mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-22 02:17:26 +00:00
docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f9e
and setting an environment variable)
This commit is contained in:
parent
2f6e0ded7a
commit
acec82950b
@ -22,6 +22,9 @@ MAINTAINER Joshua Tauberer (http://razor.occams.info)
|
|||||||
ENV PUBLIC_HOSTNAME box.local
|
ENV PUBLIC_HOSTNAME box.local
|
||||||
ENV PUBLIC_IP 127.0.123.123
|
ENV PUBLIC_IP 127.0.123.123
|
||||||
|
|
||||||
|
# Docker-specific Mail-in-a-Box configuration.
|
||||||
|
ENV DISABLE_FIREWALL 1
|
||||||
|
|
||||||
# Our install will fail if SSH is installed and allows password-based authentication.
|
# Our install will fail if SSH is installed and allows password-based authentication.
|
||||||
RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq -y openssh-server
|
RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq -y openssh-server
|
||||||
RUN sed -i /etc/ssh/sshd_config -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g"
|
RUN sed -i /etc/ssh/sshd_config -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g"
|
||||||
|
@ -20,7 +20,9 @@ function apt_install {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function ufw_allow {
|
function ufw_allow {
|
||||||
|
if [ -z "$DISABLE_FIREWALL" ]; then
|
||||||
# ufw has completely unhelpful output
|
# ufw has completely unhelpful output
|
||||||
ufw allow $1 > /dev/null;
|
ufw allow $1 > /dev/null;
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -32,9 +32,14 @@ apt_install python3
|
|||||||
|
|
||||||
apt_install ntp fail2ban
|
apt_install ntp fail2ban
|
||||||
|
|
||||||
# Turn on the firewall. First allow incoming SSH, then turn on the firewall.
|
if [ -z "$DISABLE_FIREWALL" ]; then
|
||||||
# Other ports will be opened at the point where we set up those services.
|
# Turn on the firewall. First allow incoming SSH, then turn on the firewall.
|
||||||
apt_install ufw
|
# Other ports will be opened at the point where we set up those services.
|
||||||
ufw_allow ssh;
|
#
|
||||||
ufw --force enable;
|
# Various virtualized environments like Docker and some VPSs don't provide
|
||||||
|
# a kernel that supports iptables. To avoid error-like output in these cases,
|
||||||
|
# let us disable the firewall.
|
||||||
|
apt_install ufw
|
||||||
|
ufw_allow ssh;
|
||||||
|
ufw --force enable;
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user