docker/dockerfiles
Archived
1
0
Fork 0
Code Packages Activity

init

Browse source
This commit is contained in:
Joerg Elfring 2017-12-09 16:46:17 +01:00
commit 9e66475149
19 changed files with 3422 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md Normal file
View file

@ -0,0 +1,3 @@
# These are my dockerfiles...
More docs are inside the individual directories.

49
aap/Dockerfile Normal file
View file

@ -0,0 +1,49 @@
FROM alpine:latest
LABEL maintainer "J. Elfring <devops@elfrinjo.de>"
## Install prereqs
RUN apk add --update --no-cache \
curl \
git \
mc \
php7 \
php7-apache2 \
php7-apcu \
php7-curl \
php7-ctype \
php7-dom \
php7-exif \
php7-gd \
php7-gmp \
php7-json \
php7-mbstring \
php7-opcache \
php7-openssl \
php7-posix \
php7-session \
php7-simplexml \
php7-xml \
php7-zip \
php7-zlib
## Configure apache
COPY assets/php.ini /etc/php7/php.ini
COPY assets/httpd.conf /etc/apache2/httpd.conf
RUN mkdir /run/apache2 \
&& chown apache:apache /run/apache2
## Some customization for running websites
RUN chown -R apache:apache /var/www/localhost\
&& sed -i 's+apache:x:100:101:apache:/var/www:/sbin/nologin+apache:x:100:101:apache:/var/www/localhost:/sbin/nologin+' /etc/passwd
USER apache
VOLUME /var/www/localhost
EXPOSE 8080
WORKDIR /var/www/localhost
CMD httpd -D FOREGROUND

497
aap/assets/httpd.conf Normal file
View file

@ -0,0 +1,497 @@
#
# This is the main Apache HTTP server configuration file. It contains the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32), the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so "logs/access_log"
# with ServerRoot set to "/usr/local/apache2" will be interpreted by the
# server as "/usr/local/apache2/logs/access_log", whereas "/logs/access_log"
# will be interpreted as '/logs/access_log'.
#
# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of: Full | OS | Minor | Minimal | Major | Prod
# where Full conveys the most information, and Prod the least.
#
ServerTokens Prod
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot /var/www
#
# Mutex: Allows you to set the mutex mechanism and mutex file directory
# for individual mutexes, or change the global defaults
#
# Uncomment and change the directory if mutexes are file-based and the default
# mutex file directory is not on a local disk or is not appropriate for some
# other reason.
#
# Mutex default:/run/apache2
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 0.0.0.0:8080
# Diable HTTP Trace Method
TraceEnable off
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
##LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbd_module modules/mod_authn_dbd.so
#LoadModule authn_socache_module modules/mod_authn_socache.so
##LoadModule authn_core_module modules/mod_authn_core.so
##LoadModule authz_host_module modules/mod_authz_host.so
##LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
##LoadModule authz_user_module modules/mod_authz_user.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_dbd_module modules/mod_authz_dbd.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule access_compat_module modules/mod_access_compat.so
##LoadModule auth_basic_module modules/mod_auth_basic.so
#LoadModule auth_form_module modules/mod_auth_form.so
#LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule allowmethods_module modules/mod_allowmethods.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule cache_module modules/mod_cache.so
#LoadModule cache_disk_module modules/mod_cache_disk.so
#LoadModule cache_socache_module modules/mod_cache_socache.so
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
#LoadModule socache_dbm_module modules/mod_socache_dbm.so
#LoadModule socache_memcache_module modules/mod_socache_memcache.so
#LoadModule watchdog_module modules/mod_watchdog.so
#LoadModule macro_module modules/mod_macro.so
#LoadModule dbd_module modules/mod_dbd.so
#LoadModule dumpio_module modules/mod_dumpio.so
#LoadModule echo_module modules/mod_echo.so
#LoadModule buffer_module modules/mod_buffer.so
#LoadModule data_module modules/mod_data.so
#LoadModule ratelimit_module modules/mod_ratelimit.so
LoadModule reqtimeout_module modules/mod_reqtimeout.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
#LoadModule request_module modules/mod_request.so
#LoadModule include_module modules/mod_include.so
LoadModule filter_module modules/mod_filter.so
#LoadModule reflector_module modules/mod_reflector.so
#LoadModule substitute_module modules/mod_substitute.so
#LoadModule sed_module modules/mod_sed.so
#LoadModule charset_lite_module modules/mod_charset_lite.so
#LoadModule deflate_module modules/mod_deflate.so
LoadModule mime_module modules/mod_mime.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule log_debug_module modules/mod_log_debug.so
#LoadModule log_forensic_module modules/mod_log_forensic.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
#LoadModule mime_magic_module modules/mod_mime_magic.so
#LoadModule expires_module modules/mod_expires.so
LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
#LoadModule unique_id_module modules/mod_unique_id.so
LoadModule setenvif_module modules/mod_setenvif.so
##LoadModule version_module modules/mod_version.so
#LoadModule remoteip_module modules/mod_remoteip.so
#LoadModule session_module modules/mod_session.so
#LoadModule session_cookie_module modules/mod_session_cookie.so
#LoadModule session_crypto_module modules/mod_session_crypto.so
#LoadModule session_dbd_module modules/mod_session_dbd.so
#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
#LoadModule dialup_module modules/mod_dialup.so
#LoadModule http2_module modules/mod_http2.so
#LoadModule mpm_event_module modules/mod_mpm_event.so
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
#LoadModule mpm_worker_module modules/mod_mpm_worker.so
LoadModule unixd_module modules/mod_unixd.so
#LoadModule heartbeat_module modules/mod_heartbeat.so
#LoadModule heartmonitor_module modules/mod_heartmonitor.so
##LoadModule status_module modules/mod_status.so
#LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule asis_module modules/mod_asis.so
#LoadModule info_module modules/mod_info.so
#LoadModule suexec_module modules/mod_suexec.so
<IfModule !mpm_prefork_module>
#LoadModule cgid_module modules/mod_cgid.so
</IfModule>
<IfModule mpm_prefork_module>
#LoadModule cgi_module modules/mod_cgi.so
</IfModule>
#LoadModule vhost_alias_module modules/mod_vhost_alias.so
#LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
#LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule negotiation_module modules/mod_negotiation.so
<IfModule unixd_module>
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
</IfModule>
# 'Main' server configuration
#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin info@${HOSTNAME}
#
# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of: On | Off | EMail
#
ServerSignature Off
#
# ServerName gives the name and port that the server uses to identify itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address here.
#
ServerName ${HOSTNAME}
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
AllowOverride None
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/localhost/htdocs"
<Directory "/var/www/localhost/htdocs">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options -Indexes +FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "/dev/stderr"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog logs/access.log common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog "/dev/stdout" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/var/www/localhost/cgi-bin/"
</IfModule>
<IfModule cgid_module>
#
# ScriptSock: On threaded servers, designate the path to the UNIX
# socket used to communicate with the CGI daemon of mod_cgid.
#
#Scriptsock cgisock
</IfModule>
#
# "/var/www/localhost/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/localhost/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule headers_module>
#
# Avoid passing HTTP_PROXY environment to CGI's on this or any proxied
# backend servers which have lingering "httpoxy" defects.
# 'Proxy' request header is undefined by the IETF, not listed by IANA
#
RequestHeader unset Proxy early
# HTTP Strict Transport Security (HSTS)
#Header set Strict-Transport-Security: max-age=31536000; includeSubDomains
# Avoid Clickjacking, Site can only be opened in frames from the same domain.
Header set X-Frame-Options "SAMEORIGIN"
# Turn on XSS prevention tools, activated by default in IE and Chrome
Header set X-XSS-Protection "1; mode=block"
# prevent mime based attacks like drive-by download attacks, IE and Chrome
Header set X-Content-Type-Options "nosniff"
# CSP Header
#Header set Content-Security-Policy "default-src 'self';"
</IfModule>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/apache2/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):
#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml
</IfModule>
#
# The mod_mime_magic module allows the server to use various hints from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
<IfModule mime_magic_module>
MIMEMagicFile /etc/apache2/magic
</IfModule>
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# MaxRanges: Maximum number of Ranges in a request before
# returning the entire resource, or one of the special
# values 'default', 'none' or 'unlimited'.
# Default setting is to accept 200 Ranges.
#MaxRanges unlimited
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
#EnableSendfile on
# Load config files from the config directory "/etc/apache2/conf.d".
#
IncludeOptional /etc/apache2/conf.d/*.conf

1918
aap/assets/php.ini Normal file
View file

File diff suppressed because it is too large Load diff

22
docker-compose.yaml Normal file
View file

@ -0,0 +1,22 @@
version: "2"
services:
aap:
build: ./aap
image: elfrinjo/aap:latest
prosody:
build: ./prosody
image: elfrinjo/prosody:latest
tinywebdav:
build: ./tinywebdav
image: elfrinjo/tinywebdav:latest
torrelay:
build: ./torrelay
image: elfrinjo/torrelay:latest

54
prosody/Dockerfile Normal file
View file

@ -0,0 +1,54 @@
FROM alpine:edge
LABEL maintainer "J. Elfring <devops@elfrinjo.de>"
## Install Packages
RUN apk add --no-cache \
--update \
libcrypto1.0 \
libidn \
lua \
lua-expat \
lua-filesystem \
lua-sec \
lua-socket
## Install build envirnoment, build and remove unneeded things
## This is done in one step to reduce image size
RUN apk add --update \
--no-cache \
--virtual .build-deps \
alpine-sdk \
git \
mercurial \
luarocks \
linux-headers \
lua-busted \
lua-dev \
libidn-dev \
openssl-dev \
&& set -x \
&& luarocks-5.1 install luabitop \
&& hg clone https://hg.prosody.im/0.10 /prosody-src \
&& cd /prosody-src \
&& ./configure --no-example-certs \
--cflags='-fPIC -Wall -std=c99 -pedantic -DWITHOUT_MALLINFO' \
&& make \
&& make test \
&& make install \
&& cd / \
&& rm -rf /prosody-src \
&& hg clone https://hg.prosody.im/prosody-modules/ /usr/local/lib/prosody-community-modules \
&& rm -rf /usr/local/lib/prosody-community-modules/.hg \
&& rm -rf /usr/local/lib/prosody-community-modules/.hgtags \
&& apk del .build-deps
COPY ./assets/prosody.cfg.lua /usr/local/etc/prosody/prosody.cfg.lua
RUN chown daemon:daemon /usr/local/var/lib/prosody
EXPOSE 5222 5269 5347 5280 5281
VOLUME ["/usr/local/etc/prosody", "/usr/local/var/lib/prosody"]
USER daemon
ENTRYPOINT ["/usr/local/bin/prosody"]

58
prosody/README.md Normal file
View file

@ -0,0 +1,58 @@
# Prosody Docker image
Create an image for running prosody XMPP server version 0.10
http://prosody.im/ on Alpine Linux.
HINT: This is not an official image. Builds might not happen regularly.
You will need to configure a vhost inside the config volume (prosody.cfg.lua).
The certificate generation with prosodyctl does not work.
However, certificates can be put into the config volume or be linked in from an
other volume (like letsencrypt). I suggest acme.sh for communication with
Letsencrypt. https://github.com/Neilpang/acme.sh/wiki/Run-acme.sh-in-docker
You need to configure the certificates location inside prosodys config.
IPORTANT: You really should add TLS.
## Usage
Start the container with volumes for config, database and maybe additional
certificates.
Do not forget to customize your configuration!
```console
$ docker run -d \
-p 5222:5222 \
-p 5269:5269 \
-p 5280:5280 \
-p 5281:5281 \
--restart always \
--name prosody \
-v /etc/localtime:/etc/localtime:ro \
-v prosody-acme:/usr/local/etc/prosody/certs:ro \
-v prosody-cfg:/usr/local/etc/prosody:ro \
-v prosody-data:/usr/local/var/lib/prosody \
elfrinjo/prosody
```
To create the first user, exec into the running container and use prosodyctl.
```console
$ docker exec -ti prosody bash
/ $ prosodyctl adduser JID
```
To Create a certificate for you host:
```console
docker run --rm -it \
--volume prosody-acme:/acme.sh \
--net=host \
neilpang/acme.sh --issue -d example.com -d conference.example.com --standalone
```
To renew the certificate:
```console
docker run --rm -it \
--volume prosody-acme:/acme.sh \
--net=host \
neilpang/acme.sh --cron --standalone
```

212
prosody/assets/prosody.cfg.lua Normal file
View file

@ -0,0 +1,212 @@
-- Prosody Example Configuration File
--
-- Information on configuring Prosody can be found on our
-- website at http://prosody.im/doc/configure
--
-- Tip: You can check that the syntax of this file is correct
-- when you have finished by running: luac -p prosody.cfg.lua
-- If there are any errors, it will let you know what and where
-- they are, otherwise it will keep quiet.
--
daemonize = false
---------- Server-wide settings ----------
-- Settings in this section apply to the whole server and are the default settings
-- for any virtual hosts
-- This is a (by default, empty) list of accounts that are admins
-- for the server. Note that you must create the accounts separately
-- (see http://prosody.im/doc/creating_accounts for info)
-- Example: admins = { "user1@example.com", "user2@example.net" }
admins = { }
-- Enable use of libevent for better performance under high load
-- For more information see: http://prosody.im/doc/libevent
use_libevent = false;
-- These paths are searched in the order specified, and before the default path
plugin_paths = { "/usr/local/lib/prosody-community-modules" }
-- This is the list of modules Prosody will load on startup.
-- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
-- Documentation on modules can be found at: http://prosody.im/doc/modules
modules_enabled = {
-- Generally required
"roster"; -- Allow users to have a roster. Recommended ;)
"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
"tls"; -- Add support for secure TLS on c2s/s2s connections
"dialback"; -- s2s dialback support
"disco"; -- Service discovery
-- Not essential, but recommended
"private"; -- Private XML storage (for room bookmarks, etc.)
"vcard"; -- Allow users to set vCards
-- These are commented by default as they have a performance impact
--"privacy"; -- Support privacy lists
--"compression"; -- Stream compression
-- Nice to have
"version"; -- Replies to server version requests
"uptime"; -- Report how long server has been running
"time"; -- Let others know the time here on this server
"ping"; -- Replies to XMPP pings with pongs
"pep"; -- Enables users to publish their mood, activity, playing music and more
"register"; -- Allow users to register on this server using a client and change passwords
-- Admin interfaces
--"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
--"admin_telnet"; -- Opens telnet console interface on localhost port 5582
-- HTTP modules
--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
--"http_files"; -- Serve static files from a directory over HTTP
-- Other specific functionality
"watchregistrations"; -- Alert admins of registrations
--"groups"; -- Shared roster support
--"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
--"announce"; -- Send announcement to all online users
--"welcome"; -- Welcome users who register accounts
--"motd"; -- Send a message to users when they log in
--"legacyauth"; -- Legacy authentication. Only used by some old clients and bots.
-- Community Modules
"admin_blocklist";
"blocking";
"carbons";
"csi";
"mam";
"privacy_lists";
"smacks";
"http_upload";
-- The following module enables push notifications for Android and iOS.
-- Most likely, you want to enable this. However, it is disabled by
-- default, as it involves a third party server.
--"cloud_notify";
};
-- These modules are auto-loaded, but should you want
-- to disable them then uncomment them here:
modules_disabled = {
-- "offline"; -- Store offline messages
-- "c2s"; -- Handle client connections
-- "s2s"; -- Handle server-to-server connections
};
-- Disable account creation by default, for security
-- For more information see http://prosody.im/doc/creating_accounts
allow_registration = false
min_seconds_between_registrations = 600
-- These are the SSL/TLS-related settings. If you don't want
-- to use SSL/TLS, you may comment or remove this
--ssl = {
-- key = "/usr/local/etc/prosody/certs/localhost.key";
-- certificate = "/usr/local/etc/prosody/certs/localhost.crt";
--}
-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.
c2s_require_encryption = false
-- Force certificate authentication for server-to-server connections?
-- This provides ideal security, but requires servers you communicate
-- with to support encryption AND present valid, trusted certificates.
-- NOTE: Your version of LuaSec must support certificate verification!
-- For more information see http://prosody.im/doc/s2s#security
s2s_secure_auth = false
-- Many servers don't support encryption or have invalid or self-signed
-- certificates. You can list domains here that will not be required to
-- authenticate using certificates. They will be authenticated using DNS.
--s2s_insecure_domains = { "gmail.com" }
-- Even if you leave s2s_secure_auth disabled, you can still require valid
-- certificates for some domains by specifying a list here.
--s2s_secure_domains = { "jabber.org" }
-- Select the authentication backend to use. The 'internal' providers
-- use Prosody's configured data storage to store the authentication data.
-- To allow Prosody to offer secure authentication mechanisms to clients, the
-- default provider stores passwords in plaintext. If you do not trust your
-- server please see http://prosody.im/doc/modules/mod_auth_internal_hashed
-- for information about using the hashed backend.
authentication = "internal_hashed"
-- Select the storage backend to use. By default Prosody uses flat files
-- in its configured data directory, but it also supports more backends
-- through modules. An "sql" backend is included by default, but requires
-- additional dependencies. See http://prosody.im/doc/storage for more info.
default_storage = "internal" -- Default is "internal"
storage = {
archive2 = "xmlarchive";
muc_log = "xmlarchive";
}
-- For the "sql" backend, you can uncomment *one* of the below to configure:
--sql = { driver = "SQLite3", database = "prosody.sqlite" } -- Default. 'database' is the filename.
--sql = { driver = "MySQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
--sql = { driver = "PostgreSQL", database = "prosody", username = "prosody", password = "secret", host = "localhost" }
-- Logging configuration
-- For advanced logging see http://prosody.im/doc/logging
log = {
info = "/dev/stdout"; -- Change 'info' to 'debug' for verbose logging
-- "*console";
}
-- Configure Message Archive
archive_expires_after = "2m"
-- Set SSL Certs, we assume one certificate with subject-alternative-names for
-- all components; else, seperate ssl configs inside the components will be
-- needed.
--https_ssl = {
-- key = "certs/example.key";
-- certificate = "certs/fullchain.cer";
-- }
--ssl = {
-- key = "certs/example.key";
-- certificate = "certs/fullchain.cer";
--}
----------- Virtual hosts -----------
-- You need to add a VirtualHost entry for each domain you wish Prosody to serve.
-- Settings under each VirtualHost entry apply *only* to that host.
VirtualHost "example.com"
------ Components ------
-- You can specify components to add hosts that provide special services,
-- like multi-user conferences, and transports.
-- For more information on components, see http://prosody.im/doc/components
---Set up a MUC (multi-user chat) room server on conference.example.com:
Component "conference.example.com" "muc"
modules_enabled = {
"mam_muc";
}
--Component "con@example.com" "admin_message"
-- Set up a SOCKS5 bytestream proxy for server-proxied file transfers:
--Component "proxy.example.com" "proxy65"
---Set up an external component (default component port is 5347)
--
-- External components allow adding various services, such as gateways/
-- transports to other networks like ICQ, MSN and Yahoo. For more info
-- see: http://prosody.im/doc/components#adding_an_external_component
--
--Component "gateway.example.com"
-- component_secret = "password"

16
tagNpush.sh Executable file
View file

@ -0,0 +1,16 @@
#!/bin/bash
## Tag all the images with a datestamp
## and push them to dockerhub.
datestamp=$(date +%Y%m%d)
for i in $(grep '^ image:' docker-compose.yaml | cut -c12-)
do
echo
echo "======= $i ======="
basename=$(echo $i | cut -d: -f1)
echo docker tag $basename $basename:$datestamp
echo docker push $i
echo docker push $basename:$datestamp
done

11
testrun.sh Executable file
View file

@ -0,0 +1,11 @@
#!/bin/bash
## Run all the images one after another
## and see what happens...
for i in $(grep '^ image:' docker-compose.yaml | cut -c12-)
do
echo
echo "======= $i ======="
docker run --interactive --tty --rm $i
done

25
tinywebdav/Dockerfile Normal file
View file

@ -0,0 +1,25 @@
FROM alpine:latest
LABEL maintainer "J. Elfring <devops@elfrinjo.de>"
RUN apk add --update --no-cache \
lighttpd \
lighttpd-mod_webdav
COPY ./assets/lighttpd.conf /etc/lighttpd/lighttpd.conf
COPY ./assets/entrypoint.sh /entrypoint.sh
## Fix permissions
RUN chmod 755 /entrypoint.sh
## Create a workdir for lighttpd
## And add a pipe, later used for logging
RUN mkdir /var/run/lighttpd \
&& mkfifo -m 600 /var/run/lighttpd/logpipe \
&& chown -R lighttpd:lighttpd /var/run/lighttpd
ENV TOKEN="s3cret"
EXPOSE 80
VOLUME /var/www/localhost/htdocs
ENTRYPOINT [ "/entrypoint.sh" ]

27
tinywebdav/README.md Normal file
View file

@ -0,0 +1,27 @@
# tiny webdav server
Builds an image to run a small webDav server.
HINT: This is not an official image. Builds might not happen regularly.
The only authentication mechanism is a token, containing the only accessible
directory on the server.
| ENV | Default | Description
|--------------|--------------|------------------------------------------------------------
| TOKEN | s3cret | Name of the only accessible directory
It is based on Alpine Linux http://alpinelinux.org/.
## Usage
For example this way:
```console
$ docker run -d \
-e TOKEN="SuperS3cret" \
-v /etc/localtime:/etc/localtime:ro \
-p 80:80 \
--restart=always \
elfrinjo/tinywebdav
```

16
tinywebdav/assets/entrypoint.sh Normal file
View file

@ -0,0 +1,16 @@
#!/bin/sh
## Startng cat to dump the accesslogpipe to stdout
cat <> /var/run/lighttpd/logpipe 1>&2 &
chown lighttpd:lighttpd /var/run/lighttpd/logpipe
## Create the "secret" directory
## And set in the config
mkdir /var/www/localhost/htdocs/$TOKEN
chown lighttpd:lighttpd /var/www/localhost/htdocs/$TOKEN
sed -i 's/xxTOKENxx/'"$TOKEN"'/g' /etc/lighttpd/lighttpd.conf
## Start lighttpd in foreground mode
/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf 2>&1
sleep 10

36
tinywebdav/assets/lighttpd.conf Normal file
View file

@ -0,0 +1,36 @@
## Server modules
server.modules = (
"mod_access",
"mod_accesslog",
"mod_webdav"
)
## Include mimetypes
include "mime-types.conf"
## Basic server settings
server.username = "lighttpd"
server.groupname = "lighttpd"
server.pid-file = "/run/lighttpd.pid"
server.tag = "lighttpd"
server.follow-symlink = "disable"
server.port = 80
server.document-root = "/var/www/localhost/htdocs"
## Correct filename or bust
server.indexfiles = ()
## Accesslog is piped to stdout via entrypoint.sh magic
accesslog.filename = "/var/run/lighttpd/logpipe"
accesslog.format = "ACSLG %h %V %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\""
## Only urls with the specified token are cool
$HTTP["url"] !~ "^/xxTOKENxx.*$" {
url.access-deny = ( "" )
}
$HTTP["url"] =~ "^/xxTOKENxx/.*$" {
webdav.activate = "enable"
webdav.is-readonly = "disable"
webdav.sqlite-db-name = "/var/run/lighttpd/lighttpd.webdav_lock.db"
}

323
tinywebdav/assets/original/lighttpd.conf Normal file
View file

@ -0,0 +1,323 @@
###############################################################################
# Default lighttpd.conf for Gentoo.
# $Header: /var/cvsroot/gentoo-x86/www-servers/lighttpd/files/conf/lighttpd.conf,v 1.3 2005/09/01 14:22:35 ka0ttic Exp $
###############################################################################
# {{{ variables
var.basedir = "/var/www/localhost"
var.logdir = "/var/log/lighttpd"
var.statedir = "/var/lib/lighttpd"
# }}}
# {{{ modules
# At the very least, mod_access and mod_accesslog should be enabled.
# All other modules should only be loaded if necessary.
# NOTE: the order of modules is important.
server.modules = (
# "mod_rewrite",
# "mod_redirect",
# "mod_alias",
"mod_access",
# "mod_cml",
# "mod_trigger_b4_dl",
# "mod_auth",
# "mod_status",
# "mod_setenv",
# "mod_proxy",
# "mod_simple_vhost",
# "mod_evhost",
# "mod_userdir",
# "mod_compress",
# "mod_ssi",
# "mod_usertrack",
# "mod_expire",
# "mod_secdownload",
# "mod_rrdtool",
# "mod_webdav",
"mod_accesslog"
)
# }}}
# {{{ includes
include "mime-types.conf"
# uncomment for cgi support
# include "mod_cgi.conf"
# uncomment for php/fastcgi support
# include "mod_fastcgi.conf"
# uncomment for php/fastcgi fpm support
# include "mod_fastcgi_fpm.conf"
# }}}
# {{{ server settings
server.username = "lighttpd"
server.groupname = "lighttpd"
server.document-root = var.basedir + "/htdocs"
server.pid-file = "/run/lighttpd.pid"
server.errorlog = var.logdir + "/error.log"
# log errors to syslog instead
# server.errorlog-use-syslog = "enable"
server.indexfiles = ("index.php", "index.html",
"index.htm", "default.htm")
# server.tag = "lighttpd"
server.follow-symlink = "enable"
# event handler (defaults to "poll")
# see performance.txt
#
# for >= linux-2.4
# server.event-handler = "linux-rtsig"
# for >= linux-2.6
# server.event-handler = "linux-sysepoll"
# for FreeBSD
# server.event-handler = "freebsd-kqueue"
# chroot to directory (defaults to no chroot)
# server.chroot = "/"
# bind to port (defaults to 80)
# server.port = 81
# bind to name (defaults to all interfaces)
# server.bind = "grisu.home.kneschke.de"
# error-handler for status 404
# server.error-handler-404 = "/error-handler.html"
# server.error-handler-404 = "/error-handler.php"
# Format: <errorfile-prefix><status-code>.html
# -> ..../status-404.html for 'File not found'
# server.errorfile-prefix = var.basedir + "/error/status-"
# FAM support for caching stat() calls
# requires that lighttpd be built with USE=fam
# server.stat-cache-engine = "fam"
# }}}
# {{{ mod_staticfile
# which extensions should not be handled via static-file transfer
# (extensions that are usually handled by mod_cgi, mod_fastcgi, etc).
static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
# }}}
# {{{ mod_accesslog
accesslog.filename = var.logdir + "/access.log"
# }}}
# {{{ mod_dirlisting
# enable directory listings
# dir-listing.activate = "enable"
#
# don't list hidden files/directories
# dir-listing.hide-dotfiles = "enable"
#
# use a different css for directory listings
# dir-listing.external-css = "/path/to/dir-listing.css"
#
# list of regular expressions. files that match any of the
# specified regular expressions will be excluded from directory
# listings.
# dir-listing.exclude = ("^\.", "~$")
# }}}
# {{{ mod_access
# see access.txt
url.access-deny = ("~", ".inc")
# }}}
# {{{ mod_userdir
# see userdir.txt
#
# userdir.path = "public_html"
# userdir.exclude-user = ("root")
# }}}
# {{{ mod_ssi
# see ssi.txt
#
# ssi.extension = (".shtml")
# }}}
# {{{ mod_ssl
# see ssl.txt
#
# ssl.engine = "enable"
# ssl.pemfile = "server.pem"
# }}}
# {{{ mod_status
# see status.txt
#
# status.status-url = "/server-status"
# status.config-url = "/server-config"
# }}}
# {{{ mod_simple_vhost
# see simple-vhost.txt
#
# If you want name-based virtual hosting add the next three settings and load
# mod_simple_vhost
#
# document-root =
# virtual-server-root + virtual-server-default-host + virtual-server-docroot
# or
# virtual-server-root + http-host + virtual-server-docroot
#
# simple-vhost.server-root = "/home/weigon/wwwroot/servers/"
# simple-vhost.default-host = "grisu.home.kneschke.de"
# simple-vhost.document-root = "/pages/"
# }}}
# {{{ mod_compress
# see compress.txt
#
# compress.cache-dir = var.statedir + "/cache/compress"
# compress.filetype = ("text/plain", "text/html")
# }}}
# {{{ mod_proxy
# see proxy.txt
#
# proxy.server = ( ".php" =>
# ( "localhost" =>
# (
# "host" => "192.168.0.101",
# "port" => 80
# )
# )
# )
# }}}
# {{{ mod_auth
# see authentication.txt
#
# auth.backend = "plain"
# auth.backend.plain.userfile = "lighttpd.user"
# auth.backend.plain.groupfile = "lighttpd.group"
# auth.backend.ldap.hostname = "localhost"
# auth.backend.ldap.base-dn = "dc=my-domain,dc=com"
# auth.backend.ldap.filter = "(uid=$)"
# auth.require = ( "/server-status" =>
# (
# "method" => "digest",
# "realm" => "download archiv",
# "require" => "user=jan"
# ),
# "/server-info" =>
# (
# "method" => "digest",
# "realm" => "download archiv",
# "require" => "valid-user"
# )
# )
# }}}
# {{{ mod_rewrite
# see rewrite.txt
#
# url.rewrite = (
# "^/$" => "/server-status"
# )
# }}}
# {{{ mod_redirect
# see redirect.txt
#
# url.redirect = (
# "^/wishlist/(.+)" => "http://www.123.org/$1"
# )
# }}}
# {{{ mod_evhost
# define a pattern for the host url finding
# %% => % sign
# %0 => domain name + tld
# %1 => tld
# %2 => domain name without tld
# %3 => subdomain 1 name
# %4 => subdomain 2 name
#
# evhost.path-pattern = "/home/storage/dev/www/%3/htdocs/"
# }}}
# {{{ mod_expire
# expire.url = (
# "/buggy/" => "access 2 hours",
# "/asdhas/" => "access plus 1 seconds 2 minutes"
# )
# }}}
# {{{ mod_rrdtool
# see rrdtool.txt
#
# rrdtool.binary = "/usr/bin/rrdtool"
# rrdtool.db-name = var.statedir + "/lighttpd.rrd"
# }}}
# {{{ mod_setenv
# see setenv.txt
#
# setenv.add-request-header = ( "TRAV_ENV" => "mysql://user@host/db" )
# setenv.add-response-header = ( "X-Secret-Message" => "42" )
# }}}
# {{{ mod_trigger_b4_dl
# see trigger_b4_dl.txt
#
# trigger-before-download.gdbm-filename = "/home/weigon/testbase/trigger.db"
# trigger-before-download.memcache-hosts = ( "127.0.0.1:11211" )
# trigger-before-download.trigger-url = "^/trigger/"
# trigger-before-download.download-url = "^/download/"
# trigger-before-download.deny-url = "http://127.0.0.1/index.html"
# trigger-before-download.trigger-timeout = 10
# }}}
# {{{ mod_cml
# see cml.txt
#
# don't forget to add index.cml to server.indexfiles
# cml.extension = ".cml"
# cml.memcache-hosts = ( "127.0.0.1:11211" )
# }}}
# {{{ mod_webdav
# see webdav.txt
#
# $HTTP["url"] =~ "^/dav($|/)" {
# webdav.activate = "enable"
# webdav.is-readonly = "enable"
# }
# }}}
# {{{ extra rules
#
# set Content-Encoding and reset Content-Type for browsers that
# support decompressing on-thy-fly (requires mod_setenv)
# $HTTP["url"] =~ "\.gz$" {
# setenv.add-response-header = ("Content-Encoding" => "x-gzip")
# mimetype.assign = (".gz" => "text/plain")
# }
# $HTTP["url"] =~ "\.bz2$" {
# setenv.add-response-header = ("Content-Encoding" => "x-bzip2")
# mimetype.assign = (".bz2" => "text/plain")
# }
#
# }}}
# {{{ debug
# debug.log-request-header = "enable"
# debug.log-response-header = "enable"
# debug.log-request-handling = "enable"
# debug.log-file-not-found = "enable"
# }}}
# vim: set ft=conf foldmethod=marker et :

22
torrelay/Dockerfile Normal file
View file

@ -0,0 +1,22 @@
FROM alpine:edge
LABEL maintainer "J. Elfring <devops@elfrinjo.de>"
RUN apk --no-cache add tor
COPY ./assets/torrc.relay /etc/tor/torrc.relay
COPY ./assets/entrypoint.sh /etc/tor/entrypoint.sh
RUN chown -R tor /etc/tor \
&& chmod 755 /etc/tor/entrypoint.sh
ENV TOR_NICK="Landesverrat" \
TOR_CONTACT="Not Provided" \
TOR_BRIDGE=0
VOLUME /var/lib/tor
# tor port as defined in torrc
EXPOSE 9001 9030
USER tor
ENTRYPOINT [ "/etc/tor/entrypoint.sh" ]

35
torrelay/README.md Normal file
View file

@ -0,0 +1,35 @@
# torrelay docker image
Builds an image to run tor as a relay.
HINT: This is not an official image. Builds might not happen regularly.
A simple config to run as bridge or middle relay is included. This config takes
environmet parameters:
| ENV | Default | Description
|-----------------|--------------|------------------------------------------------------------
| TOR_NICK | Landesverrat | the Nickname (String)
| TOR_CONTACT | Not Provided | ContactInfo (String)
| TOR_BRIDGE | 0 | run as a bridge (0,1)
| TOR_OPTION{1-9} | NIL | arbitrary option to be added at the end of config (String)
It is based on Alpine Linux http://alpinelinux.org/.
## Usage
For example this way:
```console
$ docker run -d \
-e TOR_OPTION1="RelayBandwidthRate 2MBytes" \
-e TOR_OPTION2="RelayBandwidthBurst 5MBytes" \
-e TOR_OPTION3="AccountingMax 30GB" \
-e TOR_OPTION4="AccountingStart day 00:00" \
-p 9001:9001 \
-p 9030:9030 \
--restart=always \
-v /etc/localtime:/etc/localtime:ro \
-v torrelay:/var/lib/tor \
elfrinjo/torrelay
```

18
torrelay/assets/entrypoint.sh Normal file
View file

@ -0,0 +1,18 @@
#!/bin/sh -x
sed -i 's/xxTOR_NICKxx/'"$TOR_NICK"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_CONTACTxx/'"$TOR_CONTACT"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_BRIDGExx/'"$TOR_BRIDGE"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_OPTION1xx/'"$TOR_OPTION1"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_OPTION2xx/'"$TOR_OPTION2"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_OPTION3xx/'"$TOR_OPTION3"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_OPTION4xx/'"$TOR_OPTION4"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_OPTION5xx/'"$TOR_OPTION5"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_OPTION6xx/'"$TOR_OPTION6"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_OPTION7xx/'"$TOR_OPTION7"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_OPTION8xx/'"$TOR_OPTION8"'/g' /etc/tor/torrc.relay
sed -i 's/xxTOR_OPTION9xx/'"$TOR_OPTION9"'/g' /etc/tor/torrc.relay
tor -f /etc/tor/torrc.relay
sleep 10

80
torrelay/assets/torrc.relay Normal file
View file

@ -0,0 +1,80 @@
## Stripped down configuration file for a tor relay mode
DataDirectory /var/lib/tor
PidFile /var/run/tor/tor.pid
RunAsDaemon 0
################ This section is just for relays #####################
#
## See https://www.torproject.org/docs/tor-doc-relay for details.
## Required: what port to advertise for incoming Tor connections.
ORPort 9001
## A handle for your relay, so people don't have to refer to it by key.
Nickname xxTOR_NICKxx
## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 kilobytes per second.
## Note that units for these config options are bytes (per second), not
## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,
## 2^20, etc.
#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)
#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)
## Use these to restrict the maximum traffic per day, week, or month.
## Note that this threshold applies separately to sent and received bytes,
## not to their sum: setting "4 GB" may allow up to 8 GB total before
## hibernating.
##
## Set a maximum of 4 gigabytes each way per period.
#AccountingMax 4 GBytes
## Each period starts daily at midnight (AccountingMax is per day)
#AccountingStart day 00:00
## Each period starts on the 3rd of the month at 15:00 (AccountingMax
## is per month)
#AccountingStart month 3 15:00
## Administrative contact information for this relay or bridge. This line
## can be used to contact you if your relay or bridge is misconfigured or
## something else goes wrong. Note that we archive and publish all
## descriptors containing these lines and that Google indexes them, so
## spammers might also collect them. You may want to obscure the fact that
## it's an email address and/or generate a new address for this purpose.
#ContactInfo Random Person <nobody AT example dot com>
## You might also include your PGP or GPG fingerprint if you have one:
ContactInfo xxTOR_CONTACTxx
## Uncomment this to mirror directory information for others. Please do
## if you have enough bandwidth.
DirPort 9030
## Bridge relays (or "bridges") are Tor relays that aren't listed in the
## main directory. Since there is no complete public list of them, even an
## ISP that filters connections to all the known Tor relays probably
## won't be able to block all the bridges. Also, websites won't treat you
## differently because they won't know you're running Tor. If you can
## be a real relay, please do; but if not, be a bridge!
BridgeRelay xxTOR_BRIDGExx
## By default, Tor will advertise your bridge to users through various
## mechanisms like https://bridges.torproject.org/. If you want to run
## a private bridge, for example because you'll give out your bridge
## address manually to your friends, uncomment this line:
#PublishServerDescriptor 0
## We are just a relay, so no exits or SOCKS are allowed
ExitPolicy reject *:*
SocksPort 0
xxTOR_OPTION1xx
xxTOR_OPTION2xx
xxTOR_OPTION3xx
xxTOR_OPTION4xx
xxTOR_OPTION5xx
xxTOR_OPTION6xx
xxTOR_OPTION7xx
xxTOR_OPTION8xx
xxTOR_OPTION9xx