Mounted torrc is being modified and becomes invalid

[dmp1ce]

I took my torrc from the chriswayg/tor-server configuration and when running with darkisdude/tor-server the torrc gets several lines added to the end of the file which makes my configuration invalid and the services doesn't start up. Am I don't something wrong? Should I be able to use my torrc without it being modified?

[DarkIsDude]

Hi @dmp1ce , can you provide me your torrc and your command to run tor? Thanks a lot.

The init script is here: https://github.com/DarkIsDude/tor-server/blob/master/scripts/docker-entrypoint and yes, I don't init tor as chriswayg/tor-server.

[dmp1ce]

I changed the Dockerfile.tor image to your image and ran docker-compose build && docker-compose up -d. The service kept restarting and several lines were added to the torrc every time it started I think.

$ cat torrc
### /etc/torrc ### 
# see /etc/torrc/torrc.default and https://www.torproject.org/docs/tor-manual.html.en

# server's public ip address (usually automatic)
#address 10.10.10.10

# port to advertise for incoming tor connections. 
# common ports are 9001, 443
orport 9001

# mirror directory information for others (optional)
# common ports are 9030, 80
dirport 9030 

# run as a relay only (not as an exit node)
exitpolicy reject *:*         # no exits allowed

# set limits
relaybandwidthrate 500 kb   # throttle traffic to
relaybandwidthburst 1000 kb  # but allow bursts up to
#maxmeminqueues 512 mb        # limit memory usage to

# run tor as obfuscated bridge
#servertransportplugin obfs3 exec /usr/bin/obfsproxy managed
#servertransportlistenaddr obfs3  0.0.0.0:54444
#bridgerelay 1

# run tor only as a server (no local applications)
socksport 0

# run tor as a regular user (do not change this)
user debian-tor
datadirectory /var/lib/tor

# enable control port for arm
controlport 9051
cookieauthentication 1

# if no nickname or contactinfo is set, docker-entrypoint will use 
# the environment variables to add nickname/contactinfo here 
nickname xxx                 # only use letters and numbers
contactinfo xxx

$ cat docker-compose.yml
version: '2'
services:
  tor:
    build:
      dockerfile: Dockerfile.tor
      context: .
    restart: always
    ports:
      - "9001:9001"
      - "9030:9030"
    volumes:
      - ./torrc:/etc/tor/torrc

$ cat Dockerfile.tor
FROM chriswayg/tor-server
MAINTAINER David Parrish <daveparrish@tutanota.com>

RUN apt-get update && apt-get install -y --no-install-recommends tor-arm && \
  apt-get -y purge --auto-remove $build_deps && \
  apt-get clean && rm -r /var/lib/apt/lists/*

EXPOSE 9051

[DarkIsDude]

Thanks for your PR. I hope this solve your issue?

[dmp1ce]

Actually, no, it didn't fix my issue like I had hoped. Here is the errors I am getting. Do you have any ideas why I'm getting errors?

tor_1  | ========================================================
tor_1  | Tor version 0.2.9.14 (git-a211f886ad759cab).
tor_1  | ### /etc/torrc ###
tor_1  | # see /etc/torrc/torrc.default and https://www.torproject.org/docs/tor-manual.html.en
tor_1  |
tor_1  | # Server's public IP Address (usually automatic)
tor_1  | #Address 10.10.10.10
tor_1  |
tor_1  | # Port to advertise for incoming Tor connections.
tor_1  | # common ports are 9001, 443
tor_1  | ORPort 9001
tor_1  |
tor_1  | # Mirror directory information for others (optional)
tor_1  | # common ports are 9030, 80
tor_1  | DirPort 9030
tor_1  |
tor_1  | # Run as a relay only (not as an exit node)
tor_1  | ExitPolicy reject *:*         # no exits allowed
tor_1  |
tor_1  | # Set limits
tor_1  | RelayBandwidthRate 500 KB   # Throttle traffic to
tor_1  | RelayBandwidthBurst 1000 KB  # But allow bursts up to
tor_1  | #MaxMemInQueues 512 MB        # Limit Memory usage to
tor_1  |
tor_1  | # Run Tor as obfuscated bridge
tor_1  | #ServerTransportPlugin obfs3 exec /usr/bin/obfsproxy managed
tor_1  | #ServerTransportListenAddr obfs3  0.0.0.0:54444
tor_1  | #BridgeRelay 1
tor_1  |
tor_1  | # Run Tor only as a server (no local applications)
tor_1  | SocksPort 0
tor_1  |
tor_1  | # Run Tor as a regular user (do not change this)
tor_1  | User debian-tor
tor_1  | DataDirectory /var/lib/tor
tor_1  |
tor_1  | # Enable control port for arm
tor_1  | ControlPort 9051
tor_1  | CookieAuthentication 1
tor_1  |
tor_1  | # If no Nickname or ContactInfo is set, docker-entrypoint will use
tor_1  | # the environment variables to add Nickname/ContactInfo here
tor_1  | Nickname xxx                # only use letters and numbers
tor_1  | ContactInfo xxx
tor_1  | ========================================================
tor_1  |
tor_1  | Mar 16 16:30:38.318 [notice] Tor 0.2.9.14 (git-a211f886ad759cab) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.1.0f and Zlib 1.2.8.
tor_1  | Mar 16 16:30:38.318 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
tor_1  | Mar 16 16:30:38.318 [notice] Read configuration file "/etc/tor/torrc".
tor_1  | Mar 16 16:30:38.323 [notice] Based on detected system memory, MaxMemInQueues is set to 7494 MB. You can override this by setting MaxMemInQueues by hand.
tor_1  | Mar 16 16:30:38.324 [notice] Opening Control listener on 127.0.0.1:9051
tor_1  | Mar 16 16:30:38.324 [notice] Opening OR listener on 0.0.0.0:9001
tor_1  | Mar 16 16:30:38.324 [notice] Opening Directory listener on 0.0.0.0:9030
tor_1  | Mar 16 16:30:38.000 [warn] Couldn't open "/var/lib/tor/lock" for locking: Permission denied
tor_1  | Mar 16 16:30:38.000 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. (on Tor 0.2.9.14 )

[dmp1ce]

I'm thinking my data in /var/lib/tor is causing problems. Is there a migration path. Should I remove some of my files? Currently I have the following on version Tor 0.3.0.10. Do I need to change anything for the newer versions?

# ls -alh /var/lib/tor/
total 55M
drwx------ 4 debian-tor debian-tor 4.0K Mar 16 16:56 .
drwxr-xr-x 1 root       root       4.0K Sep 13  2017 ..
-rw------- 1 debian-tor debian-tor  20K Feb 22 20:24 cached-certs
-rw------- 1 debian-tor debian-tor 2.1M Mar 16 16:17 cached-consensus
-rw------- 1 debian-tor debian-tor  47M Mar 16 16:39 cached-descriptors
-rw------- 1 debian-tor debian-tor    0 Mar 16 16:39 cached-descriptors.new
-rw------- 1 debian-tor debian-tor 1.9M Mar 16 16:39 cached-microdesc-consensus
-rw------- 1 debian-tor debian-tor 4.0M Mar 16 16:50 cached-microdescs
-rw------- 1 debian-tor debian-tor    0 Mar 16 16:50 cached-microdescs.new
-rw------- 1 debian-tor debian-tor   32 Mar 16 16:56 control_auth_cookie
-rw------- 1 debian-tor debian-tor   53 Apr  2  2017 fingerprint
drwx------ 2 debian-tor debian-tor 4.0K Mar 16 14:00 keys
-rw------- 1 debian-tor debian-tor    0 Mar 16 16:56 lock
-rw------- 1 debian-tor debian-tor 7.8K Mar 16 16:56 state
drwx------ 2 debian-tor debian-tor 4.0K Mar 15 20:33 stats

[DarkIsDude]

It's really strange. I don't see this volume in your docker-compose.yml. But you are rigth, I don't know but tor daemon can't access to lock file. Have tou tried if you remove all your files? This ls is from your container or from anywhere else ?

[DarkIsDude]

Ok, I can reproduce it.

debian-tor is not the same user is both container (from mine repo and from @chriswayg repo). The name can be the same but the user id can be different...

Make a save of your data folder (/var/lib/tor in container). Can you run this: docker run -it -rm -v YOUR_DATA_FOLDER:/opt/ doudou34/tor-server bash. You have now a bash, go into /opt/ and run chown -R debian-tor:debian-tor .. You can now exit container and check again? This resolve issue for me.

[dmp1ce]

Yes. I think that will work. I think that is why the original repo had a line in the init script which set the permissions. What was the reason the line was taken out?

[DarkIsDude]

I don't know, a mistake... I merged your PR!

[dmp1ce]

I'm referring to a3373715ccc3e0c13d1c15a5d1ae120ab010a603

[dmp1ce]

Cool! Thanks!

[dmp1ce]

That did it! I'm on the recommended version of Tor for my node finally.

[DarkIsDude]

Yeah, cool :) ! Great job ! Thanks a lot !