schmidt1024/xmrpay.link
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Tor hidden service to Docker self-hosting setup
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Details

Browse Source
This commit is contained in:
Alexander Schmidt
2026-03-27 10:38:52 +01:00
parent 41c332365b
commit de1b7b1074
5 changed files with 58 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
Caddyfile
View File

@@ -1,10 +1,8 @@
{$DOMAIN:localhost} {
(common) {
root * /srv
encode gzip
# Security headers
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "no-referrer"
@@ -12,13 +10,20 @@
Content-Security-Policy "default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self'; connect-src 'self'; form-action 'none'; frame-ancestors 'none'; base-uri 'none'"
}
# Short URL rewrite: /s/CODE -> s.php?c=CODE
@shorturl path_regexp short ^/s/([a-zA-Z0-9]+)$
rewrite @shorturl /s.php?c={re.short.1}
# PHP via FPM
php_fastcgi 127.0.0.1:9000
# Static files
file_server
}
# Clearnet (auto-HTTPS)
{$DOMAIN:localhost} {
import common
header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
}
# Tor hidden service (HTTP only, no TLS needed)
:8080 {
import common
}

2
Dockerfile
View File

@@ -31,7 +31,7 @@ COPY Caddyfile /etc/caddy/Caddyfile
COPY docker-entrypoint.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/docker-entrypoint.sh
EXPOSE 80 443
EXPOSE 80 443 8080
VOLUME ["/srv/data", "/data/caddy"]

5
README.md
View File

@@ -14,7 +14,7 @@ You need a VPS with a domain pointing to it. Then:
curl -sL https://xmrpay.link/install.sh | sh -s your-domain.com
```
Done. HTTPS is automatic (via Caddy + Let's Encrypt).
Done. HTTPS is automatic (via Caddy + Let's Encrypt). A **Tor hidden service** (.onion) is included — the installer shows your onion address after setup.
### Requirements
@@ -66,6 +66,9 @@ XMRPAY_IMAGE=schmidt1024/xmrpay:latest
EOF
docker compose pull && docker compose up -d
# Show your onion address
docker exec xmrpay-tor cat /var/lib/tor/hidden_service/hostname
```
### Uninstall

24
docker-compose.yml
View File

@@ -12,6 +12,29 @@ services:
- xmrpay-data:/srv/data
- caddy-data:/data/caddy
tor:
image: alpine:latest
container_name: xmrpay-tor
restart: unless-stopped
depends_on:
- xmrpay
entrypoint: /bin/sh
command:
- -c
- |
apk add --no-cache tor > /dev/null 2>&1
mkdir -p /var/lib/tor/hidden_service
chmod 700 /var/lib/tor/hidden_service
cat > /etc/tor/torrc <<EOF
SocksPort 0
HiddenServiceDir /var/lib/tor/hidden_service
HiddenServicePort 80 xmrpay:8080
EOF
echo "Starting Tor..."
tor -f /etc/tor/torrc
volumes:
- tor-keys:/var/lib/tor/hidden_service
watchtower:
image: containrrr/watchtower
container_name: watchtower
@@ -25,3 +48,4 @@ services:
volumes:
xmrpay-data:
caddy-data:
tor-keys:

18
install.sh
View File

@@ -52,7 +52,23 @@ docker compose up -d
ok "xmrpay is running!"
echo ""
echo " https://$DOMAIN"
echo " Clearnet: https://$DOMAIN"
# Wait for Tor to generate the onion address (up to 30s)
info "Waiting for Tor hidden service..."
ONION=""
for i in $(seq 1 30); do
ONION=$(docker exec xmrpay-tor cat /var/lib/tor/hidden_service/hostname 2>/dev/null || true)
[ -n "$ONION" ] && break
sleep 1
done
if [ -n "$ONION" ]; then
ok "Tor hidden service ready"
echo " Onion: http://$ONION"
else
echo " Onion: (still starting — run: docker exec xmrpay-tor cat /var/lib/tor/hidden_service/hostname)"
fi
echo ""
echo " Watchtower checks for updates every 6 hours."
echo " Data stored in Docker volume: xmrpay-data"