correct yt link

Docker improvements

- Run onionr by default rather than bash
- Run as unprivileged user by default instead of root
- Use /app for all code
- Specify python 3.7 (3.8 fails to build cffi)
- Use apt-get rather than apt (apt's CLI is not stable)
- Slight reformatting and consolidation

Added custom port and bind address args
master^2
Kevin Froman 2020-12-15 19:54:33 -06:00
parent 2bd58945da
commit c44d6624ff
6 changed files with 43 additions and 19 deletions

View File

@ -1,28 +1,30 @@
FROM python
FROM python:3.7
#Base settings
ENV HOME /root
USER root
RUN mkdir /app
WORKDIR /app
ENV PORT=8080
EXPOSE 8080
#Install needed packages
RUN apt update && apt install -y tor locales
RUN apt-get update && apt-get install -y tor locales
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8
WORKDIR /srv/
ADD ./requirements.txt /srv/requirements.txt
ADD ./requirements.txt /app/requirements.txt
RUN pip3 install --require-hashes -r requirements.txt
WORKDIR /root/
#Add Onionr source
COPY . /root/
VOLUME /root/data/
COPY . /app/
#Set upstart command
CMD bash
VOLUME /app/data/
#Expose ports
EXPOSE 8080
#Default to running as nonprivileged user
RUN chmod g=u -R /app
USER 1000
CMD ["bash", "./onionr.sh"]

View File

@ -70,7 +70,7 @@ Not yet usable:
## Watch the talk from BSidesPDX 2019
<a href="https://invidio.us/watch?v=mrULtmSkKxg">
<a href="https://www.youtube.com/watch?v=mrULtmSkKxg">
<img src="docs/talk.png" alt="improving anonymous networking talk link" width="600">
</a>

View File

@ -55,6 +55,12 @@ def show_info(p: Process):
parser = argparse.ArgumentParser()
parser.add_argument(
"--bind-address", help="Address to bind to. Be very careful with non-loopback",
type=str, default="")
parser.add_argument(
"--port", help="Port to bind to, must be available and possible",
type=int, default=0)
parser.add_argument(
"--use-bootstrap-file", help="Use bootstrap node list file",
type=int, default=1)
@ -129,6 +135,13 @@ config['general']['dev_mode'] = False
config['general']['store_plaintext_blocks'] = True
config['general']['use_bootstrap_list'] = True
config['transports']['tor'] = True
config['general']['bind_port'] = 0 # client api server port
config['general']['bind_address'] = '' # client api server address
if args.bind_address:
config['general']['bind_address'] = args.bind_address
if args.port:
config['client']['client']['port'] = args.port
if not args.use_bootstrap_file:
config['general']['use_bootstrap_list'] = False

View File

@ -50,13 +50,20 @@ class PrivateAPI:
self.startTime = epoch.get_epoch()
app = flask.Flask(__name__)
bind_port = int(config.get('client.client.port', 59496))
self.bindPort = bind_port
self.clientToken = config.get('client.webpassword')
self.host = httpapi.apiutils.setbindip.set_bind_IP(
private_API_host_file)
if config.get('general.bind_address'):
with open(private_API_host_file, 'w') as bindFile:
bindFile.write(config.get('general.bind_address'))
self.host = config.get('general.bind_address')
else:
self.host = httpapi.apiutils.setbindip.set_bind_IP(
private_API_host_file)
logger.info('Running api on %s:%s' % (self.host, self.bindPort))
self.httpServer = ''

View File

@ -8,6 +8,7 @@
"general": {
"allow_public_api_dns_rebinding": false,
"announce_node": true,
"bind_address": "",
"dev_mode": false,
"display_header": true,
"ephemeral_tunnels": false,

View File

@ -24,6 +24,7 @@ class OnionrConfig(unittest.TestCase):
self.assertEqual(conf['allocations']['disk'], 1073741824)
self.assertEqual(conf['allocations']['disk'], 1073741824)
self.assertEqual(conf['general']['announce_node'], True)
self.assertEqual(conf['general']['bind_address'], '')
self.assertEqual(conf['general']['dev_mode'], False)
self.assertEqual(conf['general']['display_header'], True)
self.assertEqual(conf['general']['ephemeral_tunnels'], False)