Ximaz · Ximaz · Dec 11, 2025 · Dec 11, 2025 · Dec 11, 2025
diff --git a/.github/workflows/build-tor-toolchain-image.yml b/.github/workflows/build-tor-toolchain-image.yml
@@ -57,8 +57,10 @@ jobs:
           context: .
           file: Dockerfile
           push: true
-          platforms: linux/amd64,linux/arm64
+          platforms: linux/amd64
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           cache-from: type=gha
           cache-to: type=gha,mode=max
+          build-args:
+            TOR_VERSION=0.4.8.21
diff --git a/Dockerfile b/Dockerfile
@@ -16,8 +16,6 @@ RUN curl --request GET "${TOR_URL}" \
 
 RUN tar --strip-components=1 -x -f "${TOR_FILE}" -C . -p
 
-RUN ls -altr
-
 RUN apk add automake \
     autoconf
 

diff --git a/README.md b/README.md
@@ -24,3 +24,28 @@ docker compose -f docker-compose.yml build
 
 At the end, you should have a new image called `tor-toolchain`, from which you
 can derive new Docker image in order to, let's say, use a custom `torrc` config.
+
+## Tor Proxy
+
+A `tor-proxy` Docker Compose service has been added which lets you setup a Tor
+proxy locally easily. It is a `SOCK5` proxy, reachable on port `9050`, with a
+Controller on port `9051`.
+
+To start the proxy, use the following command :
+```bash
+docker compose -f docker-compose.yml up tor-proxy --build -d
+```
+The default `torrc` configuration can be modified at the root of the project to
+satisfy your needs.
+
+Once started, make sure it works fine before attempting anything else. Use the
+following command to ensure the proxy is reachable and works as expected :
+```bash
+curl -s -x socks5h://127.0.0.1:9050 https://check.torproject.org | \
+grep "Congratulations. This browser is configured to use Tor." >/dev/null && \
+echo "Protected." || "Careful, you are not protected."
+```
+
+If you see `Protected.`, your proxy is setup correctly and locally reachable. If
+not, you should check the logs of the container, something is not working as
+expected, thus you are not protected yet.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -7,3 +7,18 @@ services:
       dockerfile: ./Dockerfile
       args:
         - TOR_VERSION=0.4.8.21
+
+  tor-proxy:
+    image: tor-toolchain:latest
+    container_name: tor-proxy
+    build:
+      context: .
+      dockerfile: ./Dockerfile
+      args:
+        - TOR_VERSION=0.4.8.21
+    volumes:
+      - ./torrc:/torrc:ro
+    entrypoint: ["tor", "-f", "/torrc"]
+    ports:
+      - "9050:9050"
+      - "9051:9051"
diff --git a/torrc b/torrc
@@ -0,0 +1,9 @@
+# Listen on localhost for SOCKS5 connections
+SocksPort 0.0.0.0:9050
+
+# Optional: Control port for Tor management (e.g., for apps like Stem)
+ControlPort 9051
+
+# Optional: Use strict exit policies to prevent Tor from acting as a relay
+ExitRelay 0
+ExitPolicy reject *:*