forked from fphammerle/docker-tor-proxy
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathentrypoint.sh
executable file
·34 lines (29 loc) · 1.29 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/bin/sh
set -e
if [ "$(id -u)" -eq 0 ]; then
nft add chain ip nat PREROUTING { type nat hook prerouting priority dstnat \; } || true
nft add rule ip nat PREROUTING ip protocol tcp fib daddr type != local counter redirect to :9040 \
|| echo 'warning: failed to configure nftables for transparent proxy (missing CAP_NET_ADMIN?)'
nft add rule ip nat PREROUTING fib daddr type local udp dport 53 counter redirect to :9053 \
|| echo 'warning: failed to configure nftables for DNS proxy' \
'(alternative for less flexible `docker run --publish 53:9053 ...`)'
exec su -s /bin/sh tor -- "$0" "$@"
fi
sed -e "s/{safe_socks}/$SAFE_SOCKS/" /torrc.template > /tmp/torrc
# default: 120 sec
# https://github.com/torproject/tor/blob/tor-0.4.1.7/src/core/or/connection_edge.c#L1099
if [ -z "$SOCKS_TIMEOUT_SECONDS" ]; then
sed -ie '/{socks_timeout_seconds}/d' /tmp/torrc
else
sed -ie "s/{socks_timeout_seconds}/$SOCKS_TIMEOUT_SECONDS/" /tmp/torrc
fi
# > list of identity fingerprints, country codes, and address patterns
if [ ! -z "$EXIT_NODES" ]; then
echo -n 'ExitNodes ' >> /tmp/torrc
printenv EXIT_NODES >> /tmp/torrc
fi
if [ ! -z "$EXCLUDE_EXIT_NODES" ]; then
echo -n 'ExcludeExitNodes ' >> /tmp/torrc
printenv EXCLUDE_EXIT_NODES >> /tmp/torrc
fi
exec "$@"