Re: [tor-bugs] #31834 [Circumvention]: Make obfs4 Docker image more usable

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#31834: Make obfs4 Docker image more usable
-------------------------------+-------------------------------
 Reporter:  phw                |          Owner:  phw
     Type:  defect             |         Status:  assigned
 Priority:  Medium             |      Milestone:
Component:  Circumvention      |        Version:
 Severity:  Normal             |     Resolution:
 Keywords:  docker, s30-o24a2  |  Actual Points:
Parent ID:  #31281             |         Points:  1
 Reviewer:                     |        Sponsor:  Sponsor30-can
-------------------------------+-------------------------------

Old description:

> Here is some feedback we got from an operator (see
> [https://www.securimancy.com/dockerizing-tor-bridge/ this blog post] for
> the full story):
>
> * Make it easier to get the bridge's fingerprint and/or bridge line. At
> the moment, users have to spawn a shell in the container, which is
> tedious.
> * Maybe provide a docker-compose file.
> * Improve our
> [https://community.torproject.org/relay/setup/bridge/docker/ official
> setup instructions]. [https://dip.torproject.org/torproject/anti-
> censorship/docker-obfs4-bridge These instructions] were more helpful to
> an operator.
> * Add a note that operators can run `docker logs <container>` to check if
> it's up and running.
> * Mention concerns regarding permanence: Ideally, a container should run
> as long as possible.
> * Allow running a bridge on a port <1024 (as per mrphs's request in
> comment:2).

New description:

 Here is some feedback we got from an operator (see
 [https://www.securimancy.com/dockerizing-tor-bridge/ this blog post] for
 the full story):

 * ~~Make it easier to get the bridge's fingerprint and/or bridge line. At
 the moment, users have to spawn a shell in the container, which is
 tedious.~~
 * Maybe provide a docker-compose file.
 * ~~Improve our
 [https://community.torproject.org/relay/setup/bridge/docker/ official
 setup instructions]. [https://dip.torproject.org/torproject/anti-
 censorship/docker-obfs4-bridge These instructions] were more helpful to an
 operator.~~
 * ~~Add a note that operators can run `docker logs <container>` to check
 if it's up and running.~~
 * Mention concerns regarding permanence: Ideally, a container should run
 as long as possible.
 * ~~Allow running a bridge on a port <1024 (as per mrphs's request in
 comment:2).~~

--

Comment (by phw):

 Here's a brief update with what I've managed to address so far:

 > Make it easier to get the bridge's fingerprint and/or bridge line. At
 the moment, users have to spawn a shell in the container, which is
 tedious.
 [[br]]
 Commit [https://dip.torproject.org/torproject/anti-censorship/docker-
 obfs4-bridge/commit/d2335c91ecc04e2236158ed80bd432ee8b07e6bd d2335c91]
 adds a script that determines the bridge line. Users can run it like this:
 {{{
 $ docker exec 9d66b756b3cc get-bridge-line
 obfs4 1.2.3.4:1234 A177E491C751488E7ADA397C7E47E4B3155723BD
 cert=KrQlXDh826TGTSywmtRaAZkq/dLI45m3Jl/drkYeaVD1ykghcJeFjyubff6hf1ZMG7ujeA
 iat-mode=0
 }}}
 [[br]]
 > Improve our [https://community.torproject.org/relay/setup/bridge/docker/
 official setup instructions]. [https://dip.torproject.org/torproject/anti-
 censorship/docker-obfs4-bridge These instructions] were more helpful to an
 operator.
 [[br]]
 I improved [https://community.torproject.org/relay/setup/bridge/docker/
 our official instructions] in commit
 [https://gitweb.torproject.org/project/web/community.git/commit/?id=bfe821bc6466793d8cffdec579b43df219dd28e5
 bfe821bc].
 [[br]]
 > Add a note that operators can run `docker logs <container>` to check if
 it's up and running.
 [[br]]
 Documented in commit
 [https://gitweb.torproject.org/project/web/community.git/commit/?id=bfe821bc6466793d8cffdec579b43df219dd28e5
 bfe821bc] and made possible in commit
 [https://dip.torproject.org/torproject/anti-censorship/docker-
 obfs4-bridge/commit/1f5fd1e8a094f15c4a98cd84040b33bda1861481 1f5fd1e8].
 [[br]]
 > Allow running a bridge on a port <1024 (as per mrphs's request in
 comment:2).
 [[br]]
 Fixed in commit [https://dip.torproject.org/torproject/anti-censorship
 /docker-obfs4-bridge/commit/aceb0c10a326ed5276d3bf291d3c6b5c7945cd26
 aceb0c10].

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31834#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs