TEE Anyone anon (hidden) Service
This docker compose example sets up a Anon hidden service and serves an nginx website from that. Unlike other Dstack examples using tproxy, this one avoids exposing ports on the host at all. It uses the Anyone network itself as a reverse proxy.
Overview
The setup consists of two main components:
- A Anon service that creates and manages the hidden service
- An Nginx server that serves the TEE attestation data
When accessed through Anyone network, the service displays:
- The .anon address it's serving on
- TDX remote attestation from /var/run/tappd.sock
The remote attestation uses the hash of the .anon address as the quote report data.
The service automatically generates a new .anon address on first launch and maintains it across restarts through the persistent anon_data volume.
To run locally
- Run the containers:
docker compose up -d - The anon address will be displayed in the Nginx container logs:
docker compose logs nginx
URLs
- Website: https://anyone.io
- Documentation: https://docs.anyone.io
- Social: https://x.com/AnyoneFDN