initial release

2025-10-05 13:32:48 +01:00
parent 7c9c591f8f
commit 7a77645510
6 changed files with 198 additions and 0 deletions
--- a/tor/Dockerfile
+++ b/tor/Dockerfile
@@ -0,0 +1,14 @@
+FROM debian:stable-slim
+
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends tor iproute2 iptables ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+# Tor data dir
+RUN mkdir -p /var/lib/tor && chown -R debian-tor:debian-tor /var/lib/tor && chmod 700 /var/lib/tor
+
+COPY torrc /etc/tor/torrc
+
+# By default, run tor in foreground
+USER debian-tor
+CMD ["tor", "-f", "/etc/tor/torrc"]
--- a/tor/torrc
+++ b/tor/torrc
@@ -0,0 +1,21 @@
+RunAsDaemon 0
+DataDirectory /var/lib/tor
+
+# We don't expose a SOCKS port; everything is transparently redirected.
+SocksPort 0
+
+# Transparent TCP proxy and DNS for iptables REDIRECT
+TransPort 0.0.0.0:9040
+DNSPort 0.0.0.0:5353
+
+# Virtual addressing so DNS answers get mapped by Tor
+VirtualAddrNetworkIPv4 10.192.0.0/10
+AutomapHostsOnResolve 1
+
+# Reliability/safety
+ClientOnly 1
+AvoidDiskWrites 1
+
+# (Optional) You can pin/avoid exits with these:
+# ExitNodes {us},{nl}
+# StrictNodes 1