docker-compose.yml

version: '2.3'

volumes:
  data:

services:
  tor_proxy:
    build: .
    image: fphammerle/tor-proxy
    environment:
      #SAFE_SOCKS: 1
      SOCKS_TIMEOUT_SECONDS: 30
      #EXIT_NODES: '1.2.3.4,1.2.3.5,{at}'
      #EXCLUDE_EXIT_NODES: '{xx},{yy},1.2.3.4,128.0.0.0/1'
    volumes:
    - type: volume
      source: data
      target: /var/lib/tor
      read_only: no
    - type: tmpfs
      target: /tmp # torrc
      tmpfs:
        # nosuid,nodev,noexec added by default
        mode: '1777'
        size: 5k
    read_only: yes
    ports:
    - '127.0.0.1:9050:9050/tcp'
    - '127.0.0.1:53:9053/udp'
    cap_drop: [ALL]
    # entrypoint.sh drops privileges after configuring nftables for transparent proxy
    cap_add: [NET_ADMIN, SETUID, SETGID]
    security_opt: [no-new-privileges]
    cpus: 0.5
    mem_limit: 128m
    restart: unless-stopped

# https://docs.docker.com/compose/compose-file/compose-file-v2/