Tor and Privoxy
Tor and Privoxy (web proxy configured to route through tor) docker container
What is Tor?
Tor is free software and an open network that helps you defend against traffic analysis, a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security.
What is Privoxy?
Privoxy is a non-caching web proxy with advanced filtering capabilities for enhancing privacy, modifying web page data and HTTP headers, controlling access, and removing ads and other obnoxious Internet junk.
How to use this image
NOTE 1: this image is setup by default to be a relay only (not an exit node)
NOTE 2: this image now supports relaying all traffic through the container,
see: tor-route-all-traffic.sh.
For it to work, you must set --net=host when launching the container.
Exposing the port
sudo docker run -it -p 8118:8118 -p 9050:9050 -d dperson/torproxy
NOTE: it will take a while for tor to bootstrap...
Then you can hit privoxy web proxy at http://host-ip:8118 with your browser or
tor via the socks protocol directly at http://hostname:9050.
Complex configuration
sudo docker run -it --rm dperson/torproxy -h
Usage: torproxy.sh [-opt] [command]
Options (fields in '[]' are optional, '<>' are required):
-h This help
-b "" Configure tor relaying bandwidth in KB/s
possible arg: "[number]" - # of KB/s to allow
-e Allow this to be an exit node for tor traffic
-l "<country>" Configure tor to only use exit nodes in specified country
required args: "<country>" (IE, "US" or "DE")
<country> - country traffic should exit in
-n Generate new circuits now
-p "<password>" Configure tor HashedControlPassword for control port
-s "<port>;<host:port>" Configure tor hidden service
required args: "<port>;<host:port>"
<port> - port for .onion service to listen on
<host:port> - destination for service request
The 'command' (if provided and valid) will be run instead of torproxy
ENVIRONMENT VARIABLES
TORUSER- If set use named user instead of 'tor' (for example root)BW- As above, set a tor relay bandwidth limit in KB, IE50EXITNODE- As above, allow tor traffic to access the internet from your IPLOCATION- As above, configure the country to use for exit node selectionPASSWORD- As above, configure HashedControlPassword for control port- `SERVICE - As above, configure hidden service, IE '80;hostname:80'
TZ- Configure the zoneinfo timezone, IEEST5EDTUSERID- Set the UID for the app userGROUPID- Set the GID for the app user
Other environment variables beginning with TOR_ will edit the configuration
file accordingly:
TOR_NewCircuitPeriod=400will translate toNewCircuitPeriod 400
Examples
Any of the commands can be run at creation with docker run or later with
docker exec -it tor torproxy.sh (as of version 1.3 of docker).
Setting the Timezone
sudo docker run -it -p 8118:8118 -p 9050:9050 -e TZ=EST5EDT \
-d dperson/torproxy
Start torproxy setting the allowed bandwidth:
sudo docker run -it -p 8118:8118 -p 9050:9050 -d dperson/torproxy -b 100
OR
sudo docker run -it -p 8118:8118 -p 9050:9050 -e BW=100 -d dperson/torproxy
Start torproxy configuring it to be an exit node:
sudo docker run -it -p 8118:8118 -p 9050:9050 -d dperson/torproxy -e
OR
sudo docker run -it -p 8118:8118 -p 9050:9050 -e EXITNODE=1 \
-d dperson/torproxy
Test the proxy:
curl -Lx http://<ipv4_address>:8118 http://jsonip.com/
If you wish to adapt the default configuration, use something like the following to copy it from a running container:
sudo docker cp torproxy:/etc/tor/torrc /some/torrc
Then mount it to a new container like:
sudo docker run -it -p 8118:8118 -p 9050:9050 \
-v /some/torrc:/etc/tor/torrc:ro -d dperson/torproxy
User Feedback
Issues
tor failures (exits or won't connect)
If you are affected by this issue (a small percentage of users are) please try setting the TORUSER environment variable to root, IE:
sudo docker run -it -p 8118:8118 -p 9050:9050 -e TORUSER=root -d \
dperson/torproxy
Reporting
If you have any problems with or questions about this image, please contact me through a GitHub issue.