Skip to content

Instantly share code, notes, and snippets.

@cs224
Created January 14, 2025 07:56
Show Gist options
  • Save cs224/1d01536c89f2fb0419674fc9152a977c to your computer and use it in GitHub Desktop.
Save cs224/1d01536c89f2fb0419674fc9152a977c to your computer and use it in GitHub Desktop.
Digital Civil Rights and Privacy: Networking, VPN, Tor, Onion over VPN - Dockerized NymVPN
[Unit]
Description=Docker Compose Socks5 + NymVPN Service Restart Service
[Service]
Type=oneshot
WorkingDirectory=/opt/docker-services/nymvpn
Environment=COMPOSE_HTTP_TIMEOUT=600
User=root
Group=root
ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml down
ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml pull --quiet --parallel ssserver1 sslocal1
ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml up -d
StandardOutput=journal
StandardError=journal
[Unit]
Description=Docker Compose Socks5 + NymVPN Service Restart Timer
[Timer]
Unit=docker-compose-socks5-shadowsocks-nymvpn-restart.service
OnCalendar=*-*-* 03:00:00
Persistent=true
[Install]
WantedBy=timers.target
[Unit]
Description=Docker Compose Socks5 + NymVPN
Requires=docker.service
After=docker.service network-online.target
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/opt/docker-services/nymvpn
Environment=COMPOSE_HTTP_TIMEOUT=600
User=root
Group=root
ExecStartPre=/usr/bin/docker compose -f ./docker-compose.yaml pull --quiet --parallel ssserver1 sslocal1
ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml up -d
ExecStop=/usr/bin/docker compose -f ./docker-compose.yaml down
StandardOutput=journal
StandardError=journal
# StandardOutput=file:/tmp/docker-compose-socks5-shadowsocks-nordvpn-tor.txt
# StandardError=inherit
ExecReload=/usr/bin/docker compose -f ./docker-compose.yaml pull --quiet --parallel ssserver1 sslocal1 && /usr/bin/docker compose -f ./docker-compose.yaml up -d
[Install]
WantedBy=multi-user.target
########################### EXTENSION FIELDS
# Helps eliminate repetition of sections
# Keys common to some of the core services that we always to automatically restart on failure
x-common-keys-core: &common-keys-core
restart: always
# TAG_DATE=$(date +%Y%m%d) docker compose --profile all build
# docker compose up -d
# docker compose config
# docker compose pull --quiet --parallel ssserver1 sslocal1
name: nymvpn
services:
nymvpn1:
build:
context: .
dockerfile: nymvpn-debian.dockerfile
args:
HTTP_PROXY: ${HTTP_PROXY:-}
HTTPS_PROXY: ${HTTPS_PROXY:-}
http_proxy: ${HTTP_PROXY:-}
https_proxy: ${HTTPS_PROXY:-}
image: nymvpn-debian:latest
<<: *common-keys-core
# profiles: ["all"]
command: ["/bin/bash", "-c", "supervisord -c /etc/supervisor/supervisord.conf && sleep 10 && /usr/bin/nym-vpnc store-account --mnemonic \"$$MNEMONIC_SECRET\" && echo 'mnemonic done' && /usr/bin/nym-vpnc connect --enable-two-hop --entry-gateway-country AT --exit-gateway-country CH && echo 'connect done' && tail -f /var/log/vpnd.log"]
ports:
- 127.0.0.1:1090:1080
devices:
- /dev/net/tun
cap_add:
- NET_ADMIN
volumes:
- ./config/nymvpn1/etc:/etc/nym
- ./config/nymvpn1/lib:/var/lib/nym-vpnd
- ./config/nymvpn1/logs:/var/log
env_file:
- secrets.env
ssserver1:
<<: *common-keys-core
image: ghcr.io/shadowsocks/ssserver-rust:latest
command: ssserver -v -s 127.0.0.1:8388 -k hello-kitty -m none
network_mode: service:nymvpn1
depends_on: ["nymvpn1"]
sslocal1:
<<: *common-keys-core
image: ghcr.io/shadowsocks/sslocal-rust:latest
command: sslocal -b 0.0.0.0:1080 -s 127.0.0.1:8388 -k hello-kitty -m none
network_mode: service:nymvpn1
depends_on:
- ssserver1
nymvpn2:
image: nymvpn-debian:latest
<<: *common-keys-core
# profiles: ["all"]
command: ["/bin/bash", "-c", "supervisord -c /etc/supervisor/supervisord.conf && sleep 10 && /usr/bin/nym-vpnc store-account --mnemonic \"$$MNEMONIC_SECRET\" && echo 'mnemonic done' && /usr/bin/nym-vpnc connect --entry-gateway-country AT --exit-gateway-country FI && echo 'connect done' && tail -f /var/log/vpnd.log"]
ports:
- 127.0.0.1:1091:1080
devices:
- /dev/net/tun
cap_add:
- NET_ADMIN
volumes:
- ./config/nymvpn2/etc:/etc/nym
- ./config/nymvpn2/lib:/var/lib/nym-vpnd
- ./config/nymvpn2/logs:/var/log
env_file:
- secrets.env
ssserver2:
<<: *common-keys-core
image: ghcr.io/shadowsocks/ssserver-rust:latest
command: ssserver -v -s 127.0.0.1:8388 -k hello-kitty -m none
network_mode: service:nymvpn2
depends_on: ["nymvpn2"]
sslocal2:
<<: *common-keys-core
image: ghcr.io/shadowsocks/sslocal-rust:latest
command: sslocal -b 0.0.0.0:1080 -s 127.0.0.1:8388 -k hello-kitty -m none
network_mode: service:nymvpn2
depends_on:
- ssserver2
mkdir -p /opt/docker-services/nymvpn/config/nymvpn1/{etc,lib,logs}
rm -f /opt/docker-services/nymvpn/config/nymvpn1/logs/*
mkdir -p /opt/docker-services/nymvpn/config/nymvpn2/{etc,lib,logs}
rm -f /opt/docker-services/nymvpn/config/nymvpn2/logs/*
cp nymvpn-debian.dockerfile supervisord.conf docker-compose.yaml secrets.env /opt/docker-services/nymvpn/
cp ./docker-compose-socks5-shadowsocks-nymvpn.service docker-compose-socks5-shadowsocks-nymvpn-restart.service docker-compose-socks5-shadowsocks-nymvpn-restart.timer /etc/systemd/system/
systemctl daemon-reload
# systemctl enable --now docker-compose-socks5-shadowsocks-nymvpn.service
# systemctl enable --now docker-compose-socks5-shadowsocks-nymvpn-restart.timer
# systemctl status docker-compose-socks5-shadowsocks-nymvpn.service
# systemctl status docker-compose-socks5-shadowsocks-nymvpn-restart.timer
# systemctl list-timers
# journalctl -u docker-compose-socks5-shadowsocks-nymvpn.service
# systemctl start docker-compose-socks5-shadowsocks-nymvpn-restart.timer
# systemctl status docker-compose-socks5-shadowsocks-nymvpn-restart.timer
# journalctl -u docker-compose-socks5-shadowsocks-nymvpn-restart.timer
# Use Debian Bookworm as the base image
FROM debian:bookworm-slim
LABEL maintainer="me <me@me.me>"
LABEL name="nymvpn-debian"
LABEL version="latest"
#Update & upgrade
RUN apt-get update && apt-get upgrade -y
#Install needed packages
RUN apt-get install -y --no-install-recommends lsb-release apt-transport-https ca-certificates wget curl gnupg procps iproute2 net-tools
RUN apt-get install -y --no-install-recommends tini supervisor
RUN wget https://apt.nymtech.net/pool/main/n/nym-repo-setup/nym-repo-setup_1.0.1_amd64.deb -O /tmp/nym-repo-setup_1.0.1_amd64.deb
RUN dpkg -i /tmp/nym-repo-setup_1.0.1_amd64.deb
RUN apt install -y nym-vpnc nym-vpnd
# https://nym.com/docs/developers/nymvpncli
# Configurations are stored in /etc/nym. State stored between runs (keys, mnemonic, etc) are stored in /var/lib/nym-vpnd
VOLUME ["/etc/nym", "/var/lib/nym-vpnd", "/var/log"]
COPY supervisord.conf /etc/supervisor/supervisord.conf
ENTRYPOINT ["/usr/bin/tini", "--"]
CMD ["/bin/bash", "-c", "supervisord -c /etc/supervisor/supervisord.conf && sleep 10 && /usr/bin/nym-vpnc store-account --mnemonic \"$$MNEMONIC_SECRET\" && echo 'mnemonic done' && /usr/bin/nym-vpnc connect --enable-two-hop --entry-gateway-country AT --exit-gateway-country CH && echo 'connect done' && tail -f /var/log/vpnd.log"]
MNEMONIC_SECRET=mnemonic1 mn2 mn3 mn4 mn5 mn6 mn7 mn8 mn9 mn10 mn11 mn12 mn13 mn14 mn15 mn16 mn17 mn18 mn19 mn20 mn21 mn22 mn23 mn24
[supervisord]
nodaemon=false
logfile=/var/log/supervisord.log ;
pidfile=/var/run/supervisord.pid ;
[program:vpnd]
command=/usr/bin/nym-vpnd
autostart=true
autorestart=true
stdout_logfile=/var/log/vpnd.log
stderr_logfile=/var/log/vpnd.err
stdout_logfile_maxbytes=0 ; Disables log rotation
stderr_logfile_maxbytes=0 ; Disables log rotation
stdout_logfile_backups=0 ; Disables backup of the logs
stderr_logfile_backups=0 ; Disables backup of the logs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment