tor: anon-inbound fixes (#42)

README.md

@@ -56,6 +56,7 @@ The following ports will be bound for `monerod` by default, but you can override
 - 18081   # restricted rpc
 - 18082   # zmq
 - 18083   # unrestricted rpc
+- 18084   # tor anonymous-inbound
 
 The following ports are commented out but can be enabled to test things locally:
 - 9090  # prometheus web ui

docker-compose.yaml

@@ -113,6 +113,7 @@ services:
       # - 127.0.0.1:9050:9050
     volumes:
       - tor:/var/lib/tor/monerod
+      - tor:/var/lib/tor/monerod-rpc
     networks:
       tor_net:
         ipv4_address: 172.31.255.250
@@ -141,11 +142,13 @@ services:
     volumes:
       - ${DATA_DIR:-./data}:/data
       - tor:/var/lib/tor/monerod:ro
+      - tor:/var/lib/tor/monerod-rpc:ro
     ports:
       - ${P2P_PORT:-18080}:18080                    # p2p
       - ${RESTRICTED_PORT:-18081}:18081             # restricted rpc
       - 127.0.0.1:${ZMQ_PORT:-18082}:18082          # zmq
       - 127.0.0.1:${UNRESTRICTED_PORT:-18083}:18083 # unrestricted rpc
+      - 127.0.0.1:${P2P_TOR:-18084}:18084           # tor anonymous-inbound
     networks:
       - tor_net
     command:

dockerfiles/monerod_entrypoint.sh

@@ -2,12 +2,27 @@
 
 # Dynamically determine onion address to serve monerod on tor network
 
-while [ ! -f /var/lib/tor/monerod/hostname ]; do
+hidden_service=(
-    echo -e "[+] Waiting for onion address to be generated"
+    monerod
-    sleep 1
+    monerod-rpc
+)
+for i in "${hidden_service[@]}"; do
+    tries=0
+    until [ -f /var/lib/tor/"${i}"/hostname ]; do
+        if [ $tries -ge 5 ]; then
+            echo "[+] Failed to generate ${i} onion address"
+            exit 1
+        fi
+        tries=$((tries+1))
+        echo -e "[${tries}] Waiting for ${i} onion address to be generated"
+        sleep 1
+    done
+    onion=$(cat "/var/lib/tor/${i}/hostname")
+    echo -e "[+] Generated /var/lib/tor/${i}/hostname\n${onion}\n"
 done
 
-export ONION_ADDRESS=$(cat /var/lib/tor/monerod/hostname)
+export ONION_ADDRESS=$(cat /var/lib/tor/monerod-rpc/hostname)
+export P2P_ONION_ADDRESS=$(cat /var/lib/tor/monerod/hostname)
 
 echo "=========================================="
 echo "Your Monero RPC Onion address is: ${ONION_ADDRESS}"
@@ -31,6 +46,6 @@ monerod \
     --log-level=0 \
     --rpc-ssl=disabled \
     --ban-list=/ban_list.txt \
-    --anonymous-inbound=${ONION_ADDRESS}:18081,127.0.0.1:18089,24 \
+    --anonymous-inbound=${P2P_ONION_ADDRESS}:18084,0.0.0.0:18084,24 \
     --tx-proxy=tor,172.31.255.250:9050,disable_noise,24 \
     --tx-proxy=i2p,172.31.255.251:4447,disable_noise,24

dockerfiles/tor

@@ -1,10 +1,10 @@
-FROM ubuntu:22.04
+FROM ubuntu:24.04
 
 RUN apt-get update && apt-get install tor -y
 
-RUN mkdir -p /run/tor /var/lib/tor/monerod \
+RUN mkdir -p /run/tor \
-  && chown -R debian-tor:debian-tor /run/tor /var/lib/tor/monerod \
+  && chown -R debian-tor:debian-tor /run/tor \
-  && chmod 700 -R /run/tor /var/lib/tor/monerod
+  && chmod 700 -R /run/tor
 
 COPY dockerfiles/tor-config /etc/tor/torrc
 

dockerfiles/tor-config

@@ -5,5 +5,9 @@ IPv6Exit 0
 Log notice stdout
 PublishServerDescriptor 0
 SOCKSPort 0.0.0.0:9050
-HiddenServiceDir /var/lib/tor/monerod
+
+HiddenServiceDir /var/lib/tor/monerod-rpc
 HiddenServicePort 18081 monerod:18081
+
+HiddenServiceDir /var/lib/tor/monerod
+HiddenServicePort 18084 monerod:18084

env-example

@@ -3,6 +3,7 @@ P2P_PORT=18080
 RESTRICTED_PORT=18081
 ZMQ_PORT=18082
 UNRESTRICTED_PORT=18083
+P2P_TOR=18084
 PROM_RETENTION=360d
 PROM_TAG=v2.36.0
 GRAFANA_URL=http://mynodeurl.com
@@ -14,4 +15,4 @@ GF_AUTH_DISABLE_LOGIN_FORM=false
 GF_SECURITY_ADMIN_PASSWORD=admin
 GF_SECURITY_ADMIN_USER=admin
 GF_INSTALL_PLUGINS=
-GF_SERVER_SERVE_FROM_SUB_PATH=false
+GF_SERVER_SERVE_FROM_SUB_PATH=false