Merge branch 'bind-args'

correct yt link
Docker improvements - Run onionr by default rather than bash - Run as unprivileged user by default instead of root - Use /app for all code - Specify python 3.7 (3.8 fails to build cffi) - Use apt-get rather than apt (apt's CLI is not stable) - Slight reformatting and consolidation Added custom port and bind address args
2020-12-16 04:47:16 +00:00 · 2020-12-16 04:46:46 +00:00 · 2020-12-16 04:44:25 +00:00 · 2020-12-16 04:44:25 +00:00 · 2020-12-16 04:44:25 +00:00 · 2020-12-16 04:44:25 +00:00
8 changed files with 46 additions and 25 deletions
--- a/34
+++ b/34
@ -1,28 +1,30 @@
-FROM python
+FROM python:3.7
-#Base settings
+USER root
-ENV HOME /root
+
 RUN mkdir /app
 WORKDIR /app
 ENV PORT=8080
 EXPOSE 8080
 #Install needed packages
-RUN apt update && apt install -y  tor locales
+RUN apt-get update && apt-get install -y tor locales
 RUN sed -i -e 's/# en_US.UTF-8 UTF-8/en_US.UTF-8 UTF-8/' /etc/locale.gen && \
    locale-gen
-ENV LANG en_US.UTF-8  
+ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8
 ENV LANGUAGE en_US:en  
 ENV LC_ALL en_US.UTF-8  
-WORKDIR /srv/
+ADD ./requirements.txt /app/requirements.txt
 ADD ./requirements.txt /srv/requirements.txt
 RUN pip3 install --require-hashes -r requirements.txt
 WORKDIR /root/
 #Add Onionr source
-COPY . /root/
+COPY . /app/
 VOLUME /root/data/
-#Set upstart command
+VOLUME /app/data/
 CMD bash
-#Expose ports
+#Default to running as nonprivileged user
-EXPOSE 8080
+RUN chmod g=u -R /app
 USER 1000
 CMD ["bash", "./onionr.sh"]
--- a/README.md
+++ b/README.md
@ -70,7 +70,7 @@ Not yet usable:
 ## Watch the talk from BSidesPDX 2019
-<a href="https://invidio.us/watch?v=mrULtmSkKxg">
+<a href="https://www.youtube.com/watch?v=mrULtmSkKxg">
 <img src="docs/talk.png" alt="improving anonymous networking talk link" width="600">
 </a>
--- a/requirements.in
+++ b/requirements.in
@ -12,5 +12,5 @@ toomanyobjs==1.1.0
 niceware==0.2.1
 psutil==5.7.3
 filenuke==0.0.0
-watchdog==0.10.4
+watchdog==1.0.1
 ujson==4.0.1
--- a/requirements.txt
+++ b/requirements.txt
@ -141,9 +141,6 @@ niceware==0.2.1 \
    --hash=sha256:0f8b192f2a1e800e068474f6e208be9c7e2857664b33a96f4045340de4e5c69c \
    --hash=sha256:cf2dc0e1567d36d067c61b32fed0f1b9c4534ed511f9eeead4ba548d03b5c9eb \
    # via -r requirements.in
 pathtools==0.1.2 \
    --hash=sha256:7c35c5421a39bb82e58018febd90e3b6e5db34c5443aaaf742b3f33d4655f1c0 \
    # via watchdog
 psutil==5.7.3 \
    --hash=sha256:01bc82813fbc3ea304914581954979e637bcc7084e59ac904d870d6eb8bb2bc7 \
    --hash=sha256:1cd6a0c9fb35ece2ccf2d1dd733c1e165b342604c67454fd56a4c12e0a106787 \
@ -232,8 +229,8 @@ urllib3==1.25.11 \
    --hash=sha256:8d7eaa5a82a1cac232164990f04874c594c9453ec55eef02eab885aa02fc17a2 \
    --hash=sha256:f5321fbe4bf3fefa0efd0bfe7fb14e90909eb62a48ccda331726b4319897dd5e \
    # via -r requirements.in, requests
-watchdog==0.10.4 \
+watchdog==1.0.1 \
-    --hash=sha256:e38bffc89b15bafe2a131f0e1c74924cf07dcec020c2e0a26cccd208831fcd43 \
+    --hash=sha256:78ea5d78f2cf8e4d6343ab2cbed93bb47b7a85b1c2f90a1dea365226bbab68ac \
    # via -r requirements.in
 werkzeug==0.15.5 \
    --hash=sha256:87ae4e5b5366da2347eb3116c0e6c681a0e939a33b2805e2c0cbd282664932c4 \
--- a/run-onionr-node.py
+++ b/run-onionr-node.py
@ -55,6 +55,12 @@ def show_info(p: Process):
 parser = argparse.ArgumentParser()
 parser.add_argument(
    "--bind-address", help="Address to bind to. Be very careful with non-loopback",
    type=str, default="")
 parser.add_argument(
    "--port", help="Port to bind to, must be available and possible",
    type=int, default=0)
 parser.add_argument(
    "--use-bootstrap-file", help="Use bootstrap node list file",
    type=int, default=1)
@ -129,6 +135,13 @@ config['general']['dev_mode'] = False
 config['general']['store_plaintext_blocks'] = True
 config['general']['use_bootstrap_list'] = True
 config['transports']['tor'] = True
 config['general']['bind_port'] = 0  # client api server port
 config['general']['bind_address'] = ''  # client api server address
 if args.bind_address:
    config['general']['bind_address'] = args.bind_address
 if args.port:
    config['client']['client']['port'] = args.port
 if not args.use_bootstrap_file:
    config['general']['use_bootstrap_list'] = False
--- a/src/apiservers/private/init.py
+++ b/src/apiservers/private/init.py
@ -50,13 +50,20 @@ class PrivateAPI:
        self.startTime = epoch.get_epoch()
        app = flask.Flask(__name__)
        bind_port = int(config.get('client.client.port', 59496))
        self.bindPort = bind_port
        self.clientToken = config.get('client.webpassword')
-        self.host = httpapi.apiutils.setbindip.set_bind_IP(
+        if config.get('general.bind_address'):
-            private_API_host_file)
+            with open(private_API_host_file, 'w') as bindFile:
                bindFile.write(config.get('general.bind_address'))
            self.host = config.get('general.bind_address')
        else:
            self.host = httpapi.apiutils.setbindip.set_bind_IP(
                private_API_host_file)
        logger.info('Running api on %s:%s' % (self.host, self.bindPort))
        self.httpServer = ''
--- a/static-data/default_config.json
+++ b/static-data/default_config.json
@ -8,6 +8,7 @@
    "general": {
        "allow_public_api_dns_rebinding": false,
        "announce_node": true,
        "bind_address": "",
        "dev_mode": false,
        "display_header": true,
        "ephemeral_tunnels": false,
--- a/tests/test_default_config_json.py
+++ b/tests/test_default_config_json.py
@ -24,6 +24,7 @@ class OnionrConfig(unittest.TestCase):
            self.assertEqual(conf['allocations']['disk'], 1073741824)
            self.assertEqual(conf['allocations']['disk'], 1073741824)
            self.assertEqual(conf['general']['announce_node'], True)
            self.assertEqual(conf['general']['bind_address'], '')
            self.assertEqual(conf['general']['dev_mode'], False)
            self.assertEqual(conf['general']['display_header'], True)
            self.assertEqual(conf['general']['ephemeral_tunnels'], False)
Author	SHA1	Message	Date
Kevin Froman	5afbed63cf	Merge branch 'bind-args'	2020-12-16 04:47:16 +00:00
Kevin Froman	c44d6624ff	correct yt link Docker improvements - Run onionr by default rather than bash - Run as unprivileged user by default instead of root - Use /app for all code - Specify python 3.7 (3.8 fails to build cffi) - Use apt-get rather than apt (apt's CLI is not stable) - Slight reformatting and consolidation Added custom port and bind address args	2020-12-16 04:46:46 +00:00
Kevin Froman	ae359de562	Added custom port and bind address args	2020-12-16 04:44:25 +00:00
dependabot-preview[bot]	2bd58945da	Bump watchdog from 0.10.4 to 1.0.1 Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 0.10.4 to 1.0.1. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](https://github.com/gorakhargosh/watchdog/compare/v0.10.4...v1.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>	2020-12-16 04:44:25 +00:00
Duncan X Simpson	b1ef248ee9	Docker improvements - Modify onionr.sh to parse env and supply args to run-onionr-node.py - Run onionr by default rather than bash - Run as unprivileged user by default instead of root - Use /app for all code - Specify python 3.7 (3.8 fails to build cffi) - Use apt-get rather than apt (apt's CLI is not stable) - Slight reformatting and consolidation	2020-12-16 04:44:25 +00:00
Kevin Froman	416e43e7bb	correct yt link	2020-12-16 04:44:25 +00:00