umbrel icon indicating copy to clipboard operation
umbrel copied to clipboard

Published 20 hours ago verified publisher icon getumbrel

Refactor Tor container volumes

Open louneskmt opened this issue 3 years ago • 3 comments

This PR modifies volumes management for the Tor container: the whole tor directory is now mounted into the container (instead of sub dirs and files one by one), and the data directory (containing hidden services data) is set accordingly to the new path.

w/ @lukechilds

louneskmt avatar Mar 04 '21 21:03 louneskmt

Have you tested this?

I'm getting:

$ tor -f /data/torrc
Mar 06 10:16:34.140 [notice] Tor 0.4.4.7 running on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.1d, Zlib 1.2.11, Liblzma N/A, and Libzstd N/A.
Mar 06 10:16:34.141 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Mar 06 10:16:34.147 [notice] Read configuration file "/data/torrc".
Mar 06 10:16:34.156 [warn] You have a ControlPort set to accept connections from a non-local address.  This means that programs not running on your computer can reconfigure your Tor.  That's pretty bad, since the controller protocol isn't encrypted!  Maybe you should just listen on 127.0.0.1 and use a tool like stunnel or ssh to encrypt remote connections to your control port.
Mar 06 10:16:34.164 [notice] You configured a non-loopback address '10.21.21.11:9050' for SocksPort. This allows everybody on your local network to use your machine as a proxy. Make sure this is what you wanted.
Mar 06 10:16:34.164 [warn] You have a ControlPort set to accept connections from a non-local address.  This means that programs not running on your computer can reconfigure your Tor.  That's pretty bad, since the controller protocol isn't encrypted!  Maybe you should just listen on 127.0.0.1 and use a tool like stunnel or ssh to encrypt remote connections to your control port.
Mar 06 10:16:34.164 [notice] Opening Socks listener on 10.21.21.11:9050
Mar 06 10:16:34.165 [notice] Opened Socks listener on 10.21.21.11:9050
Mar 06 10:16:34.165 [notice] Opening Control listener on 10.21.21.11:29051
Mar 06 10:16:34.165 [notice] Opened Control listener on 10.21.21.11:29051
Mar 06 10:16:34.000 [warn] Error creating directory /var/lib/tor/web: Permission denied
Mar 06 10:16:34.000 [warn] Error loading rendezvous service keys
Mar 06 10:16:34.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.4.4.7 )
Mar 06 10:16:34.000 [err] Reading config failed--see warnings above.

lukechilds avatar Mar 06 '21 10:03 lukechilds

Nope @lukechilds, I couldn't test it yet as my umbrel-dev was crashing.

You need to execute the configure script before, as I edited the torrc sample file to change the DataDirectory option. Have you done this before testing out?

louneskmt avatar Mar 06 '21 10:03 louneskmt

@louneskmt just a heads up that if you don't have explicit individual approval by all the contributors to this repository to publish your modified source code ("Adapted Material"), you are officially in violation of the license of this project and you can be sued: https://github.com/getumbrel/umbrel/issues/291

stevenroose avatar Mar 12 '21 12:03 stevenroose