init project

daregit · Jun 10, 2024 · aac867a · aac867a
commit aac867a
Show file tree

Hide file tree

Showing 6 changed files with 122 additions and 0 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1 @@
+data
diff --git a/Caddyfile b/Caddyfile
@@ -0,0 +1,7 @@
+*.onion {
+  tls internal
+
+  reverse_proxy gitea:3000 {
+    header_up X-Real-IP {remote_host}
+  }
+}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,12 @@
+FROM alpine:latest
+
+RUN apk --no-cache update && \
+    apk --no-cache upgrade && \
+    apk --no-cache add tor sudo
+
+RUN echo "HiddenServiceDir /var/lib/tor/gitea_service" >>/etc/tor/torrc
+RUN echo "HiddenServicePort 22 gitea:22" >>/etc/tor/torrc
+RUN echo "HiddenServicePort 80 caddy:80" >>/etc/tor/torrc
+RUN echo "HiddenServicePort 443 caddy:443" >>/etc/tor/torrc
+
+ENTRYPOINT ["sh", "-c", "chown -R tor:nogroup /var/lib/tor && sudo -u tor tor"]
diff --git a/README.md b/README.md
@@ -0,0 +1,36 @@
+# Gitea with Tor and Caddy Setup
+
+This project sets up a Gitea instance accessible via a Tor hidden service, using Docker and Caddy.
+
+## Security Disclaimer
+
+This configuration uses self-signed certificates. It is recommended to generate certificates from a trusted Certificate Authority (CA).
+
+## Prerequisites
+
+Before you begin, ensure you have the following installed on your system:
+
+- Docker
+- Docker Compose
+
+## Getting Started
+
+### 1. Clone the Repository
+
+```sh
+git clone https://github.com/daregit/tutorials.git
+cd tutorials/002-tor-gitea
+./restart.sh
+
+```
+
+### 2. Setup gitea admin accounts
+
+### 3. Configure ssh
+
+```
+Host *.onion
+    ProxyCommand nc -X 5 -x localhost:9050  %h %p
+```
+
+Where localhost:9050 is location of your tor instance listening for socks connections.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,34 @@
+networks:
+  isolated:
+    internal: true
+
+services:
+  tor-node:
+    build: .
+    volumes:
+      - ./data/tor:/var/lib/tor
+    networks:
+      - isolated
+      - default
+    links:
+      - caddy
+  caddy:
+    image: caddy:latest
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile
+      - ./data/caddy:/data
+      - ./data/caddy_config:/config
+    links:
+      - gitea
+    networks:
+      - isolated
+  gitea:
+    image: gitea/gitea:latest
+    environment:
+      - USER_UID=1000
+      - USER_GID=1000
+    restart: always
+    volumes:
+      - ./data/gitea:/data
+    networks:
+      - isolated
diff --git a/run.sh b/run.sh
@@ -0,0 +1,32 @@
+#!/bin/sh
+
+set -euxo pipefail
+
+SCRIPTDIR=$(dirname "${BASH_SOURCE[0]}")
+
+docker-compose down
+docker-compose build
+docker-compose up -d
+
+# Maximum number of attempts
+MAX_ATTEMPTS=10
+ATTEMPT=1
+
+# Wait for the tor-node container to be up and running
+while [ $ATTEMPT -le $MAX_ATTEMPTS ]; do
+  if docker-compose exec -T tor-node sh -c 'cat /var/lib/tor/gitea_service/hostname' > /dev/null 2>&1; then
+    break
+  fi
+  echo "Attempt $ATTEMPT/$MAX_ATTEMPTS: Waiting for tor-node to be ready..."
+  ATTEMPT=$((ATTEMPT + 1))
+  sleep 2
+done
+
+if [ $ATTEMPT -gt $MAX_ATTEMPTS ]; then
+  echo "tor-node did not become ready in time."
+  exit 1
+fi
+
+ONION=$(docker-compose exec -T tor-node cat /var/lib/tor/gitea_service/hostname)
+
+echo "gitea is ready under ${ONION}"