Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support webtunnel, obfs and snowflake bridges #170

Open
wants to merge 48 commits into
base: main
Choose a base branch
from

Conversation

akrigator
Copy link

@akrigator akrigator commented May 11, 2023

Proposed Changes

One more option to resolve tor network connectivity issue.

Dockerfile

  • install Go and dependent packages
  • build obfs4proxy and snowflake client by Go

Scripts

  • Push bridge configuration from addon's configuration to /etc/tor/torrc before the first tor execution

Related Issues

Summary by CodeRabbit

  • New Features

    • Added support for obfs4, snowflake, and webtunnel in the Tor Dockerfile for enhanced connectivity options.
    • Enabled bridge configurations and various transport plugins in the Tor service initialization.
  • Enhancements

    • Adjusted health check start period from 5 minutes to 60 minutes for improved initial setup time.
    • Included additional tools and dependencies to improve the build environment for pluggable transports.
  • Configuration Updates

    • Added bridge options in the Tor configuration and updated translation files to include bridge configuration descriptions.

Renat Gabdulhakov added 4 commits May 9, 2023 22:54
@akrigator
Copy link
Author

Hello, @frenck could you help to proceed with pr

@akrigator akrigator changed the title Support obfs4 bridges Support obfs and snowflake bridges Aug 17, 2023
@akrigator akrigator changed the title Support obfs and snowflake bridges Support webtunnel, obfs and snowflake bridges Oct 24, 2023
tor/Dockerfile Outdated Show resolved Hide resolved
tor/Dockerfile Outdated Show resolved Hide resolved
tor/Dockerfile Outdated Show resolved Hide resolved
tor/Dockerfile Outdated Show resolved Hide resolved
tor/Dockerfile Show resolved Hide resolved
@frenck frenck added the new-feature New features or options. label Jan 7, 2024
@frenck frenck marked this pull request as draft January 7, 2024 15:24
akrigator added 2 commits January 9, 2024 09:28
- setup renovate to manage tor trasports plugins versioning
- install transport plugins in single docker layer
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Outside diff range and nitpick comments (5)
tor/DOCS.md (5)

154-209: Ensure consistency in the documentation format.

The documentation for OBFS, Webtunnel, and Snowflake should follow a consistent format. Consider using the same introduction style for each plugin and ensuring that all examples are similarly structured.


Line range hint 94-94: Correct the typo in "don not".

- because you don not use any public address
+ because you do not use any public address

Line range hint 100-100: Consider adding a comma for clarity.

- The “stealth” entry above ensures traffic to and from your Home Assistant instance over Tor is hidden even from other nodes on the Tor network.
+ The “stealth” entry above ensures traffic to and from your Home Assistant instance over Tor is hidden, even from other nodes on the Tor network.

Line range hint 115-115: Use "cannot" instead of "can not" for conciseness.

- it can not find the path to the server.
+ it cannot find the path to the server.

Line range hint 124-124: Use "inaccessible" to avoid wordiness.

- the hidden service is not accessible for clients without authorization anymore.
+ the hidden service is inaccessible for clients without authorization.
Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits Files that changed from the base of the PR and between 9f48fee and 8de4f8f.
Files selected for processing (5)
  • .github/renovate.json (1 hunks)
  • tor/DOCS.md (3 hunks)
  • tor/Dockerfile (1 hunks)
  • tor/config.yaml (2 hunks)
  • tor/translations/en.yaml (1 hunks)
Files skipped from review as they are similar to previous changes (4)
  • .github/renovate.json
  • tor/Dockerfile
  • tor/config.yaml
  • tor/translations/en.yaml
Additional Context Used
LanguageTool (15)
tor/DOCS.md (15)

Near line 65: Loose punctuation mark.
Context: ...n issue. Possible values are: - trace: Show every detail, like all called inte...


Near line 66: Loose punctuation mark.
Context: ...all called internal functions. - debug: Shows detailed debug information. - `in...


Near line 67: Loose punctuation mark.
Context: ...ows detailed debug information. - info: Normal (usually) interesting events. - ...


Near line 68: Loose punctuation mark.
Context: ...usually) interesting events. - warning: Exceptional occurrences that are not er...


Near line 69: Loose punctuation mark.
Context: ...currences that are not errors. - error: Runtime errors that do not require imme...


Near line 70: Loose punctuation mark.
Context: ... not require immediate action. - fatal: Something went terribly wrong. Add-on b...


Near line 94: Did you mean “do not”?
Context: ...ress to its users. In fact, because you don not use any public address, you can run a h...


Near line 100: Possible missing comma found.
Context: ...our Home Assistant instance over Tor is hidden even from other nodes on the Tor networ...


Near line 115: Unless you want to emphasize “not”, use “cannot” which is more common.
Context: ...if the client does not have the key, it can not find the path to the server. It does, h...


Near line 124: Consider using “inaccessible” to avoid wordiness.
Context: ...is option is set, the hidden service is not accessible for clients without authorization anymo...


Near line 158: Did you mean “for”?
Context: ...sport plugins and bridges. Bridges are Tor relays that help you circumvent censors...


Near line 196: If the word ‘What’ starts a question, add a question mark at the end of the sentence.
Context: ... [snowflake][what-is-snowflake], example: ```yaml bridges: - >- snowflake ...


Near line 257: Loose punctuation mark.
Context: ...ented based on the following: - MAJOR: Incompatible or major changes. - `MINOR...


Near line 258: Loose punctuation mark.
Context: ...Incompatible or major changes. - MINOR: Backwards-compatible new features and e...


Near line 259: Loose punctuation mark.
Context: ...new features and enhancements. - PATCH: Backwards-compatible bugfixes and packa...

Markdownlint (1)
tor/DOCS.md (1)

166: null
Bare URL used

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 6

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits Files that changed from the base of the PR and between 8de4f8f and db3ac52.
Files selected for processing (2)
  • tor/DOCS.md (3 hunks)
  • tor/Dockerfile (1 hunks)
Additional Context Used
LanguageTool (14)
tor/DOCS.md (14)

Near line 65: Loose punctuation mark.
Context: ...n issue. Possible values are: - trace: Show every detail, like all called inte...


Near line 66: Loose punctuation mark.
Context: ...all called internal functions. - debug: Shows detailed debug information. - `in...


Near line 67: Loose punctuation mark.
Context: ...ows detailed debug information. - info: Normal (usually) interesting events. - ...


Near line 68: Loose punctuation mark.
Context: ...usually) interesting events. - warning: Exceptional occurrences that are not er...


Near line 69: Loose punctuation mark.
Context: ...currences that are not errors. - error: Runtime errors that do not require imme...


Near line 70: Loose punctuation mark.
Context: ... not require immediate action. - fatal: Something went terribly wrong. Add-on b...


Near line 94: Did you mean “do not”?
Context: ...ress to its users. In fact, because you don not use any public address, you can run a h...


Near line 115: Unless you want to emphasize “not”, use “cannot” which is more common.
Context: ...if the client does not have the key, it can not find the path to the server. It does, h...


Near line 124: Consider using “inaccessible” to avoid wordiness.
Context: ...is option is set, the hidden service is not accessible for clients without authorization anymo...


Near line 158: Did you mean “for”?
Context: ...sport plugins and bridges. Bridges are Tor relays that help you circumvent censors...


Near line 196: If the word ‘What’ starts a question, add a question mark at the end of the sentence.
Context: ... [snowflake][what-is-snowflake], example: ```yaml bridges: - >- snowflake ...


Near line 257: Loose punctuation mark.
Context: ...ented based on the following: - MAJOR: Incompatible or major changes. - `MINOR...


Near line 258: Loose punctuation mark.
Context: ...Incompatible or major changes. - MINOR: Backwards-compatible new features and e...


Near line 259: Loose punctuation mark.
Context: ...new features and enhancements. - PATCH: Backwards-compatible bugfixes and packa...

Markdownlint (1)
tor/DOCS.md (1)

166: null
Bare URL used

Hadolint (1)
tor/Dockerfile (1)

49: Multiple consecutive RUN instructions. Consider consolidation.

Additional comments not posted (2)
tor/Dockerfile (1)

26-28: Ensure that the cloned repositories are the correct versions and sources as intended. This is crucial for maintaining the expected functionality and security.

Verification successful

The specified versions for the repositories are correct and exist as intended:

  • obfs4proxy-0.0.14 in the obfs4 repository.
  • v2.9.2 in the snowflake repository.
Scripts Executed

The following scripts were executed for the analysis:


Script:

#!/bin/bash
# Description: Verify the cloned repositories are from the correct sources and versions.

# Test: Check the repository URLs and branches.
cat tor/Dockerfile | grep 'git clone'

Length of output: 419



Script:

#!/bin/bash
# Description: Verify the values of OBFS_VERSION and SNOWFLAKE_VERSION environment variables.

# Search for the definitions of OBFS_VERSION and SNOWFLAKE_VERSION in the Dockerfile and related configuration files.
grep -E 'OBFS_VERSION|SNOWFLAKE_VERSION' tor/Dockerfile
grep -E 'OBFS_VERSION|SNOWFLAKE_VERSION' tor/*.env
grep -E 'OBFS_VERSION|SNOWFLAKE_VERSION' tor/*.sh

Length of output: 567



Script:

#!/bin/bash
# Description: Verify the existence of the specified versions in the respective repositories.

# Check if the specified OBFS_VERSION exists in the obfs4 repository.
git ls-remote --tags https://github.com/Yawning/obfs4.git | grep 'refs/tags/obfs4proxy-0.0.14'

# Check if the specified SNOWFLAKE_VERSION exists in the snowflake repository.
git ls-remote --tags https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git | grep 'refs/tags/v2.9.2'

Length of output: 486

tor/DOCS.md (1)

196-196: Add a question mark to make it a proper question.

- What is [snowflake][what-is-snowflake], example:
+ What is [snowflake][what-is-snowflake]? For example:

Likely invalid or redundant comment.

tor/Dockerfile Show resolved Hide resolved
tor/Dockerfile Outdated Show resolved Hide resolved
tor/Dockerfile Outdated Show resolved Hide resolved
tor/DOCS.md Outdated Show resolved Hide resolved
tor/DOCS.md Show resolved Hide resolved
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 2

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits Files that changed from the base of the PR and between db3ac52 and 69a20f8.
Files selected for processing (2)
  • tor/DOCS.md (3 hunks)
  • tor/Dockerfile (1 hunks)
Additional Context Used
LanguageTool (14)
tor/DOCS.md (14)

Near line 65: Loose punctuation mark.
Context: ...n issue. Possible values are: - trace: Show every detail, like all called inte...


Near line 66: Loose punctuation mark.
Context: ...all called internal functions. - debug: Shows detailed debug information. - `in...


Near line 67: Loose punctuation mark.
Context: ...ows detailed debug information. - info: Normal (usually) interesting events. - ...


Near line 68: Loose punctuation mark.
Context: ...usually) interesting events. - warning: Exceptional occurrences that are not er...


Near line 69: Loose punctuation mark.
Context: ...currences that are not errors. - error: Runtime errors that do not require imme...


Near line 70: Loose punctuation mark.
Context: ... not require immediate action. - fatal: Something went terribly wrong. Add-on b...


Near line 94: Did you mean “do not”?
Context: ...ress to its users. In fact, because you don not use any public address, you can run a h...


Near line 115: Unless you want to emphasize “not”, use “cannot” which is more common.
Context: ...if the client does not have the key, it can not find the path to the server. It does, h...


Near line 124: Consider using “inaccessible” to avoid wordiness.
Context: ...is option is set, the hidden service is not accessible for clients without authorization anymo...


Near line 158: Did you mean “for”?
Context: ...sport plugins and bridges. Bridges are Tor relays that help you circumvent censors...


Near line 196: If the word ‘What’ starts a question, add a question mark at the end of the sentence.
Context: ... [snowflake][what-is-snowflake], example: ```yaml bridges: - >- snowflake ...


Near line 257: Loose punctuation mark.
Context: ...ented based on the following: - MAJOR: Incompatible or major changes. - `MINOR...


Near line 258: Loose punctuation mark.
Context: ...Incompatible or major changes. - MINOR: Backwards-compatible new features and e...


Near line 259: Loose punctuation mark.
Context: ...new features and enhancements. - PATCH: Backwards-compatible bugfixes and packa...

Hadolint (1)
tor/Dockerfile (1)

49: Multiple consecutive RUN instructions. Consider consolidation.

Additional comments not posted (5)
tor/Dockerfile (4)

52-52: Consider making the HEALTHCHECK start period configurable to accommodate different user environments and bridge connection times.

-    --start-period=60m \
+    --start-period=${HEALTHCHECK_START_PERIOD:-60m} \

This allows users to set the start period via an environment variable, providing flexibility based on their specific setup.

Likely invalid or redundant comment.


49-49: Consolidate the setcap commands into a single RUN instruction to optimize the Dockerfile and reduce the number of layers.

- RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy /usr/local/bin/snowflake /usr/local/bin/webtunnel
+ RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy /usr/local/bin/snowflake /usr/local/bin/webtunnel

Likely invalid or redundant comment.


12-19: Consider consolidating the apk add commands into a single RUN instruction to reduce the number of layers.

- RUN apk add --no-cache \
-        coreutils=9.4-r2 \
-        openssl=3.1.5-r0 \
-        tor=0.4.8.11-r0 \
-        go=1.21.10-r0 \
-        git=2.43.4-r0 \
-        ca-certificates=20240226-r0 \
-        libcap=2.69-r1
+ RUN apk add --no-cache coreutils=9.4-r2 openssl=3.1.5-r0 tor=0.4.8.11-r0 go=1.21.10-r0 git=2.43.4-r0 ca-certificates=20240226-r0 libcap=2.69-r1

Likely invalid or redundant comment.


26-28: Ensure that the cloning of repositories is done in a secure manner by verifying the integrity of the repositories.

tor/DOCS.md (1)

158-158: Clarify the intent of the sentence to improve readability.

- Keep the option value clean to avoid using any transport plugins and bridges.
+ Ensure the option value is clear to avoid unintended use of transport plugins and bridges.

Likely invalid or redundant comment.

tor/DOCS.md Show resolved Hide resolved
tor/DOCS.md Show resolved Hide resolved
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review Details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits Files that changed from the base of the PR and between 69a20f8 and 035a760.
Files selected for processing (1)
  • tor/Dockerfile (1 hunks)
Files skipped from review as they are similar to previous changes (1)
  • tor/Dockerfile

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 035a760 and 8e6dd56.

Files selected for processing (2)
  • .github/renovate.json (1 hunks)
  • tor/Dockerfile (1 hunks)
Additional comments not posted (9)
.github/renovate.json (3)

28-34: LGTM! Addition of obfs4 dependency configuration.

The configuration for obfs4 in the Dockerfile is correct and aligns with the existing style.


35-43: LGTM! Addition of snowflake dependency configuration.

The configuration for snowflake in the Dockerfile is correct and aligns with the existing style.


44-51: LGTM! Addition of webtunnel dependency configuration.

The configuration for webtunnel in the Dockerfile is correct and aligns with the existing style.

tor/Dockerfile (6)

16-20: LGTM! Addition of installation commands for Go, Git, and other dependencies.

The installation commands for Go, Git, and other dependencies, as well as the updated Tor version, are correct.


24-26: LGTM! Addition of ARG variables for obfs4proxy, snowflake, and webtunnel versions.

The ARG variables for obfs4proxy, snowflake, and webtunnel versions are correct and align with best practices.


27-29: LGTM! Addition of git clone commands for obfs4, snowflake, and webtunnel.

The git clone commands for obfs4, snowflake, and webtunnel are correct and align with the existing style.


31-33: LGTM! Addition of build command for obfs4proxy.

The build command for obfs4proxy is correct and aligns with the existing style.


35-38: LGTM! Addition of build command for snowflake.

The build command for snowflake is correct and aligns with the existing style.


40-43: LGTM! Addition of build command for webtunnel.

The build command for webtunnel is correct and aligns with the existing style.

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 8e6dd56 and 2b77e9a.

Files selected for processing (1)
  • tor/Dockerfile (1 hunks)
Files skipped from review as they are similar to previous changes (1)
  • tor/Dockerfile

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 2b77e9a and 335465e.

Files selected for processing (1)
  • tor/Dockerfile (1 hunks)

tor/Dockerfile Outdated Show resolved Hide resolved
tor/Dockerfile Outdated Show resolved Hide resolved
tor/Dockerfile Show resolved Hide resolved
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 335465e and fed695a.

Files selected for processing (1)
  • tor/Dockerfile (1 hunks)
Additional comments not posted (3)
tor/Dockerfile (3)

45-48: Cleanup section approved.

The cleanup section is correct and necessary.


24-29: Verify repository URLs and branches.

Ensure that the specified repositories and branches for obfs4proxy, snowflake, and webtunnel exist and are correct. Combine the git clone commands to reduce the number of layers.

- RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \
-    && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \
-    && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
+ RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git && \
+    git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git && \
+    git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
Verification successful

Verification successful and suggestion for improvement.

The repository URLs and branches/tags for obfs4proxy, snowflake, and webtunnel are correct and accessible. To improve efficiency, consider combining the git clone commands to reduce the number of layers in the Dockerfile.

- RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \
-    && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \
-    && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
+ RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git && \
+    git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git && \
+    git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify the repository URLs and branches for obfs4proxy, snowflake, and webtunnel.

# Test: Check if the repositories and branches exist.
git ls-remote https://github.com/Yawning/obfs4.git ${OBFS_VERSION}
git ls-remote https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git ${SNOWFLAKE_VERSION}
git ls-remote https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git

Length of output: 10969


55-55: Make the HEALTHCHECK start period configurable.

Consider making the HEALTHCHECK start period configurable to accommodate different user environments and bridge connection times.

-    --start-period=60m \
+    --start-period=${HEALTHCHECK_START_PERIOD:-60m} \

Likely invalid or redundant comment.

tor/Dockerfile Outdated Show resolved Hide resolved
tor/Dockerfile Show resolved Hide resolved
tor/Dockerfile Show resolved Hide resolved
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between fed695a and dab5dd8.

Files selected for processing (1)
  • tor/Dockerfile (1 hunks)
Additional comments not posted (6)
tor/Dockerfile (6)

16-20: Consolidate the apk add commands.

Consider consolidating the apk add commands into a single RUN instruction to reduce the number of layers.

- RUN apk add --no-cache \
-        coreutils=9.5-r1 \
-        openssl=3.3.1-r3 \
-        tor=0.4.8.12-r0 \
-        go=1.22.4-r0 \
-        git=2.45.2-r0 \
-        ca-certificates=20240226-r0 \
-        libcap=2.70-r0
+ RUN apk add --no-cache coreutils=9.5-r1 openssl=3.3.1-r3 tor=0.4.8.12-r0 go=1.22.4-r0 git=2.45.2-r0 ca-certificates=20240226-r0 libcap=2.70-r0

24-29: Verify repository URLs and consolidate git clone commands.

Ensure that the specified repositories and branches for obfs4proxy, snowflake, and webtunnel exist and are correct. Combine the git clone commands to reduce the number of layers.

- RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \
-    && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \
-    && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
+ RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git && \
+    git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git && \
+    git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git

31-43: Verify build commands and consolidate them.

Ensure the build commands for obfs4proxy, snowflake, and webtunnel are correct and efficient. Consider combining the go build commands to reduce the number of layers.

- RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy
- RUN go get \
-    && go build -o /usr/local/bin/snowflake
- RUN git reset --hard ${WEBTUNNEL_VERSION} \
-    && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel
+ RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy && \
+    go get && \
+    go build -o /usr/local/bin/snowflake && \
+    git reset --hard ${WEBTUNNEL_VERSION} && \
+    go build -ldflags="-s -w" -o /usr/local/bin/webtunnel

45-47: Cleanup step is appropriate.

Removing the /go directory after the build is a good practice to reduce the image size.


49-52: Consolidate the setcap commands.

Consolidate the setcap commands into a single RUN instruction to reduce the number of layers.

- RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \
-     && setcap 'cap_net_bind_service=+ep'  /usr/local/bin/snowflake \
-     && setcap 'cap_net_bind_service=+ep'  /usr/local/bin/webtunnel
+ RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy /usr/local/bin/snowflake /usr/local/bin/webtunnel

55-55: Consider making the HEALTHCHECK start period configurable.

To accommodate different user environments and bridge connection times, consider making the HEALTHCHECK start period configurable.

-    --start-period=60m \
+    --start-period=${HEALTHCHECK_START_PERIOD:-60m} \

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between dab5dd8 and 0f955a2.

Files selected for processing (1)
  • tor/Dockerfile (1 hunks)
Files skipped from review as they are similar to previous changes (1)
  • tor/Dockerfile

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
new-feature New features or options.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants