bj
/
torch-subscriber-docker
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
23 Commits
1 Branch
0 Tags
51 KiB
Shell 68.6%
Dockerfile 31.4%
 
 
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Go to file
B.J. Dweck a5059fafae fixed svc-hostname script error with curl and grep 2 years ago
example-config Parameterized docker-compose.yml file using .env 3 years ago
scripts bugfig: docker error cannot mount file as directory 2 years ago
subscriber Refactored... still works 3 years ago
tor fixed svc-hostname script error with curl and grep 2 years ago
.env.example Parameterized docker-compose.yml file using .env 3 years ago
.gitignore ignore production files 2 years ago
README.md Tweaked README.md 3 years ago
docker-compose.yml FIX: getting 'Client <unknown> disconnected, not authorised.' error in logs due to upgrade of docker image to 2.0... reverting to 1.6 2 years ago

README.md

TORch Subscriber Docker Compose

This is a Docker Compose project for assembling a service to receive TORch notifications from remote nodes and store them for access via RESTful interface.

It is composed of the following micro-services:

  • Tor proxy - for receving notifications from remote TORch clients via Tor
  • Broker - for managing publications and subscriptions
  • Torchsub - for receiving notifications, maintaining a database of the latest connection info for each remote note and serving them via HTTP

Dependencies

Quick Start

  1. Create an .env file based on .env.example in the project root

    • CONFIG_DIR: points to the local configuration directory for the broker and torchsub micro-services (you will create this in the next step)

    • BROKER_MQTT_PORT: (suggested: 1883) must match the port that you configured mosquitto to listen for MQTT on

    • BROKER_MQTTS_PORT: (suggested: 8883) must match the port that you configured mosquitto to listen for MQTTS on

    • HTTP_PORT: the port that you would like Torchsub to listen on for incoming HTTP-REST requests for client connection info

  2. Create the local configuration directory pointed to by .env

    1. Create Mosquitto configuration files

      • Create a mosquitto.conf based on the example

      • Add applicable ca.crt, key and/or broker certificate files as applicable for the mosquitto configuration

    2. Create a torch-sub.conf per the torch-subscriber-simple project

      • Add applicable ca.crt, key and/or broker certificate files as applicable for the torch-sub.conf configuration

  3. Run docker-compose up -d from the project directory to launch the services

  4. Get the Tor onion hostname of your newly launched TORch node monitor

    • Keep the onion hostname private
ubuntu@broker:~$ docker-compose exec tor svc-hostname
*****
* Service Onion Hostname: 24xb3hb2pajid44ugroua2ndvpipvmuw6pfjrivlbupxhpwbugfhdeqd.onion
*****

  1. Configure any remote TORch agent instances with the above onion hostname by editing their torch.conf files

    • The idea is really to provision new nodes with this instances of TORch Agent configured with this onion hostname, so that when they boot they will phone home with Tor connection info

    1. Set BrokerHost to the Tor onion hostname

    2. Set BrokerPort to the Mosquitto MQTT broker port you used above (ex. 1883)

    3. You should set RequiredCertificate to false because torch-agent won't be able to match the broker's certificate to the Tor onion hostname

    4. Be sure to match the Topic with the pattern you told Torchsub to subscribe to when you configured Torchsub using torch-sub.conf above

# Example TORch Agent torch.conf configuration

[tor]
ControllerPort = 9051

[ssh]
Port = 22

[mqtt]
BrokerHost = 7v4jfonpcvvv4cy32po3uwqr56hvjag6ljpauennshecmzv4deq27lyd.onion 
BrokerPort = 1883
ClientID = vagrant
Topic = torch/vagrant/wake
RequireCertificate = false
CaFile = ca.crt
CertFile = vagrant.crt
KeyFile = vagrant.key
  1. Check the latest client connection info using the RESTful interface on the port you specified in the .env file above:
ubuntu@broker:~$ curl http://localhost:7700/clients
{"vagrant": {"clientId": "vagrant", "timestamp": "23-Oct-2020 (09:35:12.282901)", "onionAddress": "xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynhotglyd.onion", "sshPort": 22}}
  1. You should be able to connect to this remote node using SSH through your local Tor proxy
ubuntu@broker:~$ torify ssh vagrant@xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynhotglyd.onion

The authenticity of host 'xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynhotglyd.onion (127.42.42.0)' can't be established.
ECDSA key fingerprint is SHA256:WSLn8lruVwPfqw5vmeZgZeTrulxboDKdJnnFMKiEGv8.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynotglyd.onion' (ECDSA) to the list of known hosts.

vagrant@xbkcb3a47s6swrohdzcsuq6iwix3qjsn6mf77dkxywxgxucynhotglyd.onion's password:

Last login: Fri Oct 23 09:34:22 2020 from 10.0.2.2
vagrant@ubuntu2004:~$