本文主要讲述如何通过 Docker 搭建 Tor 网络网关客户端。

笔者在搭建 Tor 网关时需要用到上一篇文章的 Trojan 客户端 《Docker 中的 Trojan 客户端》,将这篇文章运行的 Docker 容器链接到 Tor 容器中。

  1. 通过 git 将项目下载到本地

    1
    git clone https://github.com/tor-on-synology/tor-client-minimal.git
  2. 同上文一样修改 Dockerfile 文件

  3. 构建 Docker 镜像

    1
    docker build -t tor .
  4. 准备你的 Tor 配置文件

    笔者使用的目录为 /Users/ismdeep/Data/tor-config

    在上述文件夹中写入配置文件 torrc

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    ## The directory for keeping all the keys/etc
    DataDirectory /var/lib/tor

    ## Socks5Proxy
    Socks5Proxy trojan:1080

    ## Tor opens a socks proxy on port 9150
    SocksPort 0.0.0.0:9150

    ## Entry policies to allow/deny SOCKS requests based on IP address.
    ## SocksPolicy accept 192.168.1.0/24
    SocksPolicy accept 172.17.0.0/16
    SocksPolicy reject *

    ## Logs go to stdout at level "notice"
    Log notice stdout

    ControlPort 9051

    # Try for at most NUM seconds when building circuits. If the circuit isn't open in that time, give up on it. (Default: 1 minute.)
    CircuitBuildTimeout 5
    # Send a padding cell every N seconds to keep firewalls from closing our connections while Tor is not in use.
    KeepalivePeriod 60
    # Force Tor to consider whether to build a new circuit every NUM seconds.
    NewCircuitPeriod 15
    # How many entry guards should we keep at a time?
    NumEntryGuards 8

    解释以上配置文件:

    Socks5Proxy trojan:1080 trojan 为上文中创建的 trojan 容器,在下面创建 Docker 容器时会用到

    SocksPort 0.0.0.0:9150 则监听 9150 端口

  5. 创建 Docker 容器并运行

    1
    docker run --name tor --link trojan:trojan -v /Users/ismdeep/Data/tor-config:/etc/tor -p 9150:9150 -d tor