1
0
mirror of https://github.com/mail-in-a-box/mailinabox.git synced 2024-11-22 02:17:26 +00:00

docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f9e and setting an environment variable)

This commit is contained in:
Joshua Tauberer 2014-05-01 22:39:45 -04:00
parent 2f6e0ded7a
commit acec82950b
3 changed files with 18 additions and 8 deletions

View File

@ -22,6 +22,9 @@ MAINTAINER Joshua Tauberer (http://razor.occams.info)
ENV PUBLIC_HOSTNAME box.local ENV PUBLIC_HOSTNAME box.local
ENV PUBLIC_IP 127.0.123.123 ENV PUBLIC_IP 127.0.123.123
# Docker-specific Mail-in-a-Box configuration.
ENV DISABLE_FIREWALL 1
# Our install will fail if SSH is installed and allows password-based authentication. # Our install will fail if SSH is installed and allows password-based authentication.
RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq -y openssh-server RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq -y openssh-server
RUN sed -i /etc/ssh/sshd_config -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" RUN sed -i /etc/ssh/sshd_config -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g"

View File

@ -20,7 +20,9 @@ function apt_install {
} }
function ufw_allow { function ufw_allow {
if [ -z "$DISABLE_FIREWALL" ]; then
# ufw has completely unhelpful output # ufw has completely unhelpful output
ufw allow $1 > /dev/null; ufw allow $1 > /dev/null;
fi
} }

View File

@ -32,9 +32,14 @@ apt_install python3
apt_install ntp fail2ban apt_install ntp fail2ban
# Turn on the firewall. First allow incoming SSH, then turn on the firewall. if [ -z "$DISABLE_FIREWALL" ]; then
# Other ports will be opened at the point where we set up those services. # Turn on the firewall. First allow incoming SSH, then turn on the firewall.
apt_install ufw # Other ports will be opened at the point where we set up those services.
ufw_allow ssh; #
ufw --force enable; # Various virtualized environments like Docker and some VPSs don't provide
# a kernel that supports iptables. To avoid error-like output in these cases,
# let us disable the firewall.
apt_install ufw
ufw_allow ssh;
ufw --force enable;
fi