Tor networking plugin for docker containers
$ go get github.com/jessfraz/onionNOTE: Make sure you are using Docker 1.9 or later
WARNING: By default all outbound udp traffic in the network should be blocked because it will not be routed through tor.
Start the tor router
NOTE: in the future it should be easier to start any container to route and have the plugin be smart about finding it, but for now.... deal with it.
$ docker run -d \
--net host \
--name tor-router \
jess/tor-router
# follow the logs to make sure it is bootstrapped successfully
$ docker logs -f tor-routerRun the plugin container
$ docker run -d \
--net host \
--cap-add NET_ADMIN \
--name onion \
-v /run/docker/plugins:/run/docker/plugins \
-v /var/run/docker.sock:/var/run/docker.sock \
jess/onionCreate a new network
$ docker network create -d tor vidaliaTest it out!
$ docker run --rm -it --net vidalia jess/httpie -v --json https://check.torproject.org/api/ipUnit tests:
$ make test
Integration tests:
$ make dtest
Thanks to the libnetwork team for writing the networking go plugin and of course the networking itself ;) Also a lot of this code is from the bridge driver in libnetwork itself.
Also huge thanks to the Tor project for protecting the internet.
- FIND A WAY TO DO THIS WITHOUT IPTABLES
- the tor router should be discoverable as any docker image or container name etc and the ports for forwarding should be able to be found through that
- the tor router should not have to be run as
--net host - moar tests (unit and integration)
- exposing ports in the network is a little funky
- saving state?
- make deny all udp traffic configurable
- udp integration tests suck
- unit tests