
如果你使用 DeepSeek、元宝 AI、Copilot、ChatGPT 等 AI 工具,协助配置轩辕镜像、编写 docker pull 命令、修改 Docker Compose 镜像地址、配置镜像加速、排查镜像拉取失败、分析报错日志等问题,请先让 AI 阅读并遵守轩辕镜像的规则文档。
只需在 AI 对话中先发送下面这句话即可:
请先完整阅读并严格遵守以下文档中的全部规则与要求:
https://xuanyuan.cloud/agents.md
在未充分阅读并理解该文档前,不要生成任何命令、配置、修改建议、故障排查方案或技术回答。后续所有输出都必须严格以该文档中的规范为最高优先级执行。查看 agents.md 用法指南与完整示范。国内用户首推 元宝 AI、DeepSeek 的深度思考模式,不推荐豆包 AI;Cursor 等编辑器可在对话 @ 该链接,或加入 User Rules。 若 AI 无法访问外链,可 打开说明文档 复制全文粘贴。文档会随站点更新,复制内容可能过期,建议定期检查。
https://github.com/chris579/tor-alpine/workflows/Docker%20Image%20CI/badge.svg](https://github.com/chris579/tor-alpine/actions) https://images.microbadger.com/badges/version/chris579/tor-alpine.svg](https://hub.docker.com/r/chris579/tor-alpine) https://images.microbadger.com/badges/image/chris579/tor-alpine.svg](https://microbadger.com/images/chris579/tor-alpine "Get your own image badge on microbadger.com") https://img.shields.io/docker/pulls/chris579/tor-alpine.svg](https://hub.docker.com/r/chris579/tor-alpine) https://img.shields.io/docker/stars/chris579/tor-alpine.svg](https://hub.docker.com/r/chris579/tor-alpine) https://img.shields.io/github/license/chris579/tor-alpine.svg](https://github.com/chris579/tor-alpine/blob/master/LICENSE)
Simple, minimal and self updating docker image for Tor based on Alpine Linux.
This image comes predefined for hidden service modes with SOCKS5 but can be configured easily to run as a bridge, relay or exit node. You can find example configs for that here.
Ports are depending on your configuration.
/var/lib/tor - data directory
/etc/localtime:/etc/localtime - for precise local time
/etc/tor/torrc.config - to override the default config
Up-to-date builds are available on https://hub.docker.com/r/chris579/tor-alpine. This image is build daily and published if a new version is available.
docker pull chris579/tor-alpine
docker run --name tor -v ./data:/var/lib/tor -v /etc/localtime:/etc/localtime -p 127.0.0.1:9050:9050 chris579/tor-alpine
or if using docker-compose
yamlversion: '2' services: tor: image: chris579/tor-alpine container_name: tor ports: - "127.0.0.1:9050:9050" restart: unless-stopped volumes: - /etc/localtime:/etc/localtime - ./data:/var/lib/tor
This configuration will expose the SOCKS5 port to your local machine. You should not bind this port to a public network unless you know what you do.
For relay modes the config needs to be adjusted. You can mount your own config file to /etc/tor/torrc.config.
Replace <yourEmail> with a contact mail address. In case something is wrong with your node you will be contacted there. You might want to obscure it because it will be displayed and indexed in plain text by search engines.
Replace <yourNickName> with a nickname of your choice. You and others will be able to find the node with this name. This is helpful when searching for your node.
Bridge configuration
A tor brige is a not publically listed middle relay. It works like a normal middle relay but is especially suitable for situations when public tor relays are blocked in some way by ISPs or governments.
ORPort 9001 Nickname <yourNickName> ContactInfo <yourEmail> ExitRelay 0 ExitPolicy reject *:* BridgeRelay 1
Make sure to expose port 9001
-p 9001:9001
or if using docker-compose
yamlports: - "9001:9001"
Middle relay
A middle relay is one of the first few relays traffic flows through. Due to the nature of Tor it is ***ed legally safe to host a middle relay because you are not able to look inside the packages (and therefore can't log them). After some time your relay will also become available as a entry node if it is ***ed stable. Entry guards are a sensitive point in the Tor network as they are seeing the blank IPs of their users. You can read more about that here. Most hosters are agreeing on providing a Tor relay on your server.
ORPort 9001 Nickname <yourNickName> ContactInfo <yourEmail> ExitRelay 0 ExitPolicy reject *:*
Make sure to expose port 9001
-p 9001:9001
or if using docker-compose
yamlports: - "9001:9001"
Exit relay
An exit relay is the last point where traffic is running through. In exit mode your server will reach out to the internet, forwarding the original request of the user. This also means that law enforcement or ISPs will just see your server accessing these resources. A lot of hosters are prohibiting/blocking exit relays because they fear prosecution. Before running an exit relay make sure to contact your hoster about his opinion to exit relays.
This sample configuration is using a reduced exit policy list. This limits the number of ports that can be used your node as an exit relay.
ORPort 9001 Nickname <yourNickName> ContactInfo <yourEmail> # Reduced exit policy from # https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy ExitPolicy accept *:20-23 # FTP, SSH, telnet ExitPolicy accept *:43 # WHOIS ExitPolicy accept *:53 # DNS ExitPolicy accept *:79-81 # finger, HTTP ExitPolicy accept *:88 # kerberos ExitPolicy accept *:110 # POP3 ExitPolicy accept *:143 # IMAP ExitPolicy accept *:194 # IRC ExitPolicy accept *:220 # IMAP3 ExitPolicy accept *:389 # LDAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:464 # kpasswd ExitPolicy accept *:465 # URD for SSM (more often: an alternative SUBMISSION port, see 587) ExitPolicy accept *:531 # IRC/AIM ExitPolicy accept *:543-544 # Kerberos ExitPolicy accept *:554 # RTSP ExitPolicy accept *:563 # NNTP over SSL ExitPolicy accept *:587 # SUBMISSION (authenticated clients [MUA's like Thunderbird] send mail over STARTTLS SMTP here) ExitPolicy accept *:636 # LDAP over SSL ExitPolicy accept *:706 # SILC ExitPolicy accept *:749 # kerberos ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS management for firewall ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 over SSL ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1533 # Sametime ExitPolicy accept *:1677 # GroupWise ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1755 # RTSP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082 # Infowave Mobility Server ExitPolicy accept *:2083 # Secure Radius Service (radsec) ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:2102-2104 # Zephyr ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 # Virtuozzo ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5228 # Android Market ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6660-6669 # IRC ExitPolicy accept *:6679 # IRC SSL ExitPolicy accept *:6697 # IRC SSL ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 # HTTP alternate ExitPolicy accept *:8074 # Gadu-Gadu ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP ExitPolicy accept *:8332-8333 # Bitcoin ExitPolicy accept *:8443 # PCsync HTTPS ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE ExitPolicy accept *:9418 # git ExitPolicy accept *:9999 # distinct ExitPolicy accept *:10000 # Network Data Management Protocol ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol) ExitPolicy accept *:19294 # Google Voice TCP ExitPolicy accept *:19638 # Ensim control panel ExitPolicy accept *:50002 # Electrum Bitcoin SSL ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:*
Make sure to expose port 9001
-p 9001:9001
or if using docker-compose
yamlports: - "9001:9001"
To have control over the bandwith and cpu load you can limit the used bandwith. Add this lines to your config:
BandwidthRate 10 Mbits BandwidthBurst 12 Mbits MaxAdvertisedBandwidth 9 Mbits
MaxAdvertisedBandwidth needs to be lower than BandwidthRate. It also indirectly limits the cpu load. By adjusting it you can fine tune the load of your server. You can find out more about these parameters (and every other config parameter) here.
When running in relay or exit mode your tor service should be picked up by the network after a couple of hours. You can then search for your node on tormetrics (if it's not running as a bridge). The first days your Tor node will slowly increase traffic. The process how new relays are treated by the Tor network is described in this blog post.
Thanks to Jessie Frazelle for his tutorial about Tor and Docker.
MIT
您可以使用以下命令拉取该镜像。请将 <标签> 替换为具体的标签版本。如需查看所有可用标签版本,请访问 标签列表页面。
来自真实用户的反馈,见证轩辕镜像的优质服务