route txes through tor and i2p proxies (#29)

* route txes through tor and i2p proxies * include entry script * update docker-files with dependency order and use new monerod command * Update dockerfiles/i2p Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * Update dockerfiles/i2p Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * Update dockerfiles/i2p-entrypoint.sh Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * Update dockerfiles/monero-entrypoint.sh Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * Update dockerfiles/monero-entrypoint.sh Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com> * remove q install and dns, specify private ip for tor/i2p * fix ips * use ubuntu 22.04 for tor build * fix i2pd configs * adjust i2p config, no depends on monerod * use gunicorn for flask app, faster restart time --------- Co-authored-by: nahuhh <50635951+nahuhh@users.noreply.github.com>
6 days ago · cdcca37ce0
parent 183d85942d
commit cdcca37ce0
9 changed files with 247 additions and 39 deletions
--- a/docker-compose.full.yaml
+++ b/docker-compose.full.yaml
@ -1,5 +1,3 @@
 version: "3.7"
 volumes:
  grafana:
  prometheus:
@ -11,7 +9,14 @@ x-log-config: &log-config
      max-size: "50m"
      max-file: "20"
-services: 
+networks:
  tor_net:
    ipam:
      driver: default
      config:
        - subnet: "172.31.255.0/24"
 services:
  prometheus:
    image: prom/prometheus:${PROM_TAG:-v2.36.0}
    command:
@ -20,11 +25,16 @@ services:
      - --storage.tsdb.retention.time=${PROM_RETENTION:-360d}
    container_name: monerod_prometheus
    restart: unless-stopped
-    ports:
+    depends_on:
-      - 127.0.0.1:9090:9090
+      exporter:
        condition: service_started
    # ports:
    #   - 127.0.0.1:9090:9090
    volumes:
      - prometheus:/prometheus
      - ./files/prometheus/config.yaml:/etc/prometheus/config.yaml:ro
    networks:
      - tor_net
    <<: *log-config
  grafana:
    user: "1000"
@ -34,7 +44,7 @@ services:
    restart: unless-stopped
    image: grafana/grafana:${GRAFANA_TAG:-10.1.4}
    ports:
-      - 127.0.0.1:3000:3000
+      - 127.0.0.1:${GRAF_PORT:-3000}:3000
    volumes:
      - grafana:/var/lib/grafana
      - ./files/grafana/grafana.ini:/etc/grafana/grafana.ini:ro
@ -53,6 +63,8 @@ services:
      GF_AUTH_DISABLE_LOGIN_FORM: "${GF_AUTH_DISABLE_LOGIN_FORM:-true}"
      GF_SECURITY_ADMIN_PASSWORD: "${GF_SECURITY_ADMIN_PASSWORD}"
      GF_SECURITY_ADMIN_USER: "${GF_SECURITY_ADMIN_USER}"
    networks:
      - tor_net
    <<: *log-config
  exporter:
    container_name: monerod_exporter
@ -60,10 +72,15 @@ services:
      context: .
      dockerfile: dockerfiles/exporter
    restart: unless-stopped
-    ports:
+    depends_on:
-      - 127.0.0.1:9000:9000
+      monerod:
        condition: service_started
    # ports:
    #   - 127.0.0.1:9000:9000
    command:
      - --monero-addr=http://monerod:${UNRESTRICTED_PORT:-18083}
    networks:
      - tor_net
    <<: *log-config
  nodemapper:
    container_name: monerod_nodemapper
@ -71,18 +88,54 @@ services:
    build:
      context: .
      dockerfile: dockerfiles/nodemapper
    depends_on:
      monerod:
        condition: service_started
    environment:
      NODE_HOST: monerod
      NODE_PORT: 18083
-    ports:
+    # ports:
-      - 127.0.0.1:${MAPPER_PORT:-5000}:5000
+    #   - 127.0.0.1:${MAPPER_PORT:-5000}:5000
    networks:
      - tor_net
    <<: *log-config
  tor:
    container_name: monerod_tor
    build:
      context: .
      dockerfile: dockerfiles/tor
    restart: unless-stopped
    # ports:
      # - 127.0.0.1:9050:9050
    networks:
      tor_net:
        ipv4_address: 172.31.255.250
    <<: *log-config
  i2p:
    container_name: monerod_i2p
    build:
      context: .
      dockerfile: dockerfiles/i2p
    restart: unless-stopped
    # ports:
        # - 127.0.0.1:4444:4444
    networks:
      tor_net:
        ipv4_address: 172.31.255.251
    <<: *log-config
  monerod:
    container_name: monerod
    build:
-      context: dockerfiles
+      context: .
-      dockerfile: monero_compile
+      dockerfile: dockerfiles/monero_compile
      args:
        THREADS: ${THREADS:-2}
    restart: unless-stopped
    depends_on:
      tor:
        condition: service_started
      i2p:
        condition: service_started
    volumes:
      - ${DATA_DIR:-./data}:/data
    ports:
@ -91,5 +144,24 @@ services:
      - 127.0.0.1:${ZMQ_PORT:-18082}:18082          # zmq
      - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc
    command:
-      monerod --data-dir=/data --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18081 --zmq-rpc-bind-ip=0.0.0.0 --zmq-rpc-bind-port=18082 --rpc-bind-ip=0.0.0.0 --rpc-bind-port=18083 --non-interactive --confirm-external-bind --public-node --log-level=0 --enable-dns-blocklist --rpc-ssl=disabled --ban-list=/ban_list.txt
+      - monerod
      - --data-dir=/data
      - --p2p-bind-ip=0.0.0.0
      - --p2p-bind-port=18080
      - --rpc-restricted-bind-ip=0.0.0.0
      - --rpc-restricted-bind-port=18081
      - --zmq-rpc-bind-ip=0.0.0.0
      - --zmq-rpc-bind-port=18082
      - --rpc-bind-ip=0.0.0.0
      - --rpc-bind-port=18083
      - --non-interactive
      - --confirm-external-bind
      - --public-node
      - --log-level=0
      - --rpc-ssl=disabled
      - --ban-list=/ban_list.txt
      - --tx-proxy=tor,172.31.255.250:9050,disable_noise,24
      - --tx-proxy=i2p,172.31.255.251:4447,disable_noise,24
    networks:
      - tor_net
    <<: *log-config
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -1,5 +1,3 @@
 version: "3.7"
 volumes:
  grafana:
  prometheus:
@ -11,7 +9,14 @@ x-log-config: &log-config
      max-size: "50m"
      max-file: "20"
-services: 
+networks:
  tor_net:
    ipam:
      driver: default
      config:
        - subnet: "172.31.255.0/24"
 services:
  prometheus:
    image: prom/prometheus:${PROM_TAG:-v2.36.0}
    command:
@ -20,11 +25,16 @@ services:
      - --storage.tsdb.retention.time=${PROM_RETENTION:-360d}
    container_name: monerod_prometheus
    restart: unless-stopped
    depends_on:
      exporter:
        condition: service_started
    # ports:
    #   - 127.0.0.1:9090:9090
    volumes:
      - prometheus:/prometheus
      - ./files/prometheus/config.yaml:/etc/prometheus/config.yaml:ro
    networks:
      - tor_net
    <<: *log-config
  grafana:
    user: "1000"
@ -53,6 +63,8 @@ services:
      GF_AUTH_DISABLE_LOGIN_FORM: "${GF_AUTH_DISABLE_LOGIN_FORM:-true}"
      GF_SECURITY_ADMIN_PASSWORD: "${GF_SECURITY_ADMIN_PASSWORD}"
      GF_SECURITY_ADMIN_USER: "${GF_SECURITY_ADMIN_USER}"
    networks:
      - tor_net
    <<: *log-config
  exporter:
    container_name: monerod_exporter
@ -60,10 +72,15 @@ services:
      context: .
      dockerfile: dockerfiles/exporter
    restart: unless-stopped
    depends_on:
      monerod:
        condition: service_started
    # ports:
    #   - 127.0.0.1:9000:9000
    command:
      - --monero-addr=http://monerod:${UNRESTRICTED_PORT:-18083}
    networks:
      - tor_net
    <<: *log-config
  nodemapper:
    container_name: monerod_nodemapper
@ -71,11 +88,41 @@ services:
    build:
      context: .
      dockerfile: dockerfiles/nodemapper
    depends_on:
      monerod:
        condition: service_started
    environment:
      NODE_HOST: monerod
      NODE_PORT: 18083
    # ports:
    #   - 127.0.0.1:${MAPPER_PORT:-5000}:5000
    networks:
      - tor_net
    <<: *log-config
  tor:
    container_name: monerod_tor
    build:
      context: .
      dockerfile: dockerfiles/tor
    restart: unless-stopped
    # ports:
      # - 127.0.0.1:9050:9050
    networks:
      tor_net:
        ipv4_address: 172.31.255.250
    <<: *log-config
  i2p:
    container_name: monerod_i2p
    build:
      context: .
      dockerfile: dockerfiles/i2p
    restart: unless-stopped
    # ports:
    #     - 127.0.0.1:4447:4447
    #     - 127.0.0.1:4444:4444
    networks:
      tor_net:
        ipv4_address: 172.31.255.251
    <<: *log-config
  monerod:
    container_name: monerod
@ -91,5 +138,24 @@ services:
      - 127.0.0.1:${ZMQ_PORT:-18082}:18082          # zmq
      - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc
    command:
-      monerod --data-dir=/data --p2p-bind-ip=0.0.0.0 --p2p-bind-port=18080 --rpc-restricted-bind-ip=0.0.0.0 --rpc-restricted-bind-port=18081 --zmq-rpc-bind-ip=0.0.0.0 --zmq-rpc-bind-port=18082 --rpc-bind-ip=0.0.0.0 --rpc-bind-port=18083 --non-interactive --confirm-external-bind --public-node --log-level=0 --enable-dns-blocklist --rpc-ssl=disabled --ban-list=/ban_list.txt
+      - monerod
      - --data-dir=/data
      - --p2p-bind-ip=0.0.0.0
      - --p2p-bind-port=18080
      - --rpc-restricted-bind-ip=0.0.0.0
      - --rpc-restricted-bind-port=18081
      - --zmq-rpc-bind-ip=0.0.0.0
      - --zmq-rpc-bind-port=18082
      - --rpc-bind-ip=0.0.0.0
      - --rpc-bind-port=18083
      - --non-interactive
      - --confirm-external-bind
      - --public-node
      - --log-level=0
      - --rpc-ssl=disabled
      - --ban-list=/ban_list.txt
      - --tx-proxy=tor,172.31.255.250:9050,disable_noise,24
      - --tx-proxy=i2p,172.31.255.251:4447,disable_noise,24
    networks:
      - tor_net
    <<: *log-config
--- a/dockerfiles/i2p
+++ b/dockerfiles/i2p
@ -0,0 +1,29 @@
 FROM ubuntu:22.04
 ENV DEBIAN_FRONTEND noninteractive
 RUN apt-get update && \
    apt-get install wget sudo -y
 RUN wget https://github.com/PurpleI2P/i2pd/releases/download/2.54.0/i2pd_2.54.0-1jammy1_amd64.deb -O i2pd.deb -q
 RUN apt install ./i2pd.deb -y
 RUN rm -rf i2p.deb && \
    apt clean all && \
    apt autoremove -y
 RUN adduser \
   --system \
   --shell /bin/bash \
   --gecos 'i2p' \
   --group \
   --disabled-password \
   --home /home/i2p \
   --uid 1000 \
   i2p
 COPY dockerfiles/i2p-config /i2p-config
 USER i2p
 EXPOSE 4447
 ENTRYPOINT ["i2pd", "--conf", "/i2p-config"]
--- a/dockerfiles/i2p-config
+++ b/dockerfiles/i2p-config
@ -0,0 +1,15 @@
 datadir = /var/lib/i2pd
 log = false
 loglevel = none
 ipv6 = false
 bandwidth = 2048
 [socksproxy]
 enabled = true
 address = 0.0.0.0
 port = 4447
 [httpproxy]
 enabled = true
 address = 0.0.0.0
 port = 4444
--- a/dockerfiles/monero
+++ b/dockerfiles/monero
@ -1,4 +1,4 @@
-FROM ubuntu:22.04 as OG
+FROM ubuntu:22.04 AS og
 ENV MONERO_HASH 51ba03928d189c1c11b5379cab17dd9ae8d2230056dc05c872d0f8dba4a87f1d
 ENV MONERO_DL_URL https://downloads.getmonero.org/cli/monero-linux-x64-v0.18.3.4.tar.bz2
@ -8,18 +8,14 @@ ENV MONERO_SUMS_FILE sha256sums
 WORKDIR /opt/monero
 # Update system and install dependencies
 # Download ban list
 # Download Monero binaries from getmonero.org
 # Confirm hashes match
 # Install daemon binary
 # Clean up
 RUN apt-get update \
  && apt-get upgrade -y \
  && apt-get install -y tar wget bzip2
-RUN wget -qO /ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt"
+# Download Monero binaries from getmonero.org
-
+# Confirm hashes match
 # Install daemon binary
 # Clean up
 RUN wget -qO ${MONERO_DL_FILE} ${MONERO_DL_URL} \
  && echo "${MONERO_HASH}  ${MONERO_DL_FILE}" > ${MONERO_SUMS_FILE} \
  && sha256sum -c ${MONERO_SUMS_FILE}; \
@ -35,14 +31,15 @@ RUN wget -qO ${MONERO_DL_FILE} ${MONERO_DL_URL} \
  && mv ./tmp/* /usr/local/bin/ \
  && rm -rf ./tmp ${MONERO_SUMS_FILE} ${MONERO_DL_FILE}
-WORKDIR /data
+# Download ban list
 RUN wget -qO /tmp/ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt"
 # Copy to fresh Ubuntu image to reduce size
 FROM ubuntu:22.04
-COPY --from=OG /usr/local/bin/monerod /usr/local/bin/monerod
+COPY --from=og /usr/local/bin/monerod /usr/local/bin/monerod
-COPY --from=OG /usr/local/bin/monero-wallet-cli /usr/local/bin/monero-wallet-cli
+COPY --from=og /usr/local/bin/monero-wallet-cli /usr/local/bin/monero-wallet-cli
-COPY --from=OG /usr/local/bin/monero-wallet-rpc /usr/local/bin/monero-wallet-rpc
+COPY --from=og /usr/local/bin/monero-wallet-rpc /usr/local/bin/monero-wallet-rpc
-COPY --from=OG /ban_list.txt /ban_list.txt
+COPY --from=og /tmp/ban_list.txt /ban_list.txt
 EXPOSE 18080
 EXPOSE 18081
--- a/dockerfiles/monero_compile
+++ b/dockerfiles/monero_compile
@ -1,21 +1,27 @@
-FROM ubuntu:22.04 as og
+FROM ubuntu:22.04 AS og
 ENV DEBIAN_FRONTEND noninteractive
-ARG threads
+ENV MONERO_RELEASE v0.18.3.4
 WORKDIR /opt/monero
 # Install dependencies
 RUN apt-get update && apt-get install -y \
    build-essential cmake pkg-config libboost-all-dev \
-    libssl-dev libzmq3-dev libunbound-dev libsodium-dev libpgm-dev git
+    libssl-dev libzmq3-dev libunbound-dev libsodium-dev libpgm-dev git wget
-RUN git clone https://github.com/monero-project/monero --branch=v0.18.3.4 --depth=1 .
+# Clone monero repo
 RUN git clone https://github.com/monero-project/monero --branch=$MONERO_RELEASE --depth=1 .
 # Clone submodules
 RUN git submodule update --init --force
-RUN make -j$threads
+# Compile monero
 ARG THREADS 2
 RUN make -j$THREADS
-RUN wget -qO /ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt"
+# Download ban list
 RUN wget -qO /tmp/ban_list.txt "https://raw.githubusercontent.com/Boog900/monero-ban-list/main/ban_list.txt"
 FROM ubuntu:22.04
@ -25,7 +31,7 @@ COPY --from=og /usr/lib/x86_64-linux-gnu/ /usr/lib/x86_64-linux-gnu/
 COPY --from=og /opt/monero/build/Linux/_no_branch_/release/bin/monerod /bin/monerod
 COPY --from=og /opt/monero/build/Linux/_no_branch_/release/bin/monero-wallet-cli /bin/monero-wallet-cli
 COPY --from=og /opt/monero/build/Linux/_no_branch_/release/bin/monero-wallet-rpc /bin/monero-wallet-rpc
-COPY --from=og /ban_list.txt /ban_list.txt
+COPY --from=og /tmp/ban_list.txt /ban_list.txt
 EXPOSE 18080
 EXPOSE 18081
--- a/dockerfiles/nodemapper
+++ b/dockerfiles/nodemapper
@ -6,8 +6,9 @@ RUN apt update && apt install wget python3 python3-venv -y
 RUN python3 -m venv .venv
 RUN .venv/bin/pip install flask==3.0.0
 RUN .venv/bin/pip install geoip2==4.7.0
 RUN .venv/bin/pip install gunicorn==23.0.0
 RUN wget https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-City.mmdb -qO ./geoip.mmdb
 COPY dockerfiles/nodemapper.py app.py
-ENTRYPOINT [ ".venv/bin/flask", "--app", "app", "run", "--host", "::" ]
+ENTRYPOINT [ ".venv/bin/gunicorn", "-b", "0.0.0.0:5000", "app:app" ]
--- a/dockerfiles/tor
+++ b/dockerfiles/tor
@ -0,0 +1,15 @@
 FROM ubuntu:22.04
 RUN apt-get update && apt-get install tor -y
 RUN mkdir -p /run/tor \
  && chown -R debian-tor:debian-tor /run/tor \
  && chmod 700 -R /run/tor
 COPY dockerfiles/tor-config /etc/tor/torrc
 USER debian-tor
 EXPOSE 9050
 ENTRYPOINT ["tor"]
--- a/dockerfiles/tor-config
+++ b/dockerfiles/tor-config
@ -0,0 +1,7 @@
 DataDirectory /var/lib/tor
 ExitPolicy reject6 *:*, reject *:*
 ExitRelay 0
 IPv6Exit 0
 Log notice stdout
 PublishServerDescriptor 0
 SOCKSPort 0.0.0.0:9050