Infra-Mirrors/docker-swag
1
0
Fork 0
mirror of https://github.com/linuxserver/docker-swag.git synced 2024-12-25 23:39:26 -05:00
Code Issues Packages Projects Releases Wiki Activity

Support disabling f2b

Browse Source
This commit is contained in:
thespad 2024-12-17 20:34:13 +00:00
parent 2dc24f90c7
commit 589b80e492
No known key found for this signature in database
4 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -189,6 +189,7 @@ services:
- ONLY_SUBDOMAINS=false #optional
- EXTRA_DOMAINS= #optional
- STAGING=false #optional
- DISABLE_F2B= #optional
volumes:
- /path/to/swag/config:/config
ports:
@ -216,6 +217,7 @@ docker run -d \
-e ONLY_SUBDOMAINS=false `#optional` \
-e EXTRA_DOMAINS= `#optional` \
-e STAGING=false `#optional` \
-e DISABLE_F2B= `#optional` \
-p 443:443 \
-p 80:80 `#optional` \
-v /path/to/swag/config:/config \
@ -244,6 +246,7 @@ Containers are configured using parameters passed at runtime (such as those abov
| `-e ONLY_SUBDOMAINS=false` | If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true` |
| `-e EXTRA_DOMAINS=` | Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org` |
| `-e STAGING=false` | Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes. |
| `-e DISABLE_F2B=` | Set to `true` to disable the Fail2ban service in the container, if you're already running it elsewhere or using a different IPS. |
| `-v /config` | Persistent config files |
| `--read-only=true` | Run container with a read-only filesystem. Please [read the docs](https://docs.linuxserver.io/misc/read-only/). |
| `--cap-add=NET_ADMIN` | Required for fail2Ban to be able to modify iptables rules. |

1
readme-vars.yml
View File

@ -37,6 +37,7 @@ opt_param_env_vars:
- {env_var: "ONLY_SUBDOMAINS", env_value: "false", desc: "If you wish to get certs only for certain subdomains, but not the main domain (main domain may be hosted on another machine and cannot be validated), set this to `true`"}
- {env_var: "EXTRA_DOMAINS", env_value: "", desc: "Additional fully qualified domain names (comma separated, no spaces) ie. `example.net,subdomain.example.net,*.example.org`"}
- {env_var: "STAGING", env_value: "false", desc: "Set to `true` to retrieve certs in staging mode. Rate limits will be much higher, but the resulting cert will not pass the browser's security test. Only to be used for testing purposes."}
- {env_var: "DISABLE_F2B", env_value: "", desc: "Set to `true` to disable the Fail2ban service in the container, if you're already running it elsewhere or using a different IPS."}
opt_param_usage_include_ports: true
opt_param_ports:
- {external_port: "80", internal_port: "80", port_desc: "HTTP port (required for HTTP validation and HTTP -> HTTPS redirect)"}

2
root/etc/s6-overlay/s6-rc.d/init-fail2ban-config/run
View File

@ -1,7 +1,7 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]]; then
if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]] && [[ "${DISABLE_F2B,,}" != "true" ]]; then
if ! iptables -L &> /dev/null; then
ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/iptables
ln -sf /usr/sbin/xtables-legacy-multi /usr/sbin/iptables-save

2
root/etc/s6-overlay/s6-rc.d/svc-fail2ban/run
View File

@ -1,7 +1,7 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]]; then
if [[ -z ${LSIO_READ_ONLY_FS} ]] && [[ -z ${LSIO_NON_ROOT_USER} ]] && [[ "${DISABLE_F2B,,}" != "true" ]]; then
exec \
fail2ban-client -x -f start
else