init

.drone.yml

@@ -0,0 +1,13 @@
+kind: pipeline
+name: default
+
+steps:
+  - name: docker
+    image: plugins/docker
+    settings:
+      registry: r.sbruder.de
+      username:
+        from_secret: docker_username
+      password:
+        from_secret: docker_password
+      repo: r.sbruder.de/tor-reverseproxy

Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine
+
+RUN apk add --no-cache \
+        nginx \
+        su-exec \
+        tor
+
+COPY torrc /etc/tor/torrc
+COPY nginx.conf /etc/nginx/nginx.conf
+COPY entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]

entrypoint.sh

@@ -0,0 +1,14 @@
+#!/bin/sh
+su-exec tor tor -f /etc/tor/torrc
+
+tor_domain=$(cat /var/lib/tor/hidden-service/hostname)
+main_domain=$(echo $MAIN_DOMAIN|sed 's/\./\\\./')
+
+sed -i \
+    -e "s/@@TOR_DOMAIN@@/$tor_domain/g" \
+    -e "s/@@MAIN_DOMAIN@@/$main_domain/g" \
+    /etc/nginx/nginx.conf
+
+echo $tor_domain
+
+nginx -g 'daemon off;'

nginx.conf

@@ -0,0 +1,39 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /dev/stderr warn;
+pid        /var/run/nginx.pid;
+
+events {
+	worker_connections  1024;
+}
+
+http {
+	access_log none;
+	keepalive_timeout 65;
+	resolver 46.182.19.48 ipv6=off;
+	server_names_hash_bucket_size 128;
+	server_tokens off;
+
+	server {
+		listen 80;
+		listen [::]:80;
+
+		server_name ~^(?<subdomain>.+)\.@@TOR_DOMAIN@@$;
+
+		location / {
+			proxy_pass https://$subdomain.@@MAIN_DOMAIN@@$uri;
+		}
+	}
+
+	server {
+		listen 80;
+		listen [::]:80;
+
+		server_name @@TOR_DOMAIN@@;
+
+		location / {
+			proxy_pass https://@@MAIN_DOMAIN@@$uri;
+		}
+	}
+}

torrc

@@ -0,0 +1,6 @@
+RunAsDaemon 1
+DataDirectory /var/lib/tor
+
+HiddenServiceDir /var/lib/tor/hidden-service/
+HiddenServiceVersion 3
+HiddenServicePort 80 127.0.0.1:80