This guide will help you set up a WebTunnel bridge using Docker to help censored users connect to the Tor network.
0. Configurez votre domaine et votre serveur web
Avant de suivre les instructions ci-dessous, il est nécessaire de configurer votre domaine et votre serveur Web.
Refer to the first part of the WebTunnel guide to see how to set up your website domain and web server.
1. Installez le moteur d’exécution Docker
The instructions in this step are for Debian-based systems, but you can find Docker instructions for other supported platforms.
# apt install curl sudo
$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh ./get-docker.sh
2. Run Dockerized WebTunnel bridge
Replace URL
with your domain and path (refer to the first part of the WebTunnel guide), and OPERATOR_EMAIL
with your email address, then run:
$ truncate --size 0 .env
$ echo "URL=https://yourdomain/and/path" >> .env
$ echo "OPERATOR_EMAIL=your@email.org" >> .env
$ echo "BRIDGE_NICKNAME=WTBr$(cat /dev/urandom | tr -cd 'qwertyuiopasdfghjklzxcvbnmMNBVCXZLKJHGFDSAQWERTUIOP0987654321'|head -c 10)" >> .env
$ echo "GENEDORPORT=4$(cat /dev/urandom | tr -cd '0987654321'|head -c 4)" >> .env
$ echo "WEBTUNNEL_ENABLE_ADDITIONAL_VARIABLES=1" >> .env
$ echo "WEBTUNNELV_AssumeReachable=1" >> .env
These commands will create an environment file (.env
) for the configuration of WebTunnel bridge.
3. Download the WebTunnel docker compose file
$ curl https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/webtunnel/-/raw/main/release/container/docker-compose.yml?inline=false > docker-compose.yml
4. Commencez votre pont WebTunnel
docker compose up -d
Note that this Docker compose file includes auto-update by default, and will update the WebTunnel bridge server without any further action.
Remove watchtower
to disable this behavior.
5. Testez votre pont WebTunnel
You can obtain your bridge line address and verify if it is working by running:
$ docker compose exec webtunnel-bridge get-bridge-line.sh
You can copy and paste the bridge line in Tor Browser, and it should work.
The IPv6 address you get is randomly generated and never used.
It's just there because the pluggable transport specification requires an IP address there.
By default, your docker WebTunnel bridge will be distributed via Bridges website.