cmars / onionpipe Goto Github PK
View Code? Open in Web Editor NEWOnion addresses for anything.
License: MIT License
Onion addresses for anything.
License: MIT License
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
Dockerfile
debian 12
golang 1.22-bookworm
build/Dockerfile
golang 1.22
.github/workflows/docker-publish.yml
actions/checkout v4
docker/setup-buildx-action 49a04d68900b1d260da9b3f06f52638d56cd8ad1
docker/login-action 0d4c9c5ea7693da7b068278f7b52bda2a190a446
docker/metadata-action a64d0487d7069df33b279515d35d60fa80e2ea62
docker/build-push-action e050dfa622d93dfcc095192a984db567cb14f0f0
.github/workflows/goreleaser.yml
actions/checkout v4
actions/setup-go v5
goreleaser/goreleaser-action v6
.github/workflows/static-darwin.yml
actions/checkout v4
actions/setup-go v5
actions/upload-release-asset v1
macos 14
.github/workflows/static-linux.yml
actions/checkout v4
actions/setup-go v5
actions/upload-release-asset v1
go.mod
go 1.22
github.com/cretz/bine v0.2.1-0.20221201125941-b9d31d9c7866@b9d31d9c7866
github.com/frankban/quicktest v1.14.6
github.com/google/go-cmp v0.6.0
github.com/mitchellh/go-homedir v1.1.0
github.com/urfave/cli/v2 v2.27.2
golang.org/x/crypto v0.25.0
golang.org/x/net v0.27.0
Also is an onion version 2 coming? Version one isn’t really safe anymore.
A simple docker run onionpipe:latest 172.17.0.1:80~80@test
fails with ``mkdir /.local: permission deniedbecause onionpipe will try to save the secrets.yaml file to
/.local/share/onionpipe/secrets.yaml`:
Line 45 in 804fcbb
I think the best fix here is to create a user inside the dockerfile, perhaps with home directory set as /data.
Similarly the nextcloud example fails because command: --secrets /var/lib/onionpipe/secrets.json app:80~80@nextcloud
var/lib/onionpipe
but it does not have rights to do so.
I am not sure how to best fix this. Volumes are only writable by root. Perhaps the volume should be under /data/.
There is also an issue of persistence here. Running docker run onionpipe:latest --secrets /data/secrets.json 172.17.0.1:80~80@test
works (because user 1000 is allowed to write to /data/), but any subsequent run will use a new anonymous volume.
I think the best way here is to declare /data as a VOLUME in the dockerfile.
Any other ideas? I will create a pull request.
This needs more tests...
Pending cretz/bine#60
How can I reuse the data that is created in the data directory when recreating a container from a mounted volume?
The current behaviour seems to create a brand new entry in the data
directory and also a different TOR address when I load a new container with the /data folder mounted from the host.
Dunno if you'd find this useful anywhere in your documentation but this works for me.
version: "3.7"
services:
oniongrok:
image: ghcr.io/cmars/oniongrok:main
## You will need to consider changing the command.
command: "--secrets /data/.local/share/oniongrok/secrets.json sign:80~80@sign"
volumes:
- ./data/:/data/.local/share/oniongrok/
## Demo App, Could be anything.
sign:
image: 'eerotal/libresignage:latest'
volumes:
- ./data/sign:/var/www/html/data'
At some point, I think it might not be a horrible idea to potentially look at making one of these examples that use the Traefik reverse proxy for fun and research. Especially if that example just uses docker labels.
Great project, thanks.
Doesn't work with WEB GUI Syncthing (8384) - "Host check error". However, python -m http.server works as it should.
Client site - Win10 + TorBrowser. Second site - Ubuntu 20.04.
I might just be asking a stupid question but I cannot find it in the README
Hey there!
I was wondering if there is a way to rotate client authorization keys without needing to restart the docker container.
I am working on slightly unconventional project where I want to be able to essentially add MFA to my onion sites without setting up a reverse proxy / auth solution like Authelia, Zitadel, Authentik, etc... I would like for this to happen at the client authorization level such that, even if one were to happen upon my onion sites somehow, they would not be able to access any data from them without the key.
I would like to rotate this every 30-60 seconds, similar to your traditional MFA, however I am not certain if I can without restarting the docker container. If I need to restart the docker container, I will need to rotate them at a slower interval.
Thanks!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.