Can't connect to dockerized tor proxy

Question

On Lubuntu I was able to use tor just by installing it and then connecting to its socks proxy, but on docker with alpine it doesn't seem to be that easy. Since I left my /etc/tor/torrc the way it came, it only consisted of lines that were commented out. So for alpine I just used the torrc.sample file which also only had lines that were commented out.

Here is my Dockerfile:

FROM alpine:latest
RUN apk update && apk upgrade && apk add tor curl && rm /var/cache/apk/* && cp /etc/tor/torrc.sample /etc/tor/torrc 
EXPOSE 9050
USER tor
CMD /usr/bin/tor -f /etc/tor/torrc

Then I just ran:

$ sudo docker build -t tor .
$ sudo docker run --name tor -p 9050:9050 tor
$ curl -x socks5://localhost:9050 -k https://23.128.64.134/ip
curl: (7) Unable to receive initial SOCKS5 response.
$ curl -x socks4://localhost:9050 -k https://23.128.64.134/ip
curl: (7) Failed to receive SOCKS4 connect request ack.

But as you can see I'm not able to connect. Neither via socks4 nor via socks5.

I can't seem to figure out why this isn't working. I've already tried using different ports and host names (127.0.0.1 instead of localhost), but nothing is working.

What am I doing wrong?

Edit:

Interestingly though, this appears to work:

$ sudo docker exec -ti tor curl -x socks5://localhost:9050 -k https://23.128.64.134/ip
185.220.101.69

(185.220.101.69 is indeed a Tor exit node IP address)

So what could be wrong here? Why can't I access it from the outside? Even nmap is reporting that it can see the port (when run outside of the container):

9050/tcp open  tor-socks

Edit2: I added the -v-flag to curl and enabled more verbose logging in tor via echo "Log info stdout" > /etc/tor/torrc.

The tor log doesn't change at all when I run the curl command from outside the container. The curl output also doesn't show anything helpful:

$ curl -v -x socks5://localhost:9050 -k https://23.128.64.134/ip
*   Trying ::1:9050...
* TCP_NODELAY set
* SOCKS5 communication to 23.128.64.134:443
* Unable to receive initial SOCKS5 response.
* Closing connection 0
curl: (7) Unable to receive initial SOCKS5 response.

$ curl -v -x socks5://127.0.0.1:9050 -k https://23.128.64.134/ip
*   Trying 127.0.0.1:9050...
* TCP_NODELAY set
* SOCKS5 communication to 23.128.64.134:443
* Unable to receive initial SOCKS5 response.
* Closing connection 0
curl: (7) Unable to receive initial SOCKS5 response.

Answer 1

I managed to figure it out. The problem is that Tor by default doesn't bind to all interfaces (as in 0.0.0.0) which doesn't play nicely with Docker.

This can be fixed by adding SocksPort 0.0.0.0:9050 to the /etc/tor/torrc.

So the solution is:

FROM alpine:latest
RUN apk update && apk upgrade && \
    apk add tor curl && \
    rm /var/cache/apk/* && \
    cp /etc/tor/torrc.sample /etc/tor/torrc && \
    echo "SocksPort 0.0.0.0:9050" > /etc/tor/torrc
EXPOSE 9050
USER tor
CMD /usr/bin/tor -f /etc/tor/torrc

Then everything works as expected:

$ sudo docker build -t tor .
$ sudo docker run --name tor -p 9050:9050 tor
$ curl -x socks5://localhost:9050 https://ifconfig.io/ip
190.216.2.136