run tor as root
This commit is contained in:
parent
c438fc348d
commit
9a03df85f2
5 changed files with 7 additions and 9 deletions
|
@ -6,5 +6,4 @@ RUN apk add shadow
|
|||
RUN \
|
||||
useradd --user-group --system --no-create-home --uid 500 servnest && \
|
||||
useradd --user-group --system --no-create-home --uid 501 nginx && \
|
||||
useradd --user-group --system --no-create-home --uid 505 sftpgo && \
|
||||
useradd --user-group --system --no-create-home --uid 506 tor
|
||||
useradd --user-group --system --no-create-home --uid 505 sftpgo
|
||||
|
|
|
@ -13,7 +13,7 @@ services:
|
|||
- ./sock/tor-client/:/run/tor-client/:rw
|
||||
- ./sock/tor-control/:/run/tor-control/:rw
|
||||
- ./sock/nginx-onion/:/run/nginx-onion/:rw
|
||||
- ./tmp/tor/:/var/lib/:rw
|
||||
- ./tmp/tor/:/var/lib/tor/:rw
|
||||
mem_limit: 128m
|
||||
sftpgo:
|
||||
extends:
|
||||
|
@ -65,7 +65,7 @@ services:
|
|||
dockerfile: php.Containerfile
|
||||
group_add:
|
||||
- knot
|
||||
- tor
|
||||
- root # For tor control socket
|
||||
links:
|
||||
- nginx:servnest.test
|
||||
- nginx:ht.servnest.test
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
servnest ALL=(root) NOPASSWD: /bin/chgrp ^--no-dereference -- sftpgo /srv/servnest/ht/fs/[0-9a-f]{64}$
|
||||
servnest ALL=(root) NOPASSWD: /usr/bin/certbot ^--config /etc/letsencrypt/servnest\.ini certonly --domain ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}( --test-cert)?$
|
||||
servnest ALL=(root) NOPASSWD: /usr/bin/certbot ^--config /etc/letsencrypt/servnest\.ini delete --quiet --cert-name ([a-z0-9_-]{1,63}\.){1,126}[a-z0-9]{1,63}$
|
||||
servnest ALL=(tor) NOPASSWD: /bin/cat ^-- /srv/servnest/tor-keys/[0-9a-f]{64}/[a-zA-Z0-9_-]{1,64}/hostname$
|
||||
servnest ALL=(tor) NOPASSWD: /bin/mkdir ^--mode=0700 -- /srv/servnest/tor-keys/[0-9a-f]{64}$
|
||||
servnest ALL=(tor) NOPASSWD: /bin/rm ^-r -- /srv/servnest/tor-keys/[0-9a-f]{64}(/[a-zA-Z0-9_-]{1,64})?$
|
||||
servnest ALL=(root) NOPASSWD: /bin/cat ^-- /srv/servnest/tor-keys/[0-9a-f]{64}/[a-zA-Z0-9_-]{1,64}/hostname$
|
||||
servnest ALL=(root) NOPASSWD: /bin/mkdir ^--mode=0700 -- /srv/servnest/tor-keys/[0-9a-f]{64}$
|
||||
servnest ALL=(root) NOPASSWD: /bin/rm ^-r -- /srv/servnest/tor-keys/[0-9a-f]{64}(/[a-zA-Z0-9_-]{1,64})?$
|
||||
servnest ALL=(sftpgo) NOPASSWD: /bin/rm ^-r -- /srv/servnest/ht/fs/[0-9a-f]{64}$
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
#User tor
|
||||
DataDirectory /var/lib/tor
|
||||
SocksPort unix:/run/tor-client/socket WorldWritable
|
||||
ControlPort unix:/run/tor-control/dir/socket GroupWritable
|
||||
ControlPort unix:/run/tor-control/socket GroupWritable
|
||||
|
||||
%include /srv/servnest/tor-config/*
|
||||
|
|
|
@ -1,4 +1,3 @@
|
|||
FROM servnest_alpine
|
||||
RUN apk add tor && chmod 700 /var/lib/tor
|
||||
USER tor
|
||||
CMD ["tor", "--hush"]
|
||||
|
|
Loading…
Add table
Reference in a new issue