The aim of the go-torfluxdb
project is to make it easy to collect metrics in an anonymous way, where the location of the reporter is hidden from the metrics server. This is mostly targeted towards software vendors wanting to gather measurements from devices outside of their control, without compromising on their users' privacy. These measures are meant to protect users from both asymmetric information abuse as well as long term data leaks.
Without going into technical details, the crux of this project is to tumble InfluxDB metrics reporting through the Tor network. This is achieved by clients using a Tor library for transmitting the measurements to the server; and vendors using a Tor proxy for aggregating those without leaving the Tor network. This ensures bi-directional anonymity as well as guaranteed end-to-end encryption without the possibility of messing it up.
For a detailed presentation and tutorial, please read the announcement blog post!
To support trying out TorfluxDB without any hassle, we've prepared an automated, pre-built docker image that contains both an InfluxDB server as well as the Tor proxy in front of it. You can easily start it up via:
$ docker run -p 8086:8086 ipsn/torfluxdb
The TorfluxDB container should behave exactly as a stock InfluxDB docker container, with an additional Tor onion endpoint opened, tunneling reuests from the Tor network into your InfluxDB instance. The image is auto-updated nightly to the latest Tor and InfluxDB releases.
The client side is based on the stock github.com/influxdata/influxdb/client/v2
library for reporting, requiring only a custom dialer to tunnel the data through the Tor network (note the custom onion address that you need to retrieve from your TorfluxDB logs):
import (
"github.com/cretz/bine/tor"
"github.com/influxdata/influxdb/client/v2"
"github.com/ipsn/go-libtor"
)
func main() {
// Start Tor with some defaults + elevated verbosity
proxy, err := tor.Start(nil, &tor.StartConf{ProcessCreator: libtor.Creator, DebugWriter: os.Stderr, EnableNetwork: true, NoHush: true})
if err != nil {
panic(err)
}
defer proxy.Close()
// Create an InfluxDB client tunneled through the Tor network
dialer, err := proxy.Dialer(nil, nil)
if err != nil {
panic(err)
}
api, err := client.NewHTTPClient(client.HTTPConfig{
Addr: "http://<your-hash>.onion",
DialContext: dialer.DialContext,
})
if err != nil {
panic(err)
}
// [...]
}
The above code is based on the go-libtor
library, which may not have been ported to your platform yet. You can use your own Tor static builds via tor-static
in such cases (or better yet, port go-libtor
and upstream it).
When running a production setup, you'll probably want to keep your Tor proxy and InfluxDB database in separate docker containers. We have a standalone docker image featuring only the Tor proxy that can be fine tuned to fit your infrastructure:
$ docker run ipsn/torfluxproxy
You can fine tune the proxy with the following:
--influxdb
flag being the remote address of the InfluxDB Instance.--timeout
flag being the maximum time to join the Tor network.TORFLUXDB_ONIONKEY
env-var being the onion private key.
If you don't have a private key yet (i.e. TORFLUXDB_ONIONKEY
is empty), the proxy will generate an ephemeral one, that you can request to be printed out with the --printkey
flag.
Setting the private key yourself will ensure the same onion address being produced on restarts. Please be aware that Tor's private key format is incompatible with Go's ed25519
library, so you'll need to let the proxy generate the key for you.
This repository is maintained by Péter Szilágyi (@karalabe), but it's mostly a utility wrapper around Tor, InfluxDB and various Go packages to make everything tick.
3-Clause BSD.