Merge pull request #91 from Roxedus/swag-cloudflare-real-ip

Add Swag-cloudflare-real-ip
2026-06-17 13:52:56 -04:00 · 2020-10-25 20:29:31 -04:00
parent ca3be57894 fd476f50c3
commit b8233cc0a9
8 changed files with 59 additions and 101 deletions
@@ -0,0 +1,30 @@
+name: Build Image
+
+on: [push, pull_request, workflow_dispatch]
+
+jobs:
+  build:
+    env:
+      DOCKERHUB: "linuxserver/mods" #don't modify
+      BASEIMAGE: "swag" #replace
+      MODNAME: "cloudflare-real-ip" #replace
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2.3.3
+
+      - name: Build image
+        id: build
+        run: |
+          docker build --no-cache -t ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} .
+
+      - name: Push image
+        if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }}
+        run: |
+          # Tag image
+          docker tag ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}
+          # Login to DockerHub
+          echo ${{ secrets.DOCKERPASS }} | docker login -u ${{ secrets.DOCKERUSER }} --password-stdin
+          # Push all of the tags
+          docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${{ github.sha }}
+          docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}
@@ -1,35 +0,0 @@
-os: linux
-
-language: shell
-
-branches:
-  only:
-    - <baseimagename>-<modname> #replace variables, omit brackets
-
-services:
-  - docker
-
-env:
-  global:
-    - DOCKERHUB="linuxserver/mods" #don't modify
-    - BASEIMAGE="baseimagename" #replace
-    - MODNAME="modname" #replace
-
-jobs:
-  include:
-    - stage: PR-BuildImage
-      if: (type IN (pull_request))
-      script:
-        # Build image
-        - docker build --no-cache -t ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} .
-    - stage: BuildImage
-      if: (NOT (type IN (pull_request)))
-      script:
-        # Build image
-        - docker build --no-cache -t ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} .
-        - docker tag ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}
-        # Login to DockerHub
-        - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin
-        # Push all of the tags
-        - docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT}
-        - docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}
@@ -1,6 +1,6 @@
 FROM scratch

-LABEL maintainer="username"
+LABEL maintainer="Roxedus"

 # copy local files
 COPY root/ /
@@ -1,23 +0,0 @@
-## Buildstage ##
-FROM lsiobase/alpine:3.12 as buildstage
-
-RUN \
- echo "**** install packages ****" && \
- apk add --no-cache \
-	curl && \
- echo "**** grab rclone ****" && \
- mkdir -p /root-layer && \
- curl -o \
-	/root-layer/rclone.deb -L \
-	"https://downloads.rclone.org/v1.47.0/rclone-v1.47.0-linux-amd64.deb"
-
-# copy local files
-COPY root/ /root-layer/
-
-## Single layer deployed image ##
-FROM scratch
-
-LABEL maintainer="username"
-
-# Add files from buildstage
-COPY --from=buildstage /root-layer/ /
@@ -1,17 +1,23 @@
-# Rsync - Docker mod for openssh-server
+# cloudflare_real-ip - Docker mod for SWAG

-This mod adds rsync to openssh-server, to be installed/updated during container start.
+This mod adds a startup scipt that gets the IP's from Cloudflares edge servers, and formats them in a format Nginx can use with `set_real_ip_from`.

-In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync`
+It reads this [list for IPv4](https://www.cloudflare.com/ips-v4), and this [list for IPV6](https://www.cloudflare.com/ips-v6).

-If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-rsync|linuxserver/mods:openssh-server-mod2`
+In SWAG docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:swag-cloudflare-real-ip`

-# Mod creation instructions
+If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:swag-cloudflare-real-ip|linuxserver/mods:swag-f2bdiscord`

-* Fork the repo, create a new branch based on the branch `template`.
-* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done.
-* Inspect the `root` folder contents. Edit, add and remove as necessary.
-* Edit this readme with pertinent info, delete these instructions.
-* Finally edit the `travis.yml`. Customize the build branch, and the vars for `BASEIMAGE` and `MODNAME`.
-* Ask the team to create a new branch named `<baseimagename>-<modname>`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch.
-* Submit PR against the branch created by the team.
+## Mod usage instructions
+
+The file gets placed in your persistant data, at `/config/nginx/cf_real-ip.conf`
+
+To enable nginx to read the ips from this file, you need the following in your nginx.conf:
+
+```nginx
+real_ip_header X-Forwarded-For;
+real_ip_recursive on;
+include /config/nginx/cf_real-ip.conf;
+```
+
+I also recommend including your docker-network as a valid ip `set_real_ip_from 172.17.0.0/16;` in the snippet above.
@@ -0,0 +1,10 @@
+#!/usr/bin/with-contenv bash
+# shellcheck shell=bash
+# shellcheck disable=SC2046
+
+printf "set_real_ip_from %b;\n" $({
+  curl -s "https://www.cloudflare.com/ips-v4" &
+  curl -s "https://www.cloudflare.com/ips-v6"
+}) >/config/nginx/cf_real-ip.conf
+
+chown abc:abc /config/nginx/cf_real-ip.conf
@@ -1,27 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-# Determine if setup is needed
-if [ ! -f /usr/local/lib/python***/dist-packages/sshuttle ] && \
-[ -f /usr/bin/apt ]; then
-  ## Ubuntu
-  apt-get update
-  apt-get install --no-install-recommends -y \
-    iptables \
-    openssh-client \
-    python3 \
-    python3-pip 
-  pip3 install sshuttle
-fi
-if [ ! -f /usr/lib/python***/site-packages/sshuttle ] && \
-[ -f /sbin/apk ]; then
-  # Alpine
-  apk add --no-cache \
-    iptables \
-    openssh \
-    py3-pip \
-    python3 
-  pip3 install sshuttle
-fi
-
-chown -R root:root /root
-chmod -R 600 /root/.ssh
@@ -1,3 +0,0 @@
-#!/usr/bin/with-contenv bash
-
-sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16