From cdcca37ce0bffb154f97ca81dde97089959de307 Mon Sep 17 00:00:00 2001 From: lalanza808 Date: Sun, 29 Dec 2024 11:34:56 -0800 Subject: [PATCH] route txes through tor and i2p proxies (#29) * route txes through tor and i2p proxies * include entry script * update docker-files with dependency order and use new monerod command * Update dockerfiles/i2p Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * Update dockerfiles/i2p Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * Update dockerfiles/i2p-entrypoint.sh Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * Update dockerfiles/monero-entrypoint.sh Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * Update dockerfiles/monero-entrypoint.sh Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * remove q install and dns, specify private ip for tor/i2p * fix ips * use ubuntu 22.04 for tor build * fix i2pd configs * adjust i2p config, no depends on monerod * use gunicorn for flask app, faster restart time --------- Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> --- docker-compose.full.yaml | 98 +++++++++++++++++++++++++++++++++----- docker-compose.yaml | 74 ++++++++++++++++++++++++++-- dockerfiles/i2p | 29 +++++++++++ dockerfiles/i2p-config | 15 ++++++ dockerfiles/monero | 25 +++++----- dockerfiles/monero_compile | 20 +++++--- dockerfiles/nodemapper | 3 +- dockerfiles/tor | 15 ++++++ dockerfiles/tor-config | 7 +++ 9 files changed, 247 insertions(+), 39 deletions(-) create mode 100644 dockerfiles/i2p create mode 100644 dockerfiles/i2p-config create mode 100644 dockerfiles/tor create mode 100644 dockerfiles/tor-config diff --git a/docker-compose.full.yaml b/docker-compose.full.yaml index b1611ad..6d38ebd 100644 --- a/docker-compose.full.yaml +++ b/docker-compose.full.yaml @@ -1,5 +1,3 @@ -version: "3.7" - volumes: grafana: prometheus: @@ -11,7 +9,14 @@ x-log-config: &log-config max-size: "50m" max-file: "20" -services: +networks: + tor_net: + ipam: + driver: default + config: + - subnet: "172.31.255.0/24" + +services: prometheus: image: prom/prometheus:${PROM_TAG:-v2.36.0} command: @@ -20,11 +25,16 @@ services: - --storage.tsdb.retention.time=${PROM_RETENTION:-360d} container_name: monerod_prometheus restart: unless-stopped - ports: - - 127.0.0.1:9090:9090 + depends_on: + exporter: + condition: service_started + # ports: + # - 127.0.0.1:9090:9090 volumes: - prometheus:/prometheus - ./files/prometheus/config.yaml:/etc/prometheus/config.yaml:ro + networks: + - tor_net <<: *log-config grafana: user: "1000" @@ -34,7 +44,7 @@ services: restart: unless-stopped image: grafana/grafana:${GRAFANA_TAG:-10.1.4} ports: - - 127.0.0.1:3000:3000 + - 127.0.0.1:${GRAF_PORT:-3000}:3000 volumes: - grafana:/var/lib/grafana - ./files/grafana/grafana.ini:/etc/grafana/grafana.ini:ro @@ -53,6 +63,8 @@ services: GF_AUTH_DISABLE_LOGIN_FORM: "${GF_AUTH_DISABLE_LOGIN_FORM:-true}" GF_SECURITY_ADMIN_PASSWORD: "${GF_SECURITY_ADMIN_PASSWORD}" GF_SECURITY_ADMIN_USER: "${GF_SECURITY_ADMIN_USER}" + networks: + - tor_net <<: *log-config exporter: container_name: monerod_exporter @@ -60,10 +72,15 @@ services: context: . dockerfile: dockerfiles/exporter restart: unless-stopped - ports: - - 127.0.0.1:9000:9000 + depends_on: + monerod: + condition: service_started + # ports: + # - 127.0.0.1:9000:9000 command: - --monero-addr=http://monerod:${UNRESTRICTED_PORT:-18083} + networks: + - tor_net <<: *log-config nodemapper: container_name: monerod_nodemapper @@ -71,18 +88,54 @@ services: build: context: . dockerfile: dockerfiles/nodemapper + depends_on: + monerod: + condition: service_started environment: NODE_HOST: monerod NODE_PORT: 18083 - ports: - - 127.0.0.1:${MAPPER_PORT:-5000}:5000 + # ports: + # - 127.0.0.1:${MAPPER_PORT:-5000}:5000 + networks: + - tor_net + <<: *log-config + tor: + container_name: monerod_tor + build: + context: . + dockerfile: dockerfiles/tor + restart: unless-stopped + # ports: + # - 127.0.0.1:9050:9050 + networks: + tor_net: + ipv4_address: 172.31.255.250 + <<: *log-config + i2p: + container_name: monerod_i2p + build: + context: . + dockerfile: dockerfiles/i2p + restart: unless-stopped + # ports: + # - 127.0.0.1:4444:4444 + networks: + tor_net: + ipv4_address: 172.31.255.251 <<: *log-config monerod: container_name: monerod build: - context: dockerfiles - dockerfile: monero_compile + context: . + dockerfile: dockerfiles/monero_compile + args: + THREADS: ${THREADS:-2} restart: unless-stopped + depends_on: + tor: + condition: service_started + i2p: + condition: service_started volumes: - ${DATA_DIR:-./data}:/data ports: @@ -91,5 +144,24 @@ services: - 127.0.0.1:${ZMQ_PORT:-18082}:18082 # zmq - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc command: - monerod --data-dir=/data --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18081 --zmq-rpc-bind-ip=0.0.0.0 --zmq-rpc-bind-port=18082 --rpc-bind-ip=0.0.0.0 --rpc-bind-port=18083 --non-interactive --confirm-external-bind --public-node --log-level=0 --enable-dns-blocklist --rpc-ssl=disabled --ban-list=/ban_list.txt + - monerod + - --data-dir=/data + - --p2p-bind-ip=0.0.0.0 + - --p2p-bind-port=18080 + - --rpc-restricted-bind-ip=0.0.0.0 + - --rpc-restricted-bind-port=18081 + - --zmq-rpc-bind-ip=0.0.0.0 + - --zmq-rpc-bind-port=18082 + - --rpc-bind-ip=0.0.0.0 + - --rpc-bind-port=18083 + - --non-interactive + - --confirm-external-bind + - --public-node + - --log-level=0 + - --rpc-ssl=disabled + - --ban-list=/ban_list.txt + - --tx-proxy=tor,172.31.255.250:9050,disable_noise,24 + - --tx-proxy=i2p,172.31.255.251:4447,disable_noise,24 + networks: + - tor_net <<: *log-config diff --git a/docker-compose.yaml b/docker-compose.yaml index 78e6ce9..cfdd8fc 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,5 +1,3 @@ -version: "3.7" - volumes: grafana: prometheus: @@ -11,7 +9,14 @@ x-log-config: &log-config max-size: "50m" max-file: "20" -services: +networks: + tor_net: + ipam: + driver: default + config: + - subnet: "172.31.255.0/24" + +services: prometheus: image: prom/prometheus:${PROM_TAG:-v2.36.0} command: @@ -20,11 +25,16 @@ services: - --storage.tsdb.retention.time=${PROM_RETENTION:-360d} container_name: monerod_prometheus restart: unless-stopped + depends_on: + exporter: + condition: service_started # ports: # - 127.0.0.1:9090:9090 volumes: - prometheus:/prometheus - ./files/prometheus/config.yaml:/etc/prometheus/config.yaml:ro + networks: + - tor_net <<: *log-config grafana: user: "1000" @@ -53,6 +63,8 @@ services: GF_AUTH_DISABLE_LOGIN_FORM: "${GF_AUTH_DISABLE_LOGIN_FORM:-true}" GF_SECURITY_ADMIN_PASSWORD: "${GF_SECURITY_ADMIN_PASSWORD}" GF_SECURITY_ADMIN_USER: "${GF_SECURITY_ADMIN_USER}" + networks: + - tor_net <<: *log-config exporter: container_name: monerod_exporter @@ -60,10 +72,15 @@ services: context: . dockerfile: dockerfiles/exporter restart: unless-stopped + depends_on: + monerod: + condition: service_started # ports: # - 127.0.0.1:9000:9000 command: - --monero-addr=http://monerod:${UNRESTRICTED_PORT:-18083} + networks: + - tor_net <<: *log-config nodemapper: container_name: monerod_nodemapper @@ -71,11 +88,41 @@ services: build: context: . dockerfile: dockerfiles/nodemapper + depends_on: + monerod: + condition: service_started environment: NODE_HOST: monerod NODE_PORT: 18083 # ports: # - 127.0.0.1:${MAPPER_PORT:-5000}:5000 + networks: + - tor_net + <<: *log-config + tor: + container_name: monerod_tor + build: + context: . + dockerfile: dockerfiles/tor + restart: unless-stopped + # ports: + # - 127.0.0.1:9050:9050 + networks: + tor_net: + ipv4_address: 172.31.255.250 + <<: *log-config + i2p: + container_name: monerod_i2p + build: + context: . + dockerfile: dockerfiles/i2p + restart: unless-stopped + # ports: + # - 127.0.0.1:4447:4447 + # - 127.0.0.1:4444:4444 + networks: + tor_net: + ipv4_address: 172.31.255.251 <<: *log-config monerod: container_name: monerod @@ -91,5 +138,24 @@ services: - 127.0.0.1:${ZMQ_PORT:-18082}:18082 # zmq - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc command: - monerod --data-dir=/data --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18081 --zmq-rpc-bind-ip=0.0.0.0 --zmq-rpc-bind-port=18082 --rpc-bind-ip=0.0.0.0 --rpc-bind-port=18083 --non-interactive --confirm-external-bind --public-node --log-level=0 --enable-dns-blocklist --rpc-ssl=disabled --ban-list=/ban_list.txt + - monerod + - --data-dir=/data + - --p2p-bind-ip=0.0.0.0 + - --p2p-bind-port=18080 + - --rpc-restricted-bind-ip=0.0.0.0 + - --rpc-restricted-bind-port=18081 + - --zmq-rpc-bind-ip=0.0.0.0 + - --zmq-rpc-bind-port=18082 + - --rpc-bind-ip=0.0.0.0 + - --rpc-bind-port=18083 + - --non-interactive + - --confirm-external-bind + - --public-node + - --log-level=0 + - --rpc-ssl=disabled + - --ban-list=/ban_list.txt + - --tx-proxy=tor,172.31.255.250:9050,disable_noise,24 + - --tx-proxy=i2p,172.31.255.251:4447,disable_noise,24 + networks: + - tor_net <<: *log-config diff --git a/dockerfiles/i2p b/dockerfiles/i2p new file mode 100644 index 0000000..f62fee2 --- /dev/null +++ b/dockerfiles/i2p @@ -0,0 +1,29 @@ +FROM ubuntu:22.04 + +ENV DEBIAN_FRONTEND noninteractive + +RUN apt-get update && \ + apt-get install wget sudo -y +RUN wget https://github.com/PurpleI2P/i2pd/releases/download/2.54.0/i2pd_2.54.0-1jammy1_amd64.deb -O i2pd.deb -q +RUN apt install ./i2pd.deb -y +RUN rm -rf i2p.deb && \ + apt clean all && \ + apt autoremove -y + +RUN adduser \ + --system \ + --shell /bin/bash \ + --gecos 'i2p' \ + --group \ + --disabled-password \ + --home /home/i2p \ + --uid 1000 \ + i2p + +COPY dockerfiles/i2p-config /i2p-config + +USER i2p + +EXPOSE 4447 + +ENTRYPOINT ["i2pd", "--conf", "/i2p-config"] diff --git a/dockerfiles/i2p-config b/dockerfiles/i2p-config new file mode 100644 index 0000000..a2d44cc --- /dev/null +++ b/dockerfiles/i2p-config @@ -0,0 +1,15 @@ +datadir = /var/lib/i2pd +log = false +loglevel = none +ipv6 = false +bandwidth = 2048 + +[socksproxy] +enabled = true +address = 0.0.0.0 +port = 4447 + +[httpproxy] +enabled = true +address = 0.0.0.0 +port = 4444 \ No newline at end of file diff --git a/dockerfiles/monero b/dockerfiles/monero index 89dec09..6216d38 100644 --- a/dockerfiles/monero +++ b/dockerfiles/monero @@ -1,4 +1,4 @@ -FROM ubuntu:22.04 as OG +FROM ubuntu:22.04 AS og ENV MONERO_HASH 51ba03928d189c1c11b5379cab17dd9ae8d2230056dc05c872d0f8dba4a87f1d ENV MONERO_DL_URL https://downloads.getmonero.org/cli/monero-linux-x64-v0.18.3.4.tar.bz2 @@ -8,18 +8,14 @@ ENV MONERO_SUMS_FILE sha256sums WORKDIR /opt/monero # Update system and install dependencies -# Download ban list -# Download Monero binaries from getmonero.org -# Confirm hashes match -# Install daemon binary -# Clean up - RUN apt-get update \ && apt-get upgrade -y \ && apt-get install -y tar wget bzip2 -RUN wget -qO /ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt" - +# Download Monero binaries from getmonero.org +# Confirm hashes match +# Install daemon binary +# Clean up RUN wget -qO ${MONERO_DL_FILE} ${MONERO_DL_URL} \ && echo "${MONERO_HASH} ${MONERO_DL_FILE}" > ${MONERO_SUMS_FILE} \ && sha256sum -c ${MONERO_SUMS_FILE}; \ @@ -35,14 +31,15 @@ RUN wget -qO ${MONERO_DL_FILE} ${MONERO_DL_URL} \ && mv ./tmp/* /usr/local/bin/ \ && rm -rf ./tmp ${MONERO_SUMS_FILE} ${MONERO_DL_FILE} -WORKDIR /data +# Download ban list +RUN wget -qO /tmp/ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt" # Copy to fresh Ubuntu image to reduce size FROM ubuntu:22.04 -COPY --from=OG /usr/local/bin/monerod /usr/local/bin/monerod -COPY --from=OG /usr/local/bin/monero-wallet-cli /usr/local/bin/monero-wallet-cli -COPY --from=OG /usr/local/bin/monero-wallet-rpc /usr/local/bin/monero-wallet-rpc -COPY --from=OG /ban_list.txt /ban_list.txt +COPY --from=og /usr/local/bin/monerod /usr/local/bin/monerod +COPY --from=og /usr/local/bin/monero-wallet-cli /usr/local/bin/monero-wallet-cli +COPY --from=og /usr/local/bin/monero-wallet-rpc /usr/local/bin/monero-wallet-rpc +COPY --from=og /tmp/ban_list.txt /ban_list.txt EXPOSE 18080 EXPOSE 18081 diff --git a/dockerfiles/monero_compile b/dockerfiles/monero_compile index 378b0a2..4d3633b 100644 --- a/dockerfiles/monero_compile +++ b/dockerfiles/monero_compile @@ -1,21 +1,27 @@ -FROM ubuntu:22.04 as og +FROM ubuntu:22.04 AS og ENV DEBIAN_FRONTEND noninteractive -ARG threads +ENV MONERO_RELEASE v0.18.3.4 WORKDIR /opt/monero +# Install dependencies RUN apt-get update && apt-get install -y \ build-essential cmake pkg-config libboost-all-dev \ - libssl-dev libzmq3-dev libunbound-dev libsodium-dev libpgm-dev git + libssl-dev libzmq3-dev libunbound-dev libsodium-dev libpgm-dev git wget -RUN git clone https://github.com/monero-project/monero --branch=v0.18.3.4 --depth=1 . +# Clone monero repo +RUN git clone https://github.com/monero-project/monero --branch=$MONERO_RELEASE --depth=1 . +# Clone submodules RUN git submodule update --init --force -RUN make -j$threads +# Compile monero +ARG THREADS 2 +RUN make -j$THREADS -RUN wget -qO /ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt" +# Download ban list +RUN wget -qO /tmp/ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt" FROM ubuntu:22.04 @@ -25,7 +31,7 @@ COPY --from=og /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/ COPY --from=og /opt/monero/build/Linux/_no_branch_/release/bin/monerod /bin/monerod COPY --from=og /opt/monero/build/Linux/_no_branch_/release/bin/monero-wallet-cli /bin/monero-wallet-cli COPY --from=og /opt/monero/build/Linux/_no_branch_/release/bin/monero-wallet-rpc /bin/monero-wallet-rpc -COPY --from=og /ban_list.txt /ban_list.txt +COPY --from=og /tmp/ban_list.txt /ban_list.txt EXPOSE 18080 EXPOSE 18081 diff --git a/dockerfiles/nodemapper b/dockerfiles/nodemapper index e3442e3..b773a67 100644 --- a/dockerfiles/nodemapper +++ b/dockerfiles/nodemapper @@ -6,8 +6,9 @@ RUN apt update && apt install wget python3 python3-venv -y RUN python3 -m venv .venv RUN .venv/bin/pip install flask==3.0.0 RUN .venv/bin/pip install geoip2==4.7.0 +RUN .venv/bin/pip install gunicorn==23.0.0 RUN wget https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb -qO ./geoip.mmdb COPY dockerfiles/nodemapper.py app.py -ENTRYPOINT [ ".venv/bin/flask", "--app", "app", "run", "--host", "::" ] +ENTRYPOINT [ ".venv/bin/gunicorn", "-b", "0.0.0.0:5000", "app:app" ] diff --git a/dockerfiles/tor b/dockerfiles/tor new file mode 100644 index 0000000..91c6ff2 --- /dev/null +++ b/dockerfiles/tor @@ -0,0 +1,15 @@ +FROM ubuntu:22.04 + +RUN apt-get update && apt-get install tor -y + +RUN mkdir -p /run/tor \ + && chown -R debian-tor:debian-tor /run/tor \ + && chmod 700 -R /run/tor + +COPY dockerfiles/tor-config /etc/tor/torrc + +USER debian-tor + +EXPOSE 9050 + +ENTRYPOINT ["tor"] diff --git a/dockerfiles/tor-config b/dockerfiles/tor-config new file mode 100644 index 0000000..a89b34b --- /dev/null +++ b/dockerfiles/tor-config @@ -0,0 +1,7 @@ +DataDirectory /var/lib/tor +ExitPolicy reject6 *:*, reject *:* +ExitRelay 0 +IPv6Exit 0 +Log notice stdout +PublishServerDescriptor 0 +SOCKSPort 0.0.0.0:9050