cmars / onionpipe Goto Github PK

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update docker/build-push-action digest to 5176d81
• chore(deps): update docker/login-action digest to 9780b0c
• chore(deps): update docker/metadata-action digest to 60a0d34
• chore(deps): update docker/setup-buildx-action digest to aa33708
• fix(deps): update module github.com/urfave/cli/v2 to v2.27.3
• Click on this checkbox to rebase all open PRs at once

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

Also is an onion version 2 coming? Version one isn’t really safe anymore.

A simple docker run onionpipe:latest 172.17.0.1:80~80@test fails with ``mkdir /.local: permission deniedbecause onionpipe will try to save the secrets.yaml file to/.local/share/onionpipe/secrets.yaml`:

I think the best fix here is to create a user inside the dockerfile, perhaps with home directory set as /data.

Similarly the nextcloud example fails because command: --secrets /var/lib/onionpipe/secrets.json app:80~80@nextcloud

I am not sure how to best fix this. Volumes are only writable by root. Perhaps the volume should be under /data/.

There is also an issue of persistence here. Running docker run onionpipe:latest --secrets /data/secrets.json 172.17.0.1:80~80@test works (because user 1000 is allowed to write to /data/), but any subsequent run will use a new anonymous volume.

I think the best way here is to declare /data as a VOLUME in the dockerfile.

Any other ideas? I will create a pull request.

This needs more tests...

Pending cretz/bine#60

How can I reuse the data that is created in the data directory when recreating a container from a mounted volume?

The current behaviour seems to create a brand new entry in the data directory and also a different TOR address when I load a new container with the /data folder mounted from the host.

Dunno if you'd find this useful anywhere in your documentation but this works for me.

version: "3.7"
services:
  oniongrok:
    image: ghcr.io/cmars/oniongrok:main
    ## You will need to consider changing the command.
    command: "--secrets /data/.local/share/oniongrok/secrets.json sign:80~80@sign"
    volumes:
      - ./data/:/data/.local/share/oniongrok/

## Demo App, Could be anything.
  sign:
    image: 'eerotal/libresignage:latest'
    volumes:
      - ./data/sign:/var/www/html/data'

At some point, I think it might not be a horrible idea to potentially look at making one of these examples that use the Traefik reverse proxy for fun and research. Especially if that example just uses docker labels.

Great project, thanks.

Doesn't work with WEB GUI Syncthing (8384) - "Host check error". However, python -m http.server works as it should.

Client site - Win10 + TorBrowser. Second site - Ubuntu 20.04.

I might just be asking a stupid question but I cannot find it in the README

Hey there!

I was wondering if there is a way to rotate client authorization keys without needing to restart the docker container.

I am working on slightly unconventional project where I want to be able to essentially add MFA to my onion sites without setting up a reverse proxy / auth solution like Authelia, Zitadel, Authentik, etc... I would like for this to happen at the client authorization level such that, even if one were to happen upon my onion sites somehow, they would not be able to access any data from them without the key.

I would like to rotate this every 30-60 seconds, similar to your traditional MFA, however I am not certain if I can without restarting the docker container. If I need to restart the docker container, I will need to rotate them at a slower interval.

Thanks!