOIN_RPC_PORT/g;" "$ENV_FILE"
sed -i "s/BITCOIN_P2P_PORT=<port>/BITCOIN_P2P_PORT=$BITCOIN_P2P_PORT/g;" "$ENV_FILE"
Expand All @@ -263,7 +271,7 @@ sed -i "s/BITCOIN_RPC_PASS=<password>/BITCOIN_RPC_PASS=$BITCOIN_RPC_PASS/g;" "$E
sed -i "s/BITCOIN_NETWORK=<network>/BITCOIN_NETWORK=$BITCOIN_NETWORK/g;" "$ENV_FILE"

# Add Tor password
sed -i "s/HashedControlPassword <password>/HashedControlPassword $TOR_HASHED_PASSWORD/g;" "$TOR_CONF_FILE"
sed -i "s/HashedControlPassword <password>/HashedControlPassword $TOR_HASHED_PASSWORD/g;" "$UMBREL_TOR_CONF_FILE"
sed -i "s/torpassword=<password>/torpassword=$TOR_PASSWORD/g;" "$BITCOIN_CONF_FILE"
sed -i "s/tor.password=<password>/tor.password=$TOR_PASSWORD/g;" "$LND_CONF_FILE"
sed -i "s/TOR_PASSWORD=<password>/TOR_PASSWORD=$TOR_PASSWORD/g;" "$ENV_FILE"
Expand Down Expand Up @@ -292,7 +300,7 @@ if [[ "$BITCOIN_NETWORK" == "mainnet" ]] && [[ ! -f "${STATUS_DIR}/node-status-b
fi

# TODO: Update all the above code to use this simpler logic
for template in "${NGINX_CONF_FILE}" "${BITCOIN_CONF_FILE}" "${LND_CONF_FILE}" "${TOR_CONF_FILE}" "${ELECTRS_CONF_FILE}" "${ENV_FILE}"; do
for template in "${NGINX_CONF_FILE}" "${BITCOIN_CONF_FILE}" "${LND_CONF_FILE}" "${APPS_TOR_CONF_FILE}" "${APPS_2_TOR_CONF_FILE}" "${UMBREL_TOR_CONF_FILE}" "${ELECTRS_CONF_FILE}" "${ENV_FILE}"; do
# Umbrel
sed -i "s/<network-ip>/${NETWORK_IP}/g" "${template}"
sed -i "s/<gateway-ip>/${GATEWAY_IP}/g" "${template}"
Expand All @@ -310,6 +318,8 @@ for template in "${NGINX_CONF_FILE}" "${BITCOIN_CONF_FILE}" "${LND_CONF_FILE}" "
sed -i "s/<electrum-port>/${ELECTRUM_PORT}/g" "${template}"
sed -i "s/<tor-proxy-ip>/${TOR_PROXY_IP}/g" "${template}"
sed -i "s/<tor-proxy-port>/${TOR_PROXY_PORT}/g" "${template}"
sed -i "s/<apps-tor-ip>/${APPS_TOR_IP}/g" "${template}"
sed -i "s/<apps-2-tor-ip>/${APPS_2_TOR_IP}/g" "${template}"
sed -i "s/<zmq-rawblock-port>/${BITCOIN_ZMQ_RAWBLOCK_PORT}/g;" "${template}"
sed -i "s/<zmq-rawtx-port>/${BITCOIN_ZMQ_RAWTX_PORT}/g;" "${template}"
sed -i "s/<zmq-hashblock-port>/${BITCOIN_ZMQ_HASHBLOCK_PORT}/g;" "${template}"
Expand Down Expand Up @@ -383,7 +393,9 @@ done

mv -f "$NGINX_CONF_FILE" "./nginx/nginx.conf"
mv -f "$BITCOIN_CONF_FILE" "./bitcoin/bitcoin.conf"
mv -f "$TOR_CONF_FILE" "./tor/torrc"
mv -f "$APPS_TOR_CONF_FILE" "./tor/torrc-apps"
mv -f "$APPS_2_TOR_CONF_FILE" "./tor/torrc-apps-2"
mv -f "$UMBREL_TOR_CONF_FILE" "./tor/torrc-umbrel"
mv -f "$ELECTRS_CONF_FILE" "./electrs/electrs.toml"
mv -f "$ENV_FILE" "./.env"

Expand Down
4 changes: 3 additions & 1 deletion scripts/update/.updateinclude
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
.env
bitcoin/bitcoin.conf
tor/torrc
tor/torrc-apps
tor/torrc-apps-2
tor/torrc-umbrel
electrs/electrs.toml
2 changes: 2 additions & 0 deletions templates/.env-sample
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ TOR_PROXY_IP=<tor-proxy-ip>
TOR_PROXY_PORT=<tor-proxy-port>
TOR_PASSWORD=<password>
TOR_HASHED_PASSWORD=<password>
APPS_TOR_IP=<apps-tor-ip>
APPS_2_TOR_IP=<apps-2-tor-ip>
DOCKER_BINARY=<path>

# Apps
Expand Down
55 changes: 55 additions & 0 deletions templates/torrc-apps-2-sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Apps 2

# samourai-server dojo Hidden Service
HiddenServiceDir /var/lib/tor/app-samourai-server-dojo
HiddenServicePort 80 <app-samourai-server-ip>:80

# samourai-server connect Hidden Service
HiddenServiceDir /var/lib/tor/app-samourai-server
HiddenServicePort 80 <app-samourai-server-ip>:8081

# samourai-server whirlpool Hidden Service
HiddenServiceDir /var/lib/tor/app-samourai-server-whirlpool
HiddenServicePort 80 <app-samourai-server-whirlpool-ip>:<app-samourai-server-whirlpool-port>

# LndHub Hidden Service
HiddenServiceDir /var/lib/tor/app-bluewallet
HiddenServicePort 80 <app-bluewallet-lndhub-ip>:<app-bluewallet-lndhub-port>

# nextcloud Hidden Service
HiddenServiceDir /var/lib/tor/app-nextcloud
HiddenServicePort 80 <app-nextcloud-ip>:80

# pi-hole Hidden Service
HiddenServiceDir /var/lib/tor/app-pi-hole
HiddenServicePort 80 <app-pi-hole-ip>:80

# home-assistant Hidden Service
HiddenServiceDir /var/lib/tor/app-home-assistant
HiddenServicePort 80 <app-home-assistant-ip>:8123

# gitea Hidden Service
HiddenServiceDir /var/lib/tor/app-gitea
HiddenServicePort 80 <app-gitea-ip>:<app-gitea-port>
HiddenServicePort 22 <app-gitea-ip>:<app-gitea-ssh-port>

# simple-torrent Hidden Service
HiddenServiceDir /var/lib/tor/app-simple-torrent
HiddenServicePort 80 <app-simple-torrent-ip>:<app-simple-torrent-port>

# synapse Hidden Service
HiddenServiceDir /var/lib/tor/app-synapse
HiddenServicePort 80 <app-synapse-ip>:<app-synapse-port>
HiddenServicePort <app-synapse-port> <app-synapse-ip>:<app-synapse-port>

# element Hidden Service
HiddenServiceDir /var/lib/tor/app-element
HiddenServicePort 80 <app-element-ip>:80

# vaultwarden Hidden Service
HiddenServiceDir /var/lib/tor/app-vaultwarden
HiddenServicePort 80 <app-vaultwarden-ip>:<app-vaultwarden-port>

# code-server Hidden Service
HiddenServiceDir /var/lib/tor/app-code-server
HiddenServicePort 80 <app-code-server-ip>:8080
44 changes: 44 additions & 0 deletions templates/torrc-apps-sample
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
# Apps

# btc-rpc-explorer Hidden Service
HiddenServiceDir /var/lib/tor/app-btc-rpc-explorer
HiddenServicePort 80 <app-btc-rpc-explorer-ip>:<app-btc-rpc-explorer-port>

# thunderhub Hidden Service
HiddenServiceDir /var/lib/tor/app-thunderhub
HiddenServicePort 80 <app-thunderhub-ip>:<app-thunderhub-port>

# sphinx-relay Hidden Service
# We expose 80 for the connection string UI and <app-sphinx-relay-port> for the
# actual server connection
HiddenServiceDir /var/lib/tor/app-sphinx-relay
HiddenServicePort 80 <app-sphinx-relay-ip>:<app-sphinx-relay-port>
HiddenServicePort <app-sphinx-relay-port> <app-sphinx-relay-ip>:<app-sphinx-relay-port>

# ride-the-lightning Hidden Service
HiddenServiceDir /var/lib/tor/app-ride-the-lightning
HiddenServicePort 80 <app-ride-the-lightning-ip>:<app-ride-the-lightning-port>

# lightning-terminal Hidden Service
HiddenServiceDir /var/lib/tor/app-lightning-terminal
HiddenServicePort 80 <app-lightning-terminal-ip>:<app-lightning-terminal-port>

# specter-desktop Hidden Service
HiddenServiceDir /var/lib/tor/app-specter-desktop
HiddenServicePort 80 <app-specter-desktop-ip>:<app-specter-desktop-port>

# btcpay-server Hidden Service
HiddenServiceDir /var/lib/tor/app-btcpay-server
HiddenServicePort 80 <app-btcpay-server-ip>:<app-btcpay-server-port>

# lnbits Hidden Service
HiddenServiceDir /var/lib/tor/app-lnbits
HiddenServicePort 80 <app-lnbits-ip>:<app-lnbits-port>

# photoprism Hidden Service
HiddenServiceDir /var/lib/tor/app-photoprism
HiddenServicePort 80 <app-photoprism-ip>:<app-photoprism-port>

# mempool Hidden Service
HiddenServiceDir /var/lib/tor/app-mempool
HiddenServicePort 80 <app-mempool-ip>:<app-mempool-port>
134 changes: 0 additions & 134 deletions templates/torrc-sample

This file was deleted.

Loading