Commit acec8295 authored by Joshua Tauberer's avatar Joshua Tauberer

docker: disable the ufw firewall because it is not supported in a docker...

docker: disable the ufw firewall because it is not supported in a docker container and produces a lot of error output (by reverting a510e08f and setting an environment variable)
parent 2f6e0ded
...@@ -22,6 +22,9 @@ MAINTAINER Joshua Tauberer (http://razor.occams.info) ...@@ -22,6 +22,9 @@ MAINTAINER Joshua Tauberer (http://razor.occams.info)
ENV PUBLIC_HOSTNAME box.local ENV PUBLIC_HOSTNAME box.local
ENV PUBLIC_IP 127.0.123.123 ENV PUBLIC_IP 127.0.123.123
# Docker-specific Mail-in-a-Box configuration.
ENV DISABLE_FIREWALL 1
# Our install will fail if SSH is installed and allows password-based authentication. # Our install will fail if SSH is installed and allows password-based authentication.
RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq -y openssh-server RUN DEBIAN_FRONTEND=noninteractive apt-get install -qq -y openssh-server
RUN sed -i /etc/ssh/sshd_config -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g" RUN sed -i /etc/ssh/sshd_config -e "s/^#PasswordAuthentication yes/PasswordAuthentication no/g"
......
...@@ -20,7 +20,9 @@ function apt_install { ...@@ -20,7 +20,9 @@ function apt_install {
} }
function ufw_allow { function ufw_allow {
# ufw has completely unhelpful output if [ -z "$DISABLE_FIREWALL" ]; then
ufw allow $1 > /dev/null; # ufw has completely unhelpful output
ufw allow $1 > /dev/null;
fi
} }
...@@ -32,9 +32,14 @@ apt_install python3 ...@@ -32,9 +32,14 @@ apt_install python3
apt_install ntp fail2ban apt_install ntp fail2ban
# Turn on the firewall. First allow incoming SSH, then turn on the firewall. if [ -z "$DISABLE_FIREWALL" ]; then
# Other ports will be opened at the point where we set up those services. # Turn on the firewall. First allow incoming SSH, then turn on the firewall.
apt_install ufw # Other ports will be opened at the point where we set up those services.
ufw_allow ssh; #
ufw --force enable; # Various virtualized environments like Docker and some VPSs don't provide
# a kernel that supports iptables. To avoid error-like output in these cases,
# let us disable the firewall.
apt_install ufw
ufw_allow ssh;
ufw --force enable;
fi
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment