diff --git a/Dockerfile b/Dockerfile
index 546152db..c8e93527 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,28 +1,30 @@
-FROM python
+FROM python:3.7
-#Base settings
-ENV HOME /root
+USER root
+
+RUN mkdir /app
+WORKDIR /app
+
+ENV PORT=8080
+EXPOSE 8080
#Install needed packages
-RUN apt update && apt install -y tor locales
+RUN apt-get update && apt-get install -y tor locales
RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
locale-gen
-ENV LANG en_US.UTF-8
-ENV LANGUAGE en_US:en
-ENV LC_ALL en_US.UTF-8
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8
-WORKDIR /srv/
-ADD ./requirements.txt /srv/requirements.txt
+ADD ./requirements.txt /app/requirements.txt
RUN pip3 install --require-hashes -r requirements.txt
-WORKDIR /root/
#Add Onionr source
-COPY . /root/
-VOLUME /root/data/
+COPY . /app/
-#Set upstart command
-CMD bash
+VOLUME /app/data/
-#Expose ports
-EXPOSE 8080
+#Default to running as nonprivileged user
+RUN chmod g=u -R /app
+USER 1000
+
+CMD ["bash", "./onionr.sh"]
diff --git a/README.md b/README.md
index 5eea66c5..86d265b3 100644
--- a/README.md
+++ b/README.md
@@ -70,7 +70,7 @@ Not yet usable:
## Watch the talk from BSidesPDX 2019
-
+
diff --git a/requirements.in b/requirements.in
index c23dec08..ea5f0c18 100644
--- a/requirements.in
+++ b/requirements.in
@@ -12,5 +12,5 @@ toomanyobjs==1.1.0
niceware==0.2.1
psutil==5.7.3
filenuke==0.0.0
-watchdog==0.10.4
+watchdog==1.0.1
ujson==4.0.1
diff --git a/requirements.txt b/requirements.txt
index ffedc92c..759f221a 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -141,9 +141,6 @@ niceware==0.2.1 \
--hash=sha256:0f8b192f2a1e800e068474f6e208be9c7e2857664b33a96f4045340de4e5c69c \
--hash=sha256:cf2dc0e1567d36d067c61b32fed0f1b9c4534ed511f9eeead4ba548d03b5c9eb \
# via -r requirements.in
-pathtools==0.1.2 \
- --hash=sha256:7c35c5421a39bb82e58018febd90e3b6e5db34c5443aaaf742b3f33d4655f1c0 \
- # via watchdog
psutil==5.7.3 \
--hash=sha256:01bc82813fbc3ea304914581954979e637bcc7084e59ac904d870d6eb8bb2bc7 \
--hash=sha256:1cd6a0c9fb35ece2ccf2d1dd733c1e165b342604c67454fd56a4c12e0a106787 \
@@ -232,8 +229,8 @@ urllib3==1.25.11 \
--hash=sha256:8d7eaa5a82a1cac232164990f04874c594c9453ec55eef02eab885aa02fc17a2 \
--hash=sha256:f5321fbe4bf3fefa0efd0bfe7fb14e90909eb62a48ccda331726b4319897dd5e \
# via -r requirements.in, requests
-watchdog==0.10.4 \
- --hash=sha256:e38bffc89b15bafe2a131f0e1c74924cf07dcec020c2e0a26cccd208831fcd43 \
+watchdog==1.0.1 \
+ --hash=sha256:78ea5d78f2cf8e4d6343ab2cbed93bb47b7a85b1c2f90a1dea365226bbab68ac \
# via -r requirements.in
werkzeug==0.15.5 \
--hash=sha256:87ae4e5b5366da2347eb3116c0e6c681a0e939a33b2805e2c0cbd282664932c4 \
diff --git a/run-onionr-node.py b/run-onionr-node.py
index 2c8f3431..15fd581e 100755
--- a/run-onionr-node.py
+++ b/run-onionr-node.py
@@ -55,6 +55,12 @@ def show_info(p: Process):
parser = argparse.ArgumentParser()
+parser.add_argument(
+ "--bind-address", help="Address to bind to. Be very careful with non-loopback",
+ type=str, default="")
+parser.add_argument(
+ "--port", help="Port to bind to, must be available and possible",
+ type=int, default=0)
parser.add_argument(
"--use-bootstrap-file", help="Use bootstrap node list file",
type=int, default=1)
@@ -129,6 +135,13 @@ config['general']['dev_mode'] = False
config['general']['store_plaintext_blocks'] = True
config['general']['use_bootstrap_list'] = True
config['transports']['tor'] = True
+config['general']['bind_port'] = 0 # client api server port
+config['general']['bind_address'] = '' # client api server address
+
+if args.bind_address:
+ config['general']['bind_address'] = args.bind_address
+if args.port:
+ config['client']['client']['port'] = args.port
if not args.use_bootstrap_file:
config['general']['use_bootstrap_list'] = False
diff --git a/src/apiservers/private/__init__.py b/src/apiservers/private/__init__.py
index 3bc0df3a..657c30b7 100644
--- a/src/apiservers/private/__init__.py
+++ b/src/apiservers/private/__init__.py
@@ -50,13 +50,20 @@ class PrivateAPI:
self.startTime = epoch.get_epoch()
app = flask.Flask(__name__)
+
+
bind_port = int(config.get('client.client.port', 59496))
self.bindPort = bind_port
self.clientToken = config.get('client.webpassword')
- self.host = httpapi.apiutils.setbindip.set_bind_IP(
- private_API_host_file)
+ if config.get('general.bind_address'):
+ with open(private_API_host_file, 'w') as bindFile:
+ bindFile.write(config.get('general.bind_address'))
+ self.host = config.get('general.bind_address')
+ else:
+ self.host = httpapi.apiutils.setbindip.set_bind_IP(
+ private_API_host_file)
logger.info('Running api on %s:%s' % (self.host, self.bindPort))
self.httpServer = ''
diff --git a/static-data/default_config.json b/static-data/default_config.json
index 2a788eb3..dcad2e50 100755
--- a/static-data/default_config.json
+++ b/static-data/default_config.json
@@ -8,6 +8,7 @@
"general": {
"allow_public_api_dns_rebinding": false,
"announce_node": true,
+ "bind_address": "",
"dev_mode": false,
"display_header": true,
"ephemeral_tunnels": false,
diff --git a/tests/test_default_config_json.py b/tests/test_default_config_json.py
index b50db4b2..2678b13c 100644
--- a/tests/test_default_config_json.py
+++ b/tests/test_default_config_json.py
@@ -24,6 +24,7 @@ class OnionrConfig(unittest.TestCase):
self.assertEqual(conf['allocations']['disk'], 1073741824)
self.assertEqual(conf['allocations']['disk'], 1073741824)
self.assertEqual(conf['general']['announce_node'], True)
+ self.assertEqual(conf['general']['bind_address'], '')
self.assertEqual(conf['general']['dev_mode'], False)
self.assertEqual(conf['general']['display_header'], True)
self.assertEqual(conf['general']['ephemeral_tunnels'], False)