Moving obfs4 bridge to container

I am an okay-ish gnu/linux hobbyist operating a obfs4 bridge on a machine that is currently running an ubuntu distro (MintOS).
Planning to re-format this machine to an ubuntu server in order to submerse myself into a command-line-only machine.
I originally planned to move the obfs4 bridge to a VM once the ubuntu server is installed. But, In the process of learning some stuff before making the move I learned about containers which seem to be useful in terms of efficiency and portability.
I would like to use podman to create a obfs4 container to run my bridge.
The torproject documentation of this process seems straight forward. Great job!

However, I am confused as to how to move my obfs4 bridge from a non-container to a container. I have already made a backup of the contents of my ‘/var/lib/tor/’ directory [which contains my bridges ‘/keys’ and ‘/pt_state’] as directed in the torproject documentation.
I am curious as to whether this is a simple as copying my ‘/keys’ and ‘/pt_state’ to the container in some way? Or manipulating the docker-compose.yml file or .env file in some way (mentioned in the torproject documentation).

Also, feel free to drop any extra noob-grade knowledge or resources pertaining to containers – always open to learning.
Hopefully this topic helps others in the future as we continue to adopt seemingly sweet container technology.

You can place your /keys and /pt_state into the data folder. See in the docker-compose.yml that you will be passing a local data folder to be used as volume by the obfs4 bridge in /var/lib/tor.

Good luck with the container.

Thank you for the help! I should have reviewed the entire docker-compose.yml file.

However, I am still having an issue with restoring my preexisting bridge – I suspect this to be to due to a /var/lib/tor directory permissions or ownership issue?

Here is the output for sudo podman logs CONTAINER-ID:

Using NICKNAME=<private>, OR_PORT=8675, PT_PORT=1443, and EMAIL=<private>.
Additional properties from 'OBFS4V_' environment variables processing enabled
Overriding 'ExtORPort' with value 'auto'
Overriding 'BandwidthRate' with value '500 KBytes'
Overriding 'AddressDisableIPv6' with value '1'
Overriding 'BandwidthBurst' with value '500 KBytes'
Starting tor.
Jan 07 23:17:36.834 [notice] Tor 0.4.7.10 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.4.8 and Glibc 2.31 as libc.
Jan 07 23:17:36.834 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://support.torproject.org/faq/staying-anonymous/
Jan 07 23:17:36.834 [notice] Read configuration file "/etc/tor/torrc".
Jan 07 23:17:36.836 [notice] Based on detected system memory, MaxMemInQueues is set to 5769 MB. You can override this by setting MaxMemInQueues by hand.
Jan 07 23:17:36.838 [notice] Opening OR listener on 0.0.0.0:8675
Jan 07 23:17:36.838 [notice] Opened OR listener connection (ready) on 0.0.0.0:8675
Jan 07 23:17:36.838 [notice] Opening OR listener on [::]:8675
Jan 07 23:17:36.838 [notice] Opened OR listener connection (ready) on [::]:8675
Jan 07 23:17:36.838 [notice] Opening Extended OR listener on 127.0.0.1:0
Jan 07 23:17:36.838 [notice] Extended OR listener listening on port 34191.
Jan 07 23:17:36.838 [notice] Opened Extended OR listener connection (ready) on 127.0.0.1:34191
Jan 07 23:17:36.838 [notice] Opening Extended OR listener on 127.0.0.1:0
Jan 07 23:17:36.838 [notice] Extended OR listener listening on port 46425.
Jan 07 23:17:36.838 [notice] Opened Extended OR listener connection (ready) on 127.0.0.1:46425
Jan 07 23:17:36.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Jan 07 23:17:37.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Jan 07 23:17:37.000 [notice] Configured to measure statistics. Look for the *-stats files that will first be written to the data directory in 24 hours from now.
Jan 07 23:17:37.000 [notice] Your Tor server's identity key  fingerprint is <private>
Jan 07 23:17:37.000 [notice] Your Tor bridge's hashed identity key  fingerprint is <private>
Jan 07 23:17:37.000 [notice] Your Tor server's identity key ed25519 fingerprint is <private>
Jan 07 23:17:37.000 [notice] You can check the status of your bridge relay at <private>
Jan 07 23:17:37.000 [notice] Bootstrapped 0% (starting): Starting
Jan 07 23:17:41.000 [notice] Starting with guard context "default"
Jan 07 23:17:41.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Jan 07 23:17:41.000 [notice] Registered server transport 'obfs4' at '[::]:1443'
Jan 07 23:17:41.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Jan 07 23:17:41.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Jan 07 23:17:42.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Jan 07 23:17:42.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Jan 07 23:17:42.000 [notice] Bootstrapped 52% (loading_descriptors): Loading relay descriptors
Jan 07 23:17:42.000 [notice] Unable to find IPv4 address for ORPort 8675. You might want to specify IPv6Only to it or set an explicit address or set Address.
Jan 07 23:17:44.000 [notice] Bootstrapped 60% (loading_descriptors): Loading relay descriptors
Jan 07 23:17:44.000 [notice] Bootstrapped 66% (loading_descriptors): Loading relay descriptors
Jan 07 23:17:45.000 [notice] Bootstrapped 72% (loading_descriptors): Loading relay descriptors
Jan 07 23:17:37.000 [notice] Your Tor server's identity key  fingerprint is <private>
Jan 07 23:17:37.000 [notice] Your Tor bridge's hashed identity key  fingerprint is <private>
Jan 07 23:17:37.000 [notice] Your Tor server's identity key ed25519 fingerprint is <private>
Jan 07 23:17:37.000 [notice] You can check the status of your bridge relay at <private>
Jan 07 23:17:37.000 [notice] Bootstrapped 0% (starting): Starting
Jan 07 23:17:41.000 [notice] Starting with guard context "default"
Jan 07 23:17:41.000 [notice] Bootstrapped 5% (conn): Connecting to a relay
Jan 07 23:17:41.000 [notice] Registered server transport 'obfs4' at '[::]:1443'
Jan 07 23:17:41.000 [notice] Bootstrapped 10% (conn_done): Connected to a relay
Jan 07 23:17:41.000 [notice] Bootstrapped 14% (handshake): Handshaking with a relay
Jan 07 23:17:42.000 [notice] Bootstrapped 15% (handshake_done): Handshake with a relay done
Jan 07 23:17:42.000 [notice] Bootstrapped 45% (requesting_descriptors): Asking for relay descriptors
Jan 07 23:17:42.000 [notice] Bootstrapped 52% (loading_descriptors): Loading relay descriptors
Jan 07 23:17:42.000 [notice] Unable to find IPv4 address for ORPort 8675. You might want to specify IPv6Only to it or set an explicit address or set Address.
Jan 07 23:17:44.000 [notice] Bootstrapped 60% (loading_descriptors): Loading relay descriptors
Jan 07 23:17:44.000 [notice] Bootstrapped 66% (loading_descriptors): Loading relay descriptors
Jan 07 23:17:45.000 [notice] Bootstrapped 72% (loading_descriptors): Loading relay descriptors
Jan 07 23:17:45.000 [notice] Bootstrapped 75% (enough_dirinfo): Loaded enough directory info to build circuits
Jan 07 23:17:45.000 [notice] Bootstrapped 80% (ap_conn): Connecting to a relay to build circuits
Jan 07 23:17:45.000 [notice] Bootstrapped 85% (ap_conn_done): Connected to a relay to build circuits
Jan 07 23:17:45.000 [notice] Bootstrapped 89% (ap_handshake): Finishing handshake with a relay to build circuits
Jan 07 23:17:46.000 [notice] Bootstrapped 90% (ap_handshake_done): Handshake finished with a relay to build circuits
Jan 07 23:17:46.000 [notice] Bootstrapped 95% (circuit_create): Establishing a Tor circuit
Jan 07 23:17:46.000 [notice] Bootstrapped 100% (done): Done

Note: I did not edit my docker-compose.yml file.

Here is a screenshot of my DD-WRT port forwarding setup:


Note: I re-confirmed that my private ipv4 address

Here is output from sudo ufw status:

Status: active

To                         Action      From
--                         ------      ----               
1443                       ALLOW       Anywhere                  
8675                       ALLOW       Anywhere                                              
1443 (v6)                  ALLOW       Anywhere (v6)             
8675 (v6)                  ALLOW       Anywhere (v6)             
... <private>

Here is the outout of ls -lhai /var/lib/tor:

total 9.9M
2625982 drwx--S---  4 debian-tor debian-tor 4.0K Jan  7 23:24 .
2621447 drwxr-xr-x 53 root       root       4.0K Jan  7 22:47 ..
2621849 -rw-------  1 debian-tor debian-tor  20K Jan  7 22:47 cached-certs
2623690 -rw-------  1 debian-tor debian-tor 2.1M Jan  7 22:47 cached-microdesc-consensus
2621740 -rw-------  1 debian-tor debian-tor 7.8M Jan  7 22:47 cached-microdescs.new
2621717 drw---S---  2 debian-tor debian-tor 4.0K Jan  7 22:55 keys
2625996 -rw-------  1 debian-tor debian-tor    0 Jan  7 22:47 lock
2621723 drw---S---  2 debian-tor debian-tor 4.0K Jan  7 22:53 pt_state
02621733 -rw-------  1 debian-tor debian-tor 4.3K Jan  7 22:57 state

Here is the output of ls -lhai /var/lib/tor/keys:

total 36K
2621717 drwxrwsrwx 2 debian-tor debian-tor 4.0K Jan  7 22:55 .
2625982 drwx--S--- 4 debian-tor debian-tor 4.0K Jan  7 23:22 ..
2625953 -rw------- 1 debian-tor debian-tor   64 Jan  7 22:55 ed25519_master_id_public_key
2625968 -rw------- 1 debian-tor debian-tor   96 Jan  7 22:55 ed25519_master_id_secret_key
2625213 -rw------- 1 debian-tor debian-tor  172 Jan  7 22:55 ed25519_signing_cert
2625972 -rw------- 1 debian-tor debian-tor   96 Jan  7 22:55 ed25519_signing_secret_key
2625956 -rw------- 1 debian-tor debian-tor  892 Jan  7 22:55 secret_id_key
2625955 -rw------- 1 debian-tor debian-tor  888 Jan  7 22:55 secret_onion_key
2625969 -rw------- 1 debian-tor debian-tor   96 Jan  7 22:55 secret_onion_key_ntor

Here is the output of ls -lhai /var/lib/tor/pt_state:

total 16K
2621723 drwxrwsrwx 2 debian-tor debian-tor 4.0K Jan  7 22:53 .
2625982 drwx--S--- 4 debian-tor debian-tor 4.0K Jan  7 23:22 ..
2623697 -rw------- 1 debian-tor debian-tor  570 Jan  7 22:52 obfs4_bridgeline.txt
2625948 -rw------- 1 debian-tor debian-tor  291 Jan  7 22:52 obfs4_state.json
~                                                                                   

Any ideas?
Thanks again