`
sillycat
  • 浏览: 2552700 次
  • 性别: Icon_minigender_1
  • 来自: 成都
社区版块
存档分类
最新评论

Install Docker and Tor Network and Proxy Service on CentOS7

 
阅读更多
Install Docker and Tor Network and Proxy Service on CentOS7

How to run Tor network and Proxy Service
It is docker, so only thing we need on our target machine is docker. No tor, no proxy, no python, no java, just docker environment. This will do work for all the other docker applications as well.
So in the future, the target machine will be clean and clear. Not java version conflict, no python version conflict, no other installation issues.

My target server is CentOS 7

First, check the software database index
> sudo yum check-update
Install Docker Service
> curl -fsSL https://get.docker.com/ | sh
Start the Docker Service
> sudo systemctl start docker

After the installation, we can check
> docker --version
Docker version 18.06.1-ce, build e68fc7a


Directly install privoxy on CentOS from Source Code
https://wiki.polaire.nl/doku.php?id=centos7_privoxy
http://www.privoxy.org/sf-download-mirror/Sources/3.0.26%20%28stable%29/

Here is the command to fetch the privoxy source code
> wget http://www.privoxy.org/sf-download-mirror/Sources/3.0.26%20%28stable%29/privoxy-3.0.26-stable-src.tar.gz

Install the build tool we need
> sudo yum groupinstall development tools
> sudo yum install zlib-devel pcre-devel w3m

Unzip the file
> tar zxvf privoxy-3.0.26-stable-src.tar.gz

Build the source
> cd privoxy-3.0.26-stable
> autoheader
> autoconf
> ./configure --with-user=privoxy --with-group=privoxy --prefix=/home/carl/tool/privoxy-3.0.26
> make
> make -n install
> make -s install USER=privoxy GROUP=privoxy

User privoxy and group privoxy not working, so I switch to use my current sudo user carl, this command can start that service

sudo /opt/privoxy/sbin/privoxy --pidfile /opt/privoxy/var/run/privoxy.pid --user carl /opt/privoxy/etc/config 2>/dev/null

Copy the script to working directory
> sudo cp privoxy-generic.init /etc/init.d/privoxy
> sudo chkconfig --add privoxy
> sudo chkconfig privoxy on

Edit the /etc/init.d/privoxy as follow:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/xpg4/bin:/usr/bin:/sbin:/bin:/opt/privoxy/sbin
P_NAME=Privoxy
# Path to executable.
P_DAEMON=privoxy
# Full path to location of Privoxy config file.
P_CONF_FILE=/opt/privoxy/etc/config
# Full path to PID file location. Location must be writable by
# whoever runs this script and by Privoxy itself.
P_PIDFILE=/opt/privoxy/var/run/privoxy.pid
# If uncommented, this script will try to run as USER=privoxy, which
# may require special handling of config, *.action, trust, logfile,
# jarfile, and pidfile.
P_USER=carl

Command can work
> sudo service privoxy start

The privoxy configuration will be as follow:
forward-socks5t / 127.0.0.1:9050 .
listen-address 0.0.0.0:8119

Set Up the Tor from Command Line
sudo yum install tor

Generate the password for tor
> echo HashedControlPassword $(tor --hash-password “xxxxxxxx")

Add these to the file end
> sudo less /etc/tor/torrc

ControlPort 9051
ControlListenAddress 0.0.0.0
HashedControlPassword 16:xxxxxxxxxxxxxx

Check the permission of one directory
> chmod 400 /run/tor

Some Tips
Optional commands if you needed
> sudo yum-config-manager --disable chromium-el6
> sudo usermod -aG docker carl


Here is the Docker information
start.sh
#!/bin/sh -ex

#start the service
/etc/init.d/privoxy start
tor

Here is the Makefile
IMAGE=sillycat/public
TAG=centos-tornetwork-1.0
NAME=centos-tornetwork-1.0

prepare:
    wget http://www.privoxy.org/sf-download-mirror/Sources/3.0.26%20%28stable%29/privoxy-3.0.26-stable-src.tar.gz -P install/

docker-context:

build: docker-context
    docker build  -t $(IMAGE):$(TAG) .

run:
    docker run -d -p 9051:9051 -p 8119:8119 --name $(NAME) $(IMAGE):$(TAG)

debug:
    docker run -p 9051:9051 -p 8119:8119 --name $(NAME) -ti $(IMAGE):$(TAG) /bin/bash

clean:
    docker stop ${NAME}
    docker rm ${NAME}

logs:
    docker logs ${NAME}

publish:
    docker push ${IMAGE}

Here is the Dockerfile with all the steps and Details
#Run a Tor Network Server

#Prepare the OS
FROM centos:7
MAINTAINER      Carl Luo <luohuazju@gmail.com>

#upgrade the system
RUN yum -y update

#Prepare the denpendencies
RUN yum install -y epel-release
RUN yum install -y tor
RUN yum groupinstall -y development tools
RUN yum install -y wget gcc make
RUN yum install -y zlib-devel pcre-devel w3m

#set up tor configuration
RUN echo "ControlPort 9051" >> /etc/tor/torrc
RUN echo "ControlListenAddress 0.0.0.0" >> /etc/tor/torrc
RUN echo HashedControlPassword $(tor --hash-password "xxxxxxxxx" | tail -n 1) >> /etc/tor/torrc
RUN rm -fr /run/tor/
RUN mkdir /run/tor
RUN chmod 400 /run/tor

#manually install privoxy
RUN     adduser privoxy
RUN     usermod -aG wheel privoxy
RUN     mkdir  /install/
RUN     mkdir  /tool/
ADD        install/privoxy-3.0.26-stable-src.tar.gz /install/
WORKDIR /install/privoxy-3.0.26-stable
RUN     autoheader
RUN     autoconf
RUN     ./configure --with-user=privoxy --with-group=wheel --prefix=/tool/privoxy-3.0.26
RUN     make
RUN     make -n install
RUN     make -s install USER=privoxy GROUP=wheel

#set up forward configuration
RUN echo "forward-socks5t / 127.0.0.1:9050 .">> /tool/privoxy-3.0.26/etc/config
RUN echo "listen-address  0.0.0.0:8119">> /tool/privoxy-3.0.26/etc/config

ADD     conf/privoxy /etc/init.d/privoxy
RUN     chmod a+x /etc/init.d/privoxy

#set up the app
EXPOSE  9051 8119
RUN     mkdir -p /app/
ADD     start.sh /app/
WORKDIR /app/
CMD    [ "./start.sh" ]

The /etc/init.d/privoxy Script to start the service
#!/bin/sh

###########################################################################
#
#  File        :  $Source: /cvsroot/ijbswa/current/privoxy-generic.init,v $
#
#  Purpose     :  This script takes care of starting and stopping privoxy.
#                 It is supposed to work cross-platform and thus doesn't
#                 do too much. When packaging Privoxy it's recommended to
#                 write a platform-specific start script instead of using
#                 this one.
#
#  Copyright   :  Written by and Copyright (C) 2001,2002 the
#                 Privoxy team. http://www.privoxy.org/
#
#                 This program is free software; you can redistribute it
#                 and/or modify it under the terms of the GNU General
#                 Public License as published by the Free Software
#                 Foundation; either version 2 of the License, or (at
#                 your option) any later version.
#
#                 This program is distributed in the hope that it will
#                 be useful, but WITHOUT ANY WARRANTY; without even the
#                 implied warranty of MERCHANTABILITY or FITNESS FOR A
#                 PARTICULAR PURPOSE.  See the GNU General Public
#                 License for more details.
#
#                 The GNU General Public License should be included with
#                 this file.  If not, you can view it at
#                 http://www.gnu.org/copyleft/gpl.html
#                 or write to the Free Software Foundation, Inc., 59
#                 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
###########################################################################

### BEGIN INIT INFO
# Provides:          privoxy
# Required-Start:
# Required-Stop:
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Start privoxy at boot time
# Description:       Start and stop the privacy-enhancing HTTP proxy privoxy.
### END INIT INFO

# NOTE: This script may require editing to ensure proper location of
# config file, and the privoxy executable. Care should be taken to ensure
# logfile is writable by $P_USER (logfile is defined in config), and that
# there is suitable write access for $P_PIDFILE.

PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/xpg4/bin:/usr/bin:/sbin:/bin:/tool/privoxy-3.0.26/sbin
P_NAME=Privoxy
# Path to executable.
P_DAEMON=privoxy
# Full path to location of Privoxy config file.
P_CONF_FILE=/tool/privoxy-3.0.26/etc/config
# Full path to PID file location. Location must be writable by
# whoever runs this script and by Privoxy itself.
P_PIDFILE=/tool/privoxy-3.0.26/var/run/privoxy.pid
# If uncommented, this script will try to run as USER=privoxy, which
# may require special handling of config, *.action, trust, logfile,
# jarfile, and pidfile.
P_USER=privoxy

# If a privoxy user is specified, lets try that. /bin/sh does not seem to
# know about $UID.
if [ 0 = `id -u` ]; then
  if [ -n "$P_USER" ]; then
    id $P_USER 2>/dev/null >/dev/null
    if [ $? -eq 0 ]; then
      P_USER_SETTINGS="--user $P_USER"
    else
      echo "User $P_USER doesn't exist, exiting."
      exit 1
    fi
  else
    # The user has sufficient rights, but $P_USER isn't set
    echo "Running Privoxy as root is not recommended!"
    P_USER_SETTINGS=""
  fi
else
  # The user has insufficient rights to run Privoxy as $P_USER
  # and may not be able to write or delete the PID file.
  echo "You aren't root, expect trouble!"
  P_USER_SETTINGS=""
fi

if [ ! -f $P_CONF_FILE ]; then
  echo "Can't find $P_CONF_FILE, exiting."
  exit 1
fi

case "$1" in

start)
     if [ -f $P_PIDFILE ]; then
       if kill -0 `cat $P_PIDFILE`; then
         echo "Error: $P_NAME is already running, exiting."
         exit 1
       else
         rm -f $P_PIDFILE
       fi
     fi

    $P_DAEMON --pidfile $P_PIDFILE $P_USER_SETTINGS $P_CONF_FILE 2>/dev/null

     if [ $? -eq 0 ]; then
       echo "Starting $P_NAME, OK."
     else
       echo "Starting $P_NAME, Failed."
       rm -f $P_PIDFILE
     fi
     ;;

restart)
     $0 stop
     $0 start
     ;;

stop)
     test ! -f $P_PIDFILE && echo "No $P_PIDFILE file found, exiting." && exit 1
     kill `cat $P_PIDFILE` && rm -f $P_PIDFILE && \
     echo "Stopping $P_NAME, OK." || echo "Stopping $P_NAME, failed."
     ;;

*)
     echo "Usage: $0 {start|stop|restart}"
     exit 1
     ;;

esac

exit 0

How to Verify that?
How to change the IP
> echo -e 'AUTHENTICATE “xxxxxxxxx"\r\nsignal NEWNYM\r\nQUIT' | nc localhost 9051

Check the IP
> curl -x localhost:8118 http://icanhazip.com/

How to change the IP from remote
> echo -e 'AUTHENTICATE “xxxxxxxxx"\r\nsignal NEWNYM\r\nQUIT' | nc ubuntu-master 9051

Check the IP from Remote
> curl -x centos-dev1:8118 http://icanhazip.com/

References:
http://sillycat.iteye.com/blog/2223733
http://sillycat.iteye.com/blog/2226093
http://sillycat.iteye.com/blog/2227400

https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-centos-7
https://hub.docker.com/_/centos/
https://linuxacademy.com/community/posts/show/topic/21629-docker-failed-to-get-dbus-connection-operation-not-permitted
https://serverfault.com/questions/824975/failed-to-get-d-bus-connection-operation-not-permitted
https://github.com/CentOS/sig-cloud-instance-images/issues/45

https://www.rosehosting.com/blog/how-to-create-a-sudo-user-on-centos-7/

分享到:
评论

相关推荐

Global site tag (gtag.js) - Google Analytics