HiddenServicePort won't bind to unix socket in Docker container

Hello everyone,

I am working on a project which automates the deployment of a HiddenService using Docker.
The only issue I have been struggling with is with HiddenServicePort failing to bind to a unix socket.

The unix socket just doesn’t get created, and I cannot find anything useful from the debug logs either.


User debian-tor
UseBridges 1

DataDirectory /var/lib/tor

ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck
ControlSocketsGroupWritable 1
SocksPort unix:/var/run/tor/www.sock WorldWritable
SocksPort 9050

ClientTransportPlugin snowflake exec /usr/bin/snowflake-client
Bridge snowflake 8838024498816A039FCBBAB14E6F40A0843051FA fingerprint=8838024498816A039FCBBAB14E6F40A0843051FA url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.net:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
Bridge snowflake 2B280B23E1107BB62ABFC40DDCC8824814F80A72 fingerprint=2B280B23E1107BB62ABFC40DDCC8824814F80A72 url=https://snowflake-broker.torproject.net.global.prod.fastly.net/ front=cdn.sstatic.net ice=stun:stun.l.google.com:19302,stun:stun.antisip.com:3478,stun:stun.bluesip.net:3478,stun:stun.dus.net:3478,stun:stun.epygi.com:3478,stun:stun.sonetel.com:3478,stun:stun.uls.co.za:3478,stun:stun.voipgate.com:3478,stun:stun.voys.nl:3478 utls-imitate=hellorandomizedalpn
ClientOnionAuthDir /var/lib/tor 

## Logs go to stdout at level "notice" unless redirected by something
## else, like one of the below lines. You can have as many Log lines as
## you want.
## We advise using "notice" in most cases, since anything more verbose
## may provide sensitive information to an attacker who obtains the logs.
## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
Log notice file /var/log/tor/notices.log
## Send every possible message to /var/log/tor/debug.log
Log debug file /var/log/tor/debug.log
## Use the system log instead of Tor's logfiles
#Log notice syslog
## To send all messages to stderr:
#Log debug stderr

RunAsDaemon 1

# Tor httpd ServerRoot
HiddenServiceDir /var/lib/tor/hiddenservices
#HiddenServicePort 80
HiddenServicePort 80 unix:/var/run/tor/www.sock

Any idea? Thanks


In this setup, tor isn’t the one which should create to socket and bind it: it connect to the socket as a client.
I don’t know what application you want to make available over an onion service, but it’s the role of that application to create and bind the uds, so that tor can forward to it what it received over the network.
Note that this isn’t very different from when using a tcp socket: the application binds a port, and tor forward connections to that port.


Oh understood, I was doing the other way around. I got it working now. Thanks

1 Like