-
-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support webtunnel, obfs and snowflake bridges #170
base: main
Are you sure you want to change the base?
Conversation
install obfs proxy
Default bridges
Hello, @frenck could you help to proceed with pr |
Snowflake 2.7.0 is dependent on go 1.21+. Let's use 2.6.1 since only 1.20.10-r0 is available in ghcr.io/hassio-addons/base:14.3.0
Bootstrapping with bridge takes upto 1 hour https://docs.docker.com/engine/reference/builder/#healthcheck
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
Outside diff range and nitpick comments (5)
tor/DOCS.md (5)
154-209
: Ensure consistency in the documentation format.The documentation for OBFS, Webtunnel, and Snowflake should follow a consistent format. Consider using the same introduction style for each plugin and ensuring that all examples are similarly structured.
Line range hint
94-94
: Correct the typo in "don not".- because you don not use any public address + because you do not use any public address
Line range hint
100-100
: Consider adding a comma for clarity.- The “stealth” entry above ensures traffic to and from your Home Assistant instance over Tor is hidden even from other nodes on the Tor network. + The “stealth” entry above ensures traffic to and from your Home Assistant instance over Tor is hidden, even from other nodes on the Tor network.
Line range hint
115-115
: Use "cannot" instead of "can not" for conciseness.- it can not find the path to the server. + it cannot find the path to the server.
Line range hint
124-124
: Use "inaccessible" to avoid wordiness.- the hidden service is not accessible for clients without authorization anymore. + the hidden service is inaccessible for clients without authorization.
Review Details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (5)
- .github/renovate.json (1 hunks)
- tor/DOCS.md (3 hunks)
- tor/Dockerfile (1 hunks)
- tor/config.yaml (2 hunks)
- tor/translations/en.yaml (1 hunks)
Files skipped from review as they are similar to previous changes (4)
- .github/renovate.json
- tor/Dockerfile
- tor/config.yaml
- tor/translations/en.yaml
Additional Context Used
LanguageTool (15)
tor/DOCS.md (15)
Near line 65: Loose punctuation mark.
Context: ...n issue. Possible values are: -trace
: Show every detail, like all called inte...
Near line 66: Loose punctuation mark.
Context: ...all called internal functions. -debug
: Shows detailed debug information. - `in...
Near line 67: Loose punctuation mark.
Context: ...ows detailed debug information. -info
: Normal (usually) interesting events. - ...
Near line 68: Loose punctuation mark.
Context: ...usually) interesting events. -warning
: Exceptional occurrences that are not er...
Near line 69: Loose punctuation mark.
Context: ...currences that are not errors. -error
: Runtime errors that do not require imme...
Near line 70: Loose punctuation mark.
Context: ... not require immediate action. -fatal
: Something went terribly wrong. Add-on b...
Near line 94: Did you mean “do not”?
Context: ...ress to its users. In fact, because you don not use any public address, you can run a h...
Near line 100: Possible missing comma found.
Context: ...our Home Assistant instance over Tor is hidden even from other nodes on the Tor networ...
Near line 115: Unless you want to emphasize “not”, use “cannot” which is more common.
Context: ...if the client does not have the key, it can not find the path to the server. It does, h...
Near line 124: Consider using “inaccessible” to avoid wordiness.
Context: ...is option is set, the hidden service is not accessible for clients without authorization anymo...
Near line 158: Did you mean “for”?
Context: ...sport plugins and bridges. Bridges are Tor relays that help you circumvent censors...
Near line 196: If the word ‘What’ starts a question, add a question mark at the end of the sentence.
Context: ... [snowflake][what-is-snowflake], example: ```yaml bridges: - >- snowflake ...
Near line 257: Loose punctuation mark.
Context: ...ented based on the following: -MAJOR
: Incompatible or major changes. - `MINOR...
Near line 258: Loose punctuation mark.
Context: ...Incompatible or major changes. -MINOR
: Backwards-compatible new features and e...
Near line 259: Loose punctuation mark.
Context: ...new features and enhancements. -PATCH
: Backwards-compatible bugfixes and packa...
Markdownlint (1)
tor/DOCS.md (1)
166: null
Bare URL used
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 6
Review Details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (2)
- tor/DOCS.md (3 hunks)
- tor/Dockerfile (1 hunks)
Additional Context Used
LanguageTool (14)
tor/DOCS.md (14)
Near line 65: Loose punctuation mark.
Context: ...n issue. Possible values are: -trace
: Show every detail, like all called inte...
Near line 66: Loose punctuation mark.
Context: ...all called internal functions. -debug
: Shows detailed debug information. - `in...
Near line 67: Loose punctuation mark.
Context: ...ows detailed debug information. -info
: Normal (usually) interesting events. - ...
Near line 68: Loose punctuation mark.
Context: ...usually) interesting events. -warning
: Exceptional occurrences that are not er...
Near line 69: Loose punctuation mark.
Context: ...currences that are not errors. -error
: Runtime errors that do not require imme...
Near line 70: Loose punctuation mark.
Context: ... not require immediate action. -fatal
: Something went terribly wrong. Add-on b...
Near line 94: Did you mean “do not”?
Context: ...ress to its users. In fact, because you don not use any public address, you can run a h...
Near line 115: Unless you want to emphasize “not”, use “cannot” which is more common.
Context: ...if the client does not have the key, it can not find the path to the server. It does, h...
Near line 124: Consider using “inaccessible” to avoid wordiness.
Context: ...is option is set, the hidden service is not accessible for clients without authorization anymo...
Near line 158: Did you mean “for”?
Context: ...sport plugins and bridges. Bridges are Tor relays that help you circumvent censors...
Near line 196: If the word ‘What’ starts a question, add a question mark at the end of the sentence.
Context: ... [snowflake][what-is-snowflake], example: ```yaml bridges: - >- snowflake ...
Near line 257: Loose punctuation mark.
Context: ...ented based on the following: -MAJOR
: Incompatible or major changes. - `MINOR...
Near line 258: Loose punctuation mark.
Context: ...Incompatible or major changes. -MINOR
: Backwards-compatible new features and e...
Near line 259: Loose punctuation mark.
Context: ...new features and enhancements. -PATCH
: Backwards-compatible bugfixes and packa...
Markdownlint (1)
tor/DOCS.md (1)
166: null
Bare URL used
Hadolint (1)
tor/Dockerfile (1)
49: Multiple consecutive
RUN
instructions. Consider consolidation.
Additional comments not posted (2)
tor/Dockerfile (1)
26-28
: Ensure that the cloned repositories are the correct versions and sources as intended. This is crucial for maintaining the expected functionality and security.Verification successful
The specified versions for the repositories are correct and exist as intended:
obfs4proxy-0.0.14
in theobfs4
repository.v2.9.2
in thesnowflake
repository.Scripts Executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify the cloned repositories are from the correct sources and versions. # Test: Check the repository URLs and branches. cat tor/Dockerfile | grep 'git clone'Length of output: 419
Script:
#!/bin/bash # Description: Verify the values of OBFS_VERSION and SNOWFLAKE_VERSION environment variables. # Search for the definitions of OBFS_VERSION and SNOWFLAKE_VERSION in the Dockerfile and related configuration files. grep -E 'OBFS_VERSION|SNOWFLAKE_VERSION' tor/Dockerfile grep -E 'OBFS_VERSION|SNOWFLAKE_VERSION' tor/*.env grep -E 'OBFS_VERSION|SNOWFLAKE_VERSION' tor/*.shLength of output: 567
Script:
#!/bin/bash # Description: Verify the existence of the specified versions in the respective repositories. # Check if the specified OBFS_VERSION exists in the obfs4 repository. git ls-remote --tags https://github.com/Yawning/obfs4.git | grep 'refs/tags/obfs4proxy-0.0.14' # Check if the specified SNOWFLAKE_VERSION exists in the snowflake repository. git ls-remote --tags https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git | grep 'refs/tags/v2.9.2'Length of output: 486
tor/DOCS.md (1)
196-196
: Add a question mark to make it a proper question.- What is [snowflake][what-is-snowflake], example: + What is [snowflake][what-is-snowflake]? For example:Likely invalid or redundant comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
Review Details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (2)
- tor/DOCS.md (3 hunks)
- tor/Dockerfile (1 hunks)
Additional Context Used
LanguageTool (14)
tor/DOCS.md (14)
Near line 65: Loose punctuation mark.
Context: ...n issue. Possible values are: -trace
: Show every detail, like all called inte...
Near line 66: Loose punctuation mark.
Context: ...all called internal functions. -debug
: Shows detailed debug information. - `in...
Near line 67: Loose punctuation mark.
Context: ...ows detailed debug information. -info
: Normal (usually) interesting events. - ...
Near line 68: Loose punctuation mark.
Context: ...usually) interesting events. -warning
: Exceptional occurrences that are not er...
Near line 69: Loose punctuation mark.
Context: ...currences that are not errors. -error
: Runtime errors that do not require imme...
Near line 70: Loose punctuation mark.
Context: ... not require immediate action. -fatal
: Something went terribly wrong. Add-on b...
Near line 94: Did you mean “do not”?
Context: ...ress to its users. In fact, because you don not use any public address, you can run a h...
Near line 115: Unless you want to emphasize “not”, use “cannot” which is more common.
Context: ...if the client does not have the key, it can not find the path to the server. It does, h...
Near line 124: Consider using “inaccessible” to avoid wordiness.
Context: ...is option is set, the hidden service is not accessible for clients without authorization anymo...
Near line 158: Did you mean “for”?
Context: ...sport plugins and bridges. Bridges are Tor relays that help you circumvent censors...
Near line 196: If the word ‘What’ starts a question, add a question mark at the end of the sentence.
Context: ... [snowflake][what-is-snowflake], example: ```yaml bridges: - >- snowflake ...
Near line 257: Loose punctuation mark.
Context: ...ented based on the following: -MAJOR
: Incompatible or major changes. - `MINOR...
Near line 258: Loose punctuation mark.
Context: ...Incompatible or major changes. -MINOR
: Backwards-compatible new features and e...
Near line 259: Loose punctuation mark.
Context: ...new features and enhancements. -PATCH
: Backwards-compatible bugfixes and packa...
Hadolint (1)
tor/Dockerfile (1)
49: Multiple consecutive
RUN
instructions. Consider consolidation.
Additional comments not posted (5)
tor/Dockerfile (4)
52-52
: Consider making theHEALTHCHECK
start period configurable to accommodate different user environments and bridge connection times.- --start-period=60m \ + --start-period=${HEALTHCHECK_START_PERIOD:-60m} \This allows users to set the start period via an environment variable, providing flexibility based on their specific setup.
Likely invalid or redundant comment.
49-49
: Consolidate thesetcap
commands into a singleRUN
instruction to optimize the Dockerfile and reduce the number of layers.- RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy /usr/local/bin/snowflake /usr/local/bin/webtunnel + RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy /usr/local/bin/snowflake /usr/local/bin/webtunnelLikely invalid or redundant comment.
12-19
: Consider consolidating theapk add
commands into a singleRUN
instruction to reduce the number of layers.- RUN apk add --no-cache \ - coreutils=9.4-r2 \ - openssl=3.1.5-r0 \ - tor=0.4.8.11-r0 \ - go=1.21.10-r0 \ - git=2.43.4-r0 \ - ca-certificates=20240226-r0 \ - libcap=2.69-r1 + RUN apk add --no-cache coreutils=9.4-r2 openssl=3.1.5-r0 tor=0.4.8.11-r0 go=1.21.10-r0 git=2.43.4-r0 ca-certificates=20240226-r0 libcap=2.69-r1Likely invalid or redundant comment.
26-28
: Ensure that the cloning of repositories is done in a secure manner by verifying the integrity of the repositories.tor/DOCS.md (1)
158-158
: Clarify the intent of the sentence to improve readability.- Keep the option value clean to avoid using any transport plugins and bridges. + Ensure the option value is clear to avoid unintended use of transport plugins and bridges.Likely invalid or redundant comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (2)
- .github/renovate.json (1 hunks)
- tor/Dockerfile (1 hunks)
Additional comments not posted (9)
.github/renovate.json (3)
28-34
: LGTM! Addition ofobfs4
dependency configuration.The configuration for
obfs4
in the Dockerfile is correct and aligns with the existing style.
35-43
: LGTM! Addition ofsnowflake
dependency configuration.The configuration for
snowflake
in the Dockerfile is correct and aligns with the existing style.
44-51
: LGTM! Addition ofwebtunnel
dependency configuration.The configuration for
webtunnel
in the Dockerfile is correct and aligns with the existing style.tor/Dockerfile (6)
16-20
: LGTM! Addition of installation commands for Go, Git, and other dependencies.The installation commands for Go, Git, and other dependencies, as well as the updated Tor version, are correct.
24-26
: LGTM! Addition of ARG variables forobfs4proxy
,snowflake
, andwebtunnel
versions.The ARG variables for
obfs4proxy
,snowflake
, andwebtunnel
versions are correct and align with best practices.
27-29
: LGTM! Addition of git clone commands forobfs4
,snowflake
, andwebtunnel
.The git clone commands for
obfs4
,snowflake
, andwebtunnel
are correct and align with the existing style.
31-33
: LGTM! Addition of build command forobfs4proxy
.The build command for
obfs4proxy
is correct and aligns with the existing style.
35-38
: LGTM! Addition of build command forsnowflake
.The build command for
snowflake
is correct and aligns with the existing style.
40-43
: LGTM! Addition of build command forwebtunnel
.The build command for
webtunnel
is correct and aligns with the existing style.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 3
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- tor/Dockerfile (1 hunks)
Additional comments not posted (3)
tor/Dockerfile (3)
45-48
: Cleanup section approved.The cleanup section is correct and necessary.
24-29
: Verify repository URLs and branches.Ensure that the specified repositories and branches for
obfs4proxy
,snowflake
, andwebtunnel
exist and are correct. Combine thegit clone
commands to reduce the number of layers.- RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \ - && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ - && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git + RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git && \ + git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git && \ + git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.gitVerification successful
Verification successful and suggestion for improvement.
The repository URLs and branches/tags for
obfs4proxy
,snowflake
, andwebtunnel
are correct and accessible. To improve efficiency, consider combining thegit clone
commands to reduce the number of layers in the Dockerfile.
- Repositories and branches/tags verified:
- RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \ - && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ - && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git + RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git && \ + git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git && \ + git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.gitScripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Verify the repository URLs and branches for obfs4proxy, snowflake, and webtunnel. # Test: Check if the repositories and branches exist. git ls-remote https://github.com/Yawning/obfs4.git ${OBFS_VERSION} git ls-remote https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git ${SNOWFLAKE_VERSION} git ls-remote https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.gitLength of output: 10969
55-55
: Make theHEALTHCHECK
start period configurable.Consider making the
HEALTHCHECK
start period configurable to accommodate different user environments and bridge connection times.- --start-period=60m \ + --start-period=${HEALTHCHECK_START_PERIOD:-60m} \Likely invalid or redundant comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Files selected for processing (1)
- tor/Dockerfile (1 hunks)
Additional comments not posted (6)
tor/Dockerfile (6)
16-20
: Consolidate theapk add
commands.Consider consolidating the
apk add
commands into a singleRUN
instruction to reduce the number of layers.- RUN apk add --no-cache \ - coreutils=9.5-r1 \ - openssl=3.3.1-r3 \ - tor=0.4.8.12-r0 \ - go=1.22.4-r0 \ - git=2.45.2-r0 \ - ca-certificates=20240226-r0 \ - libcap=2.70-r0 + RUN apk add --no-cache coreutils=9.5-r1 openssl=3.3.1-r3 tor=0.4.8.12-r0 go=1.22.4-r0 git=2.45.2-r0 ca-certificates=20240226-r0 libcap=2.70-r0
24-29
: Verify repository URLs and consolidategit clone
commands.Ensure that the specified repositories and branches for
obfs4proxy
,snowflake
, andwebtunnel
exist and are correct. Combine thegit clone
commands to reduce the number of layers.- RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git \ - && git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git \ - && git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git + RUN git clone -b ${OBFS_VERSION} --single-branch --depth 1 https://github.com/Yawning/obfs4.git && \ + git clone -b ${SNOWFLAKE_VERSION} --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/snowflake.git && \ + git clone --single-branch --depth 1 https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel.git
31-43
: Verify build commands and consolidate them.Ensure the build commands for
obfs4proxy
,snowflake
, andwebtunnel
are correct and efficient. Consider combining thego build
commands to reduce the number of layers.- RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy - RUN go get \ - && go build -o /usr/local/bin/snowflake - RUN git reset --hard ${WEBTUNNEL_VERSION} \ - && go build -ldflags="-s -w" -o /usr/local/bin/webtunnel + RUN go build -o /usr/local/bin/obfs4proxy ./obfs4proxy && \ + go get && \ + go build -o /usr/local/bin/snowflake && \ + git reset --hard ${WEBTUNNEL_VERSION} && \ + go build -ldflags="-s -w" -o /usr/local/bin/webtunnel
45-47
: Cleanup step is appropriate.Removing the
/go
directory after the build is a good practice to reduce the image size.
49-52
: Consolidate thesetcap
commands.Consolidate the
setcap
commands into a singleRUN
instruction to reduce the number of layers.- RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy \ - && setcap 'cap_net_bind_service=+ep' /usr/local/bin/snowflake \ - && setcap 'cap_net_bind_service=+ep' /usr/local/bin/webtunnel + RUN setcap 'cap_net_bind_service=+ep' /usr/local/bin/obfs4proxy /usr/local/bin/snowflake /usr/local/bin/webtunnel
55-55
: Consider making theHEALTHCHECK
start period configurable.To accommodate different user environments and bridge connection times, consider making the
HEALTHCHECK
start period configurable.- --start-period=60m \ + --start-period=${HEALTHCHECK_START_PERIOD:-60m} \
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Proposed Changes
One more option to resolve tor network connectivity issue.
Dockerfile
Scripts
/etc/tor/torrc
before the first tor executionRelated Issues
Summary by CodeRabbit
New Features
Enhancements
Configuration Updates