A Dockerized, Torified, Express Application
Dark Web chatter is picking up. I’m interested in providing cool web services anonymously. This is my first attempt at using Docker Compose to stay ahead of this trend.
Assumption: all the software goodies are setup and ready to go on an Ubuntu 16.04 server (node
, docker
, docker-compose
, et al).
Set up an Express App
The Express Application Generator strikes me as a little bloated, but I use it anyway because I’m super lazy.
|
|
Once installed, set up a vanilla express
project:
|
|
The express-generator
will tell you to run the app like this:
|
|
This, of course, is only useful for development. From here, we’ll Dockerize for deployment and Torify for anonymity.
Tor pre-configuration
In anticipation of setting up the actual Torified app container, create a new file called config/torrc
. This file will be used by Tor inside the Docker container to serve up our app. Paste the following into config/torrc
:
|
|
Docker
Copy and paste the following into a new file called Dockerfile
:
|
|
Container/Host Permissions
Take special note of the comment posted above the RUN usermode -u 1001 node
instruction in Dockerfile
. If you get any errors on the container build/execute step described below, you’ll need to make sure your host user’s UID is the same as your container user’s UID (i.e., the node
user).
Usually the user in the container has a UID of 1000
. To determine the host user’s UID, execute id -u
. If it’s not 1000
, uncomment the usermod
instruction in Dockerfile
and make sure the numbers match.
Docker Compose
docker-compose
does all of the heavy lifting for building the Dockerfile
and start-up/shut-down operations. Paste the following into a file called docker-compose.yml
:
|
|
Bring the whole thing online by running
|
|
Every now and then I get an error trying to obtain the GPG key:
|
|
This usually solves itself on subsequent calls to docker-compose up
.
Assuming the build and execution was successful, you can determine your .onion
address like this:
|
|
You should now be able to access your app from favourite Tor web browser.
If you’re interested in poking around inside the container, access the bash
prompt like this:
|
|
Notes
This is the first step in configuring and deploying a hidden service on the Tor network. Since working out the initial details, I’ve already thought of potential improvements to this approach. As it stands, only one hidden service can be deployed. It would be far better to create a Tor container able to proxy multiple apps. I will also be looking into setting up .onion
vanity URLs and HTTPS.