disclaimer
I am not responsible if you break something. Please consult with your laws to see if using Tor is legal in your country. An example where it is not legal is China. In most countries it is legal but again please check you laws.
Background
Before I get into how to set everything up. I am going to give some background on why I created this guide. Around 3 months ago a discord server I was on wanted to try and create an ultra secure Internet Relay Chat (IRC for short) server. Initially we tried to use SSL to secure the server. However, we had a few issues with the certificates which resulted in the project stalling . After some time I realized we could use Tor to run the IRC in a more secure manner. We did deploy a Tor based solution but that led to even more problems. Mainly security concerns about what would happen if Tor was breach ed, thus began a 3 week odyssey to Dockerising the setup. Without further ado lets get into the tutorial. This tutorial assumes you use Linux, however this will work with any Operating system with some tweaks.
The IRC server
I originally intended to compile InspIRCd from source. I found out after a friend pointed out that InspIRCd has a prebuilt Dock er container.... So yeah, I wasted a long time on the compile attempt. We are going to setup a quick test. I recommend using this setup to get an inspircd.conf setup.
docker pull inspircd/inspircd-docker
docker run --name inspircd -p 6667:6667 -v /path/to/your/config:/inspircd/conf/ inspircd/inspircd-docker
If you want to use my compose file this is the file structure I used.
project
├── configs
│ ├── inspircd.conf
│ ├── modules.conf
│ └── motd.txt
├── docker-compose.yml
├── setup.sh
└── tor
├── configs
| └──torrc
└── Dockerfile
So the last command will be (this is assuming that your working dir is project)
docker run --name inspircd -p 6667:6667 -v ~/project/configs:/inspircd/conf/ inspircd/inspircd-docker
The Tor container
The tor container will, as the name implies, contain tor. This container has one job. Get the IRC online on the Darkweb. We are going to be build a custom container for this using a Dockerfile.
FROM Ubuntu:focal
#init
RUN apt update && apt upgrade -y
RUN apt install tor -y
#config tor
WORKDIR /home/torrc
COPY ./configs/torrc .
RUN rm /etc/tor/torrc
RUN cp torrc /etc/tor/
ENTRYPOINT tail -F /dev/null
The Docker image is based of Ubuntu 20.04, and uses a custom torrc file. We will need to make one of these.
#if you do not have tor installed. install it before this step.
#this assumes you are inside the tor directory in a terminal.
sudo cp /etc/tor/torrc ./configs/torrc
now open up the torrc in a a editor of your choice. you may need to change the ownership using chown
find the following lines
#HiddenServiceDir /var/lib/tor/hidden_service/
#HiddenServicePort 80 127.0.0.1:80
Uncomment and change the second line to appear the same as the one bellow.
HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 6667 irc:6667
The more experienced among you might notice the IP for the service isn't actually a IP but rather a hostname. this will become clearer in the next steps. finally build the container with this command
docker build tor -t tor
The test run
If you got this far. well congrats you have achieved what took me 2 weeks of trial and error. Now we are going to test everything and hopefully have a running tor based IRC server up and running. This command launches a container called irc with the base image inspircd/inspircd-docker. This mount the IRC configs at /insp ircd/conf/
docker run --name irc -d -v ~/project/configs:/inspircd/conf/ inspircd/inspircd-docker
Next run this command. This links the 2 containers with the irc container having the host name irc. this is also why in the tor rc we supplied a hostname(which is fixed) rather then a IP(which is not fixed).
docker run -d --name tor --link=irc:irc tor
the next 2 commands start the tor service and give the .onion link of the server
docker exec -it tor service tor start
docker exec -it tor cat /var/lib/tor/hidden_service/hostname
the second command should spit out your .onion link. to connect to the server follow one of the options from this [guide](https ://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/IRC). I recommend hexchat if you are new to the IRC field. Supply the . onion link and in a minute you should be connected to the server.
Docker-compose
Docker on its own is powerful and in theory you could just continue using the setup we used previously. However if you need to bring it down for maintenance bringing it back up is a PAIN and should never be used in a production environment. Too solve t his problem we shall use a docker-compose.yml(you can also used a .yaml) file. this will make docker compose do the heavy lifting g of mounting folders and also linking the 2 containers.
version: '3.8'
services:
irc:
image: inspircd/inspircd-docker
container_name: irc
volumes:
- type: bind
source: ./configs
target: /inspircd/conf/
app:
build: ./tor
container_name: tor
ports:
- 9001:9001
- 9030:9030
links:
- irc
depends_on:
- irc
volumes:
{}
This basically runs all the commands except starting tor and giving us the .onion link. This will speed up the enter process. to run this use
docker-compose up -d
the -d flag tells it to run in detached/headless mode.
finally run these 2 commands to launch the tor proxy.
docker exec -it tor service tor start
docker exec -it tor cat /var/lib/tor/hidden_service/hostname
final notes
I encourage to look the docker docs and the docker-compose docs . Learn how it works and become more confident with using docker. I hope you find this tutorial useful or interesting. Please note just using docker doesn't make your server safe. Please learn how to setup fire walls you can use to lock down your server.
— This is nullrequest signing off