This gist belongs to the blog post Digital Civil Rights and Privacy: Networking, VPN, Tor, Onion over VPN, I2P (Invisible Internet Project), Nym Mixnet.
Created
January 14, 2025 07:56
-
-
Save cs224/1d01536c89f2fb0419674fc9152a977c to your computer and use it in GitHub Desktop.
Digital Civil Rights and Privacy: Networking, VPN, Tor, Onion over VPN - Dockerized NymVPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Docker Compose Socks5 + NymVPN Service Restart Service | |
[Service] | |
Type=oneshot | |
WorkingDirectory=/opt/docker-services/nymvpn | |
Environment=COMPOSE_HTTP_TIMEOUT=600 | |
User=root | |
Group=root | |
ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml down | |
ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml pull --quiet --parallel ssserver1 sslocal1 | |
ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml up -d | |
StandardOutput=journal | |
StandardError=journal |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Docker Compose Socks5 + NymVPN Service Restart Timer | |
[Timer] | |
Unit=docker-compose-socks5-shadowsocks-nymvpn-restart.service | |
OnCalendar=*-*-* 03:00:00 | |
Persistent=true | |
[Install] | |
WantedBy=timers.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Unit] | |
Description=Docker Compose Socks5 + NymVPN | |
Requires=docker.service | |
After=docker.service network-online.target | |
[Service] | |
Type=oneshot | |
RemainAfterExit=yes | |
WorkingDirectory=/opt/docker-services/nymvpn | |
Environment=COMPOSE_HTTP_TIMEOUT=600 | |
User=root | |
Group=root | |
ExecStartPre=/usr/bin/docker compose -f ./docker-compose.yaml pull --quiet --parallel ssserver1 sslocal1 | |
ExecStart=/usr/bin/docker compose -f ./docker-compose.yaml up -d | |
ExecStop=/usr/bin/docker compose -f ./docker-compose.yaml down | |
StandardOutput=journal | |
StandardError=journal | |
# StandardOutput=file:/tmp/docker-compose-socks5-shadowsocks-nordvpn-tor.txt | |
# StandardError=inherit | |
ExecReload=/usr/bin/docker compose -f ./docker-compose.yaml pull --quiet --parallel ssserver1 sslocal1 && /usr/bin/docker compose -f ./docker-compose.yaml up -d | |
[Install] | |
WantedBy=multi-user.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
########################### EXTENSION FIELDS | |
# Helps eliminate repetition of sections | |
# Keys common to some of the core services that we always to automatically restart on failure | |
x-common-keys-core: &common-keys-core | |
restart: always | |
# TAG_DATE=$(date +%Y%m%d) docker compose --profile all build | |
# docker compose up -d | |
# docker compose config | |
# docker compose pull --quiet --parallel ssserver1 sslocal1 | |
name: nymvpn | |
services: | |
nymvpn1: | |
build: | |
context: . | |
dockerfile: nymvpn-debian.dockerfile | |
args: | |
HTTP_PROXY: ${HTTP_PROXY:-} | |
HTTPS_PROXY: ${HTTPS_PROXY:-} | |
http_proxy: ${HTTP_PROXY:-} | |
https_proxy: ${HTTPS_PROXY:-} | |
image: nymvpn-debian:latest | |
<<: *common-keys-core | |
# profiles: ["all"] | |
command: ["/bin/bash", "-c", "supervisord -c /etc/supervisor/supervisord.conf && sleep 10 && /usr/bin/nym-vpnc store-account --mnemonic \"$$MNEMONIC_SECRET\" && echo 'mnemonic done' && /usr/bin/nym-vpnc connect --enable-two-hop --entry-gateway-country AT --exit-gateway-country CH && echo 'connect done' && tail -f /var/log/vpnd.log"] | |
ports: | |
- 127.0.0.1:1090:1080 | |
devices: | |
- /dev/net/tun | |
cap_add: | |
- NET_ADMIN | |
volumes: | |
- ./config/nymvpn1/etc:/etc/nym | |
- ./config/nymvpn1/lib:/var/lib/nym-vpnd | |
- ./config/nymvpn1/logs:/var/log | |
env_file: | |
- secrets.env | |
ssserver1: | |
<<: *common-keys-core | |
image: ghcr.io/shadowsocks/ssserver-rust:latest | |
command: ssserver -v -s 127.0.0.1:8388 -k hello-kitty -m none | |
network_mode: service:nymvpn1 | |
depends_on: ["nymvpn1"] | |
sslocal1: | |
<<: *common-keys-core | |
image: ghcr.io/shadowsocks/sslocal-rust:latest | |
command: sslocal -b 0.0.0.0:1080 -s 127.0.0.1:8388 -k hello-kitty -m none | |
network_mode: service:nymvpn1 | |
depends_on: | |
- ssserver1 | |
nymvpn2: | |
image: nymvpn-debian:latest | |
<<: *common-keys-core | |
# profiles: ["all"] | |
command: ["/bin/bash", "-c", "supervisord -c /etc/supervisor/supervisord.conf && sleep 10 && /usr/bin/nym-vpnc store-account --mnemonic \"$$MNEMONIC_SECRET\" && echo 'mnemonic done' && /usr/bin/nym-vpnc connect --entry-gateway-country AT --exit-gateway-country FI && echo 'connect done' && tail -f /var/log/vpnd.log"] | |
ports: | |
- 127.0.0.1:1091:1080 | |
devices: | |
- /dev/net/tun | |
cap_add: | |
- NET_ADMIN | |
volumes: | |
- ./config/nymvpn2/etc:/etc/nym | |
- ./config/nymvpn2/lib:/var/lib/nym-vpnd | |
- ./config/nymvpn2/logs:/var/log | |
env_file: | |
- secrets.env | |
ssserver2: | |
<<: *common-keys-core | |
image: ghcr.io/shadowsocks/ssserver-rust:latest | |
command: ssserver -v -s 127.0.0.1:8388 -k hello-kitty -m none | |
network_mode: service:nymvpn2 | |
depends_on: ["nymvpn2"] | |
sslocal2: | |
<<: *common-keys-core | |
image: ghcr.io/shadowsocks/sslocal-rust:latest | |
command: sslocal -b 0.0.0.0:1080 -s 127.0.0.1:8388 -k hello-kitty -m none | |
network_mode: service:nymvpn2 | |
depends_on: | |
- ssserver2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mkdir -p /opt/docker-services/nymvpn/config/nymvpn1/{etc,lib,logs} | |
rm -f /opt/docker-services/nymvpn/config/nymvpn1/logs/* | |
mkdir -p /opt/docker-services/nymvpn/config/nymvpn2/{etc,lib,logs} | |
rm -f /opt/docker-services/nymvpn/config/nymvpn2/logs/* | |
cp nymvpn-debian.dockerfile supervisord.conf docker-compose.yaml secrets.env /opt/docker-services/nymvpn/ | |
cp ./docker-compose-socks5-shadowsocks-nymvpn.service docker-compose-socks5-shadowsocks-nymvpn-restart.service docker-compose-socks5-shadowsocks-nymvpn-restart.timer /etc/systemd/system/ | |
systemctl daemon-reload | |
# systemctl enable --now docker-compose-socks5-shadowsocks-nymvpn.service | |
# systemctl enable --now docker-compose-socks5-shadowsocks-nymvpn-restart.timer | |
# systemctl status docker-compose-socks5-shadowsocks-nymvpn.service | |
# systemctl status docker-compose-socks5-shadowsocks-nymvpn-restart.timer | |
# systemctl list-timers | |
# journalctl -u docker-compose-socks5-shadowsocks-nymvpn.service | |
# systemctl start docker-compose-socks5-shadowsocks-nymvpn-restart.timer | |
# systemctl status docker-compose-socks5-shadowsocks-nymvpn-restart.timer | |
# journalctl -u docker-compose-socks5-shadowsocks-nymvpn-restart.timer |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Use Debian Bookworm as the base image | |
FROM debian:bookworm-slim | |
LABEL maintainer="me <me@me.me>" | |
LABEL name="nymvpn-debian" | |
LABEL version="latest" | |
#Update & upgrade | |
RUN apt-get update && apt-get upgrade -y | |
#Install needed packages | |
RUN apt-get install -y --no-install-recommends lsb-release apt-transport-https ca-certificates wget curl gnupg procps iproute2 net-tools | |
RUN apt-get install -y --no-install-recommends tini supervisor | |
RUN wget https://apt.nymtech.net/pool/main/n/nym-repo-setup/nym-repo-setup_1.0.1_amd64.deb -O /tmp/nym-repo-setup_1.0.1_amd64.deb | |
RUN dpkg -i /tmp/nym-repo-setup_1.0.1_amd64.deb | |
RUN apt install -y nym-vpnc nym-vpnd | |
# https://nym.com/docs/developers/nymvpncli | |
# Configurations are stored in /etc/nym. State stored between runs (keys, mnemonic, etc) are stored in /var/lib/nym-vpnd | |
VOLUME ["/etc/nym", "/var/lib/nym-vpnd", "/var/log"] | |
COPY supervisord.conf /etc/supervisor/supervisord.conf | |
ENTRYPOINT ["/usr/bin/tini", "--"] | |
CMD ["/bin/bash", "-c", "supervisord -c /etc/supervisor/supervisord.conf && sleep 10 && /usr/bin/nym-vpnc store-account --mnemonic \"$$MNEMONIC_SECRET\" && echo 'mnemonic done' && /usr/bin/nym-vpnc connect --enable-two-hop --entry-gateway-country AT --exit-gateway-country CH && echo 'connect done' && tail -f /var/log/vpnd.log"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MNEMONIC_SECRET=mnemonic1 mn2 mn3 mn4 mn5 mn6 mn7 mn8 mn9 mn10 mn11 mn12 mn13 mn14 mn15 mn16 mn17 mn18 mn19 mn20 mn21 mn22 mn23 mn24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[supervisord] | |
nodaemon=false | |
logfile=/var/log/supervisord.log ; | |
pidfile=/var/run/supervisord.pid ; | |
[program:vpnd] | |
command=/usr/bin/nym-vpnd | |
autostart=true | |
autorestart=true | |
stdout_logfile=/var/log/vpnd.log | |
stderr_logfile=/var/log/vpnd.err | |
stdout_logfile_maxbytes=0 ; Disables log rotation | |
stderr_logfile_maxbytes=0 ; Disables log rotation | |
stdout_logfile_backups=0 ; Disables backup of the logs | |
stderr_logfile_backups=0 ; Disables backup of the logs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment