How to run Tor network and Proxy Service
It is docker, so only thing we need on our target machine is docker. No tor, no proxy, no python, no java, just docker environment. This will do work for all the other docker applications as well.
So in the future, the target machine will be clean and clear. Not java version conflict, no python version conflict, no other installation issues.
My target server is CentOS 7
First, check the software database index
> sudo yum check-update
Install Docker Service
> curl -fsSL https://get.docker.com/ | sh
Start the Docker Service
> sudo systemctl start docker
After the installation, we can check
> docker –version
Docker version 18.06.1-ce, build e68fc7a
Directly install privoxy on CentOS from Source Code
https://wiki.polaire.nl/doku.php?id=centos7_privoxy
http://www.privoxy.org/sf-download-mirror/Sources/3.0.26%20%28stable%29/
Here is the command to fetch the privoxy source code
> wget http://www.privoxy.org/sf-download-mirror/Sources/3.0.26%20%28stable%29/privoxy-3.0.26-stable-src.tar.gz
Install the build tool we need
> sudo yum groupinstall development tools
> sudo yum install zlib-devel pcre-devel w3m
Unzip the file
> tar zxvf privoxy-3.0.26-stable-src.tar.gz
Build the source
> cd privoxy-3.0.26-stable
> autoheader
> autoconf
> ./configure –with-user=privoxy –with-group=privoxy –prefix=/home/carl/tool/privoxy-3.0.26
> make
> make -n install
> make -s install USER=privoxy GROUP=privoxy
User privoxy and group privoxy not working, so I switch to use my current sudo user carl, this command can start that service
sudo /opt/privoxy/sbin/privoxy –pidfile /opt/privoxy/var/run/privoxy.pid –user carl /opt/privoxy/etc/config 2>/dev/null
Copy the script to working directory
> sudo cp privoxy-generic.init /etc/init.d/privoxy
> sudo chkconfig –add privoxy
> sudo chkconfig privoxy on
Edit the /etc/init.d/privoxy as follow:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/xpg4/bin:/usr/bin:/sbin:/bin:/opt/privoxy/sbin
P_NAME=Privoxy
# Path to executable.
P_DAEMON=privoxy
# Full path to location of Privoxy config file.
P_CONF_FILE=/opt/privoxy/etc/config
# Full path to PID file location. Location must be writable by
# whoever runs this script and by Privoxy itself.
P_PIDFILE=/opt/privoxy/var/run/privoxy.pid
# If uncommented, this script will try to run as USER=privoxy, which
# may require special handling of config, *.action, trust, logfile,
# jarfile, and pidfile.
P_USER=carl
Command can work
> sudo service privoxy start
The privoxy configuration will be as follow:
forward-socks5t / 127.0.0.1:9050 .
listen-address 0.0.0.0:8119
Set Up the Tor from Command Line
sudo yum install tor
Generate the password for tor
> echo HashedControlPassword $(tor –hash-password “xxxxxxxx”)
Add these to the file end
> sudo less /etc/tor/torrc
ControlPort 9051
ControlListenAddress 0.0.0.0
HashedControlPassword 16:xxxxxxxxxxxxxx
Check the permission of one directory
> chmod 400 /run/tor
Some Tips
Optional commands if you needed
> sudo yum-config-manager –disable chromium-el6
> sudo usermod -aG docker carl
Here is the Docker information
start.sh
#!/bin/sh -ex
#start the service
/etc/init.d/privoxy start
tor
Here is the Makefile
IMAGE=sillycat/public
TAG=centos-tornetwork-1.0
NAME=centos-tornetwork-1.0
prepare:
wget http://www.privoxy.org/sf-download-mirror/Sources/3.0.26%20%28stable%29/privoxy-3.0.26-stable-src.tar.gz -P install/
docker-context:
build: docker-context
docker build -t $(IMAGE):$(TAG) .
run:
docker run -d -p 9051:9051 -p 8119:8119 –name $(NAME) $(IMAGE):$(TAG)
debug:
docker run -p 9051:9051 -p 8119:8119 –name $(NAME) -ti $(IMAGE):$(TAG) /bin/bash
clean:
docker stop ${NAME}
docker rm ${NAME}
logs:
docker logs ${NAME}
publish:
docker push ${IMAGE}
Here is the Dockerfile with all the steps and Details
#Run a Tor Network Server
#Prepare the OS
FROM centos:7
MAINTAINER Carl Luo
#upgrade the system
RUN yum -y update
#Prepare the denpendencies
RUN yum install -y epel-release
RUN yum install -y tor
RUN yum groupinstall -y development tools
RUN yum install -y wget gcc make
RUN yum install -y zlib-devel pcre-devel w3m
#set up tor configuration
RUN echo “ControlPort 9051” >> /etc/tor/torrc
RUN echo “ControlListenAddress 0.0.0.0” >> /etc/tor/torrc
RUN echo HashedControlPassword $(tor –hash-password “xxxxxxxxx” | tail -n 1) >> /etc/tor/torrc
RUN rm -fr /run/tor/
RUN mkdir /run/tor
RUN chmod 400 /run/tor
#manually install privoxy
RUN adduser privoxy
RUN usermod -aG wheel privoxy
RUN mkdir /install/
RUN mkdir /tool/
ADD install/privoxy-3.0.26-stable-src.tar.gz /install/
WORKDIR /install/privoxy-3.0.26-stable
RUN autoheader
RUN autoconf
RUN ./configure –with-user=privoxy –with-group=wheel –prefix=/tool/privoxy-3.0.26
RUN make
RUN make -n install
RUN make -s install USER=privoxy GROUP=wheel
#set up forward configuration
RUN echo “forward-socks5t / 127.0.0.1:9050 .”>> /tool/privoxy-3.0.26/etc/config
RUN echo “listen-address 0.0.0.0:8119”>> /tool/privoxy-3.0.26/etc/config
ADD conf/privoxy /etc/init.d/privoxy
RUN chmod a+x /etc/init.d/privoxy
#set up the app
EXPOSE 9051 8119
RUN mkdir -p /app/
ADD start.sh /app/
WORKDIR /app/
CMD [ “./start.sh” ]
The /etc/init.d/privoxy Script to start the service
#!/bin/sh
###########################################################################
#
# File : $Source: /cvsroot/ijbswa/current/privoxy-generic.init,v $
#
# Purpose : This script takes care of starting and stopping privoxy.
# It is supposed to work cross-platform and thus doesn’t
# do too much. When packaging Privoxy it’s recommended to
# write a platform-specific start script instead of using
# this one.
#
# Copyright : Written by and Copyright (C) 2001,2002 the
# Privoxy team. http://www.privoxy.org/
#
# This program is free software; you can redistribute it
# and/or modify it under the terms of the GNU General
# Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at
# your option) any later version.
#
# This program is distributed in the hope that it will
# be useful, but WITHOUT ANY WARRANTY; without even the
# implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE. See the GNU General Public
# License for more details.
#
# The GNU General Public License should be included with
# this file. If not, you can view it at
# http://www.gnu.org/copyleft/gpl.html
# or write to the Free Software Foundation, Inc., 59
# Temple Place – Suite 330, Boston, MA 02111-1307, USA.
#
###########################################################################
### BEGIN INIT INFO
# Provides: privoxy
# Required-Start:
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start privoxy at boot time
# Description: Start and stop the privacy-enhancing HTTP proxy privoxy.
### END INIT INFO
# NOTE: This script may require editing to ensure proper location of
# config file, and the privoxy executable. Care should be taken to ensure
# logfile is writable by $P_USER (logfile is defined in config), and that
# there is suitable write access for $P_PIDFILE.
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/xpg4/bin:/usr/bin:/sbin:/bin:/tool/privoxy-3.0.26/sbin
P_NAME=Privoxy
# Path to executable.
P_DAEMON=privoxy
# Full path to location of Privoxy config file.
P_CONF_FILE=/tool/privoxy-3.0.26/etc/config
# Full path to PID file location. Location must be writable by
# whoever runs this script and by Privoxy itself.
P_PIDFILE=/tool/privoxy-3.0.26/var/run/privoxy.pid
# If uncommented, this script will try to run as USER=privoxy, which
# may require special handling of config, *.action, trust, logfile,
# jarfile, and pidfile.
P_USER=privoxy
# If a privoxy user is specified, lets try that. /bin/sh does not seem to
# know about $UID.
if [ 0 = `id -u` ]; then
if [ -n “$P_USER” ]; then
id $P_USER 2>/dev/null >/dev/null
if [ $? -eq 0 ]; then
P_USER_SETTINGS=”–user $P_USER”
else
echo “User $P_USER doesn’t exist, exiting.”
exit 1
fi
else
# The user has sufficient rights, but $P_USER isn’t set
echo “Running Privoxy as root is not recommended!”
P_USER_SETTINGS=””
fi
else
# The user has insufficient rights to run Privoxy as $P_USER
# and may not be able to write or delete the PID file.
echo “You aren’t root, expect trouble!”
P_USER_SETTINGS=””
fi
if [ ! -f $P_CONF_FILE ]; then
echo “Can’t find $P_CONF_FILE, exiting.”
exit 1
fi
case “$1” in
start)
if [ -f $P_PIDFILE ]; then
if kill -0 `cat $P_PIDFILE`; then
echo “Error: $P_NAME is already running, exiting.”
exit 1
else
rm -f $P_PIDFILE
fi
fi
$P_DAEMON –pidfile $P_PIDFILE $P_USER_SETTINGS $P_CONF_FILE 2>/dev/null
if [ $? -eq 0 ]; then
echo “Starting $P_NAME, OK.”
else
echo “Starting $P_NAME, Failed.”
rm -f $P_PIDFILE
fi
;;
restart)
$0 stop
$0 start
;;
stop)
test ! -f $P_PIDFILE && echo “No $P_PIDFILE file found, exiting.” && exit 1
kill `cat $P_PIDFILE` && rm -f $P_PIDFILE && \
echo “Stopping $P_NAME, OK.” || echo “Stopping $P_NAME, failed.”
;;
*)
echo “Usage: $0 {start|stop|restart}”
exit 1
;;
esac
exit 0
How to Verify that?
How to change the IP
> echo -e ‘AUTHENTICATE “xxxxxxxxx”\r\nsignal NEWNYM\r\nQUIT’ | nc localhost 9051
Check the IP
> curl -x localhost:8118 http://icanhazip.com/
How to change the IP from remote
> echo -e ‘AUTHENTICATE “xxxxxxxxx”\r\nsignal NEWNYM\r\nQUIT’ | nc ubuntu-master 9051
Check the IP from Remote
> curl -x centos-dev1:8118 http://icanhazip.com/
References:
http://sillycat.iteye.com/blog/2223733
http://sillycat.iteye.com/blog/2226093
http://sillycat.iteye.com/blog/2227400
https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-centos-7
https://hub.docker.com/_/centos/
https://linuxacademy.com/community/posts/show/topic/21629-docker-failed-to-get-dbus-connection-operation-not-permitted
https://serverfault.com/questions/824975/failed-to-get-d-bus-connection-operation-not-permitted
https://github.com/CentOS/sig-cloud-instance-images/issues/45
https://www.rosehosting.com/blog/how-to-create-a-sudo-user-on-centos-7/