Skip to content

Commit

Permalink
Merge pull request #1521 from riccardobl/tordev
Browse files Browse the repository at this point in the history
TOR patch
  • Loading branch information
huumn authored Nov 5, 2024
2 parents 803daed + 40ff3a8 commit 3112fc3
Show file tree
Hide file tree
Showing 20 changed files with 607 additions and 67 deletions.
5 changes: 3 additions & 2 deletions .env.development
Original file line number Diff line number Diff line change
Expand Up @@ -156,8 +156,9 @@ AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
PERSISTENCE=1
SKIP_SSL_CERT_DOWNLOAD=1

# tor
TOR_PROXY=http://127.0.0.1:7050/
# tor proxy
TOR_PROXY=http://tor:7050/
grpc_proxy=http://tor:7050/

# lnbits
LNBITS_WEB_PORT=5001
Expand Down
3 changes: 2 additions & 1 deletion api/lnd/index.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { cachedFetcher } from '@/lib/fetch'
import { toPositiveNumber } from '@/lib/validate'
import { authenticatedLndGrpc, getIdentity, getHeight, getWalletInfo, getNode } from 'ln-service'
import { authenticatedLndGrpc } from '@/lib/lnd'
import { getIdentity, getHeight, getWalletInfo, getNode } from 'ln-service'

const lnd = global.lnd || authenticatedLndGrpc({
cert: process.env.LND_CERT,
Expand Down
49 changes: 40 additions & 9 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,18 @@ services:
labels:
CONNECT: "localhost:5431"
cpu_shares: "${CPU_SHARES_IMPORTANT}"
tor:
build:
context: ./docker/tor
container_name: tor
restart: unless-stopped
volumes:
- tordata:/tordata/
cpu_shares: "${CPU_SHARES_LOW}"
env_file: *env_file
healthcheck:
<<: *healthcheck
test: ["CMD-SHELL", "bash /tor.sh check"]
app:
container_name: app
stdin_open: true
Expand Down Expand Up @@ -359,8 +371,13 @@ services:
healthcheck:
<<: *healthcheck
test: ["CMD-SHELL", "lncli", "getinfo"]
depends_on: *depends_on_bitcoin
depends_on:
tor:
condition: service_healthy
restart: true
<<: *depends_on_bitcoin
env_file: *env_file
entrypoint: /tor-entrypoint
command:
- 'lnd'
- '--noseedbackup'
Expand All @@ -369,6 +386,7 @@ services:
- '--externalip=stacker_lnd'
- '--tlsextradomain=stacker_lnd'
- '--tlsextradomain=host.docker.internal'
- '--tlsextradomain=$${ONION_DOMAIN}'
- '--listen=0.0.0.0:9735'
- '--rpclisten=0.0.0.0:10009'
- '--rpcmiddleware.enable'
Expand All @@ -394,6 +412,7 @@ services:
- "${STACKER_LND_GRPC_PORT}:10009"
volumes:
- stacker_lnd:/home/lnd/.lnd
- tordata:/home/lnd/.tor
labels:
ofelia.enabled: "true"
ofelia.job-exec.stacker_lnd_channel_cron.schedule: "@every 1m"
Expand Down Expand Up @@ -452,7 +471,11 @@ services:
healthcheck:
<<: *healthcheck
test: ["CMD-SHELL", "su clightning -c 'lightning-cli --network=regtest getinfo'"]
depends_on: *depends_on_bitcoin
depends_on:
tor:
condition: service_healthy
restart: true
<<: *depends_on_bitcoin
env_file: *env_file
command:
- 'lightningd'
Expand All @@ -471,6 +494,7 @@ services:
- "${STACKER_CLN_REST_PORT}:3010"
volumes:
- stacker_cln:/home/clightning/.lightning
- tordata:/home/clightning/.tor
labels:
ofelia.enabled: "true"
ofelia.job-exec.stacker_cln_channel_cron.schedule: "@every 1m"
Expand Down Expand Up @@ -528,16 +552,16 @@ services:
condition: service_healthy
restart: true
volumes:
- ./docker/lnd/stacker:/app/.lnd
- nwc_send:/app
- stacker_lnd:/app/.lnd
environment:
- RUST_LOG=info
entrypoint:
- './nostr-wallet-connect-lnd'
- '--relay'
- 'wss://relay.primal.net'
- '--macaroon-file'
- '/app/.lnd/regtest/admin.macaroon'
- '/app/.lnd/data/chain/bitcoin/regtest/admin.macaroon'
- '--cert-file'
- '/app/.lnd/tls.cert'
- '--lnd-host'
Expand All @@ -562,16 +586,16 @@ services:
condition: service_healthy
restart: true
volumes:
- ./docker/lnd/stacker:/app/.lnd
- nwc_recv:/app
- stacker_lnd:/app/.lnd
environment:
- RUST_LOG=info
entrypoint:
- './nostr-wallet-connect-lnd'
- '--relay'
- 'wss://relay.primal.net'
- '--invoice-macaroon-file'
- '/app/.lnd/regtest/invoice.macaroon'
- '/app/.lnd/data/chain/bitcoin/regtest/invoice.macaroon'
- '--cert-file'
- '/app/.lnd/tls.cert'
- '--lnd-host'
Expand All @@ -595,16 +619,22 @@ services:
ports:
- "${LNBITS_WEB_PORT}:5000"
depends_on:
- stacker_lnd
tor:
condition: service_healthy
restart: true
stacker_lnd:
condition: service_healthy
restart: true
environment:
- LNBITS_ADMIN_UI=true
- LNBITS_BACKEND_WALLET_CLASS=LndWallet
- LND_GRPC_ENDPOINT=stacker_lnd
- LND_GRPC_PORT=10009
- LND_GRPC_CERT=/app/.lnd/tls.cert
- LND_GRPC_MACAROON=/app/.lnd/regtest/admin.macaroon
- LND_GRPC_MACAROON=/app/.lnd/data/chain/bitcoin/regtest/admin.macaroon
volumes:
- ./docker/lnd/stacker:/app/.lnd
- stacker_lnd:/app/.lnd
- tordata:/app/.tor
labels:
CONNECT: "localhost:${LNBITS_WEB_PORT}"
cpu_shares: "${CPU_SHARES_LOW}"
Expand All @@ -618,3 +648,4 @@ volumes:
s3:
nwc_send:
nwc_recv:
tordata:
Binary file modified docker/lnbits/data/database.sqlite3
Binary file not shown.
5 changes: 4 additions & 1 deletion docker/lnd/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -9,4 +9,7 @@ RUN apt-get update -y \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

COPY ["./$LN_NODE_FOR/regtest/*", "/home/lnd/.lnd/data/chain/bitcoin/regtest/"]
COPY ["./$LN_NODE_FOR/tls.*", "/home/lnd/.lnd/"]
COPY ["./$LN_NODE_FOR/tls.*", "/home/lnd/.lnd/"]

ADD tor-entrypoint.sh /tor-entrypoint
RUN chmod +x /tor-entrypoint
15 changes: 0 additions & 15 deletions docker/lnd/stacker/tls.cert

This file was deleted.

5 changes: 0 additions & 5 deletions docker/lnd/stacker/tls.key

This file was deleted.

13 changes: 13 additions & 0 deletions docker/lnd/tor-entrypoint.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/bash

ONION_DOMAIN=""

if [ -f /home/lnd/.tor/hidden_service/hostname ]; then
ONION_DOMAIN=$(cat /home/lnd/.tor/hidden_service/hostname)
fi

# expand the cmd arguments
args=$(echo "$@" | sed -e "s/\${ONION_DOMAIN}/$ONION_DOMAIN/g")

# Execute the original entry point script with the modified command line``
/entrypoint.sh $args
15 changes: 15 additions & 0 deletions docker/tor/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
FROM debian:bookworm

RUN apt-get update -y \
&& apt-get install -y tor bash openssl netcat-traditional \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

ADD torrc /etc/tor/torrc.template
ADD tor.sh /tor.sh
ADD services.conf /services.conf
RUN mkdir -p /tordata && groupadd -g 1000 tor && useradd -u 1000 -g 1000 -m tor && chown -R tor:tor /tordata
EXPOSE 9050 9051 7050
VOLUME "/tordata"
USER tor
ENTRYPOINT [ "bash", "/tor.sh" ]
3 changes: 3 additions & 0 deletions docker/tor/services.conf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
HiddenServicePort 10009 stacker_lnd:10009
HiddenServicePort 3010 stacker_cln:3010
HiddenServicePort 5000 lnbits:5000
68 changes: 68 additions & 0 deletions docker/tor/tor.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
#!/bin/bash

function initialize {
####################### generate and save control password ########################
cp -f /etc/tor/torrc.template /tordata/torrc
TOR_PASSWORD=""
if [ -f /tordata/.env.torpass ]; then source /tordata/.env.torpass; fi

if [ -z "$torPassword" ]; then
TOR_PASSWORD=$(openssl rand -hex 32)
echo "TOR_PASSWORD=$TOR_PASSWORD" > /tordata/.env.torpass
fi

TOR_PASSWORD_HASH=$(tor --hash-password "$TOR_PASSWORD" 2>/dev/null | tail -n 1)
echo "Replacing %HashedControlPassword% with $TOR_PASSWORD_HASH"
sed -i "s|%HashedControlPassword%|$TOR_PASSWORD_HASH|g" /tordata/torrc
##################################################################################
}

function mergeServices {
cat /services.conf >> /tordata/torrc
}

# There is a circular dependency between tor and stacker_lnd:
# <-> tor needs stacker_lnd to be running to resolve the hidden service target
# <-> stacker_lnd needs to wait for tor to start and generate the hidden service address
# Afaik there isn't an "official" solution for this issue.
#
# This workaround starts tor the first time without the lnd hidden service
# and then re-start tor with the full configuration after the lnd service is ready.


if [ -f /tordata/start.timestamp ];
then
# Remove leftovers from a previous run
rm /tordata/start.timestamp
fi

if [ "$1" = "check" ];
then
if [ ! -f /tordata/start.timestamp ]; then
# if still initializing we just check if the hidden service was generated and use this as a healthcheck
if [ -f /tordata/hidden_service/hostname ]; then exit 0; else exit 1; fi
else
# run the real healthcheck
echo -e 'AUTHENTICATE "'$TOR_PASSWORD'"\nGETINFO status/circuit-established\nQUIT' | nc 127.0.0.1 9051 | grep OK || exit 1
exit 0
fi
else
# Step 1: we start tor with a fake hidden service that points to port 8080,
# just to get it to generate the hidden service data, then we kill it immediately after
echo "Initializing..."
initialize
tor -f /tordata/torrc &
pid=$!
sleep 60
kill $pid

# debug
ls /tordata/hidden_service/

# Step 2: we merge the service configuration and start tor again
echo "Starting tor..."
initialize
mergeServices
date +%s > /tordata/start.timestamp
tor -f /tordata/torrc
fi
Loading

0 comments on commit 3112fc3

Please sign in to comment.