From afcc5a19aaa585681803520d850bce35473fc52b Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 24 Oct 2020 13:12:50 -0500 Subject: [PATCH 1/3] Replace Travis with GHA --- .github/workflows/BuildImage.yml | 30 +++++++++++++++++++++++++++ .travis.yml | 35 -------------------------------- README.md | 2 +- 3 files changed, 31 insertions(+), 36 deletions(-) create mode 100644 .github/workflows/BuildImage.yml delete mode 100644 .travis.yml diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml new file mode 100644 index 0000000..7758aa8 --- /dev/null +++ b/.github/workflows/BuildImage.yml @@ -0,0 +1,30 @@ +name: Build Image + +on: [push, pull_request, workflow_dispatch] + +jobs: + build: + env: + DOCKERHUB: "linuxserver/mods" #don't modify + BASEIMAGE: "baseimagename" #replace + MODNAME: "modname" #replace + + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2.3.3 + + - name: Build image + id: build + run: | + docker build --no-cache -t ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} . + + - name: Push image + if: ${{ github.ref == format('refs/heads/{0}-{1}', env.BASEIMAGE, env.MODNAME) }} + run: | + # Tag image + docker tag ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} ${DOCKERHUB}:${BASEIMAGE}-${MODNAME} + # Login to DockerHub + echo ${{ secrets.DOCKERPASS }} | docker login -u ${{ secrets.DOCKERUSER }} --password-stdin + # Push all of the tags + docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${{ github.sha }} + docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME} diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index e6e5b1f..0000000 --- a/.travis.yml +++ /dev/null @@ -1,35 +0,0 @@ -os: linux - -language: shell - -branches: - only: - - - #replace variables, omit brackets - -services: - - docker - -env: - global: - - DOCKERHUB="linuxserver/mods" #don't modify - - BASEIMAGE="baseimagename" #replace - - MODNAME="modname" #replace - -jobs: - include: - - stage: PR-BuildImage - if: (type IN (pull_request)) - script: - # Build image - - docker build --no-cache -t ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} . - - stage: BuildImage - if: (NOT (type IN (pull_request))) - script: - # Build image - - docker build --no-cache -t ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} . - - docker tag ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} ${DOCKERHUB}:${BASEIMAGE}-${MODNAME} - # Login to DockerHub - - echo $DOCKERPASS | docker login -u $DOCKERUSER --password-stdin - # Push all of the tags - - docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME}-${TRAVIS_COMMIT} - - docker push ${DOCKERHUB}:${BASEIMAGE}-${MODNAME} \ No newline at end of file diff --git a/README.md b/README.md index 62f203f..5636dec 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,6 @@ If adding multiple mods, enter them in an array separated by `|`, such as `DOCKE * Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done. * Inspect the `root` folder contents. Edit, add and remove as necessary. * Edit this readme with pertinent info, delete these instructions. -* Finally edit the `travis.yml`. Customize the build branch, and the vars for `BASEIMAGE` and `MODNAME`. +* Finally edit the `.github/workflows/BuildImage.yml`. Customize the build branch, and the vars for `BASEIMAGE` and `MODNAME`. * Ask the team to create a new branch named `-`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch. * Submit PR against the branch created by the team. From e4b7592115a9ede1f6ef59d7a02d7c608ffb9fba Mon Sep 17 00:00:00 2001 From: Roxedus Date: Mon, 26 Oct 2020 00:11:39 +0100 Subject: [PATCH 2/3] swag:cloudflare-real-ip Init push --- .github/workflows/BuildImage.yml | 4 ++-- Dockerfile | 2 +- Dockerfile.complex | 23 ----------------------- README.md | 30 ++++++++++++++++++------------ root/etc/cont-init.d/98-cloudflare | 10 ++++++++++ root/etc/cont-init.d/98-vpn-config | 27 --------------------------- root/etc/services.d/sshvpn/run | 3 --- 7 files changed, 31 insertions(+), 68 deletions(-) delete mode 100644 Dockerfile.complex create mode 100644 root/etc/cont-init.d/98-cloudflare delete mode 100644 root/etc/cont-init.d/98-vpn-config delete mode 100644 root/etc/services.d/sshvpn/run diff --git a/.github/workflows/BuildImage.yml b/.github/workflows/BuildImage.yml index 7758aa8..8d4be26 100644 --- a/.github/workflows/BuildImage.yml +++ b/.github/workflows/BuildImage.yml @@ -6,8 +6,8 @@ jobs: build: env: DOCKERHUB: "linuxserver/mods" #don't modify - BASEIMAGE: "baseimagename" #replace - MODNAME: "modname" #replace + BASEIMAGE: "swag" #replace + MODNAME: "cloudflare-real-ip" #replace runs-on: ubuntu-latest steps: diff --git a/Dockerfile b/Dockerfile index 4ece5e8..ac89b65 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM scratch -LABEL maintainer="username" +LABEL maintaner="Roxedus" # copy local files COPY root/ / diff --git a/Dockerfile.complex b/Dockerfile.complex deleted file mode 100644 index bc97902..0000000 --- a/Dockerfile.complex +++ /dev/null @@ -1,23 +0,0 @@ -## Buildstage ## -FROM lsiobase/alpine:3.12 as buildstage - -RUN \ - echo "**** install packages ****" && \ - apk add --no-cache \ - curl && \ - echo "**** grab rclone ****" && \ - mkdir -p /root-layer && \ - curl -o \ - /root-layer/rclone.deb -L \ - "https://downloads.rclone.org/v1.47.0/rclone-v1.47.0-linux-amd64.deb" - -# copy local files -COPY root/ /root-layer/ - -## Single layer deployed image ## -FROM scratch - -LABEL maintainer="username" - -# Add files from buildstage -COPY --from=buildstage /root-layer/ / diff --git a/README.md b/README.md index 5636dec..baa64f8 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,23 @@ -# Rsync - Docker mod for openssh-server +# cloudflare_real-ip - Docker mod for SWAG -This mod adds rsync to openssh-server, to be installed/updated during container start. +This mod adds a startup scipt that gets the IP's from Cloudflares edge servers, and formats them in a format Nginx can use with `set_real_ip_from`. -In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync` +It reads this [list for IPv4](https://www.cloudflare.com/ips-v4), and this [list for IPV6](https://www.cloudflare.com/ips-v6). -If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-rsync|linuxserver/mods:openssh-server-mod2` +In SWAG docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:swag-cloudflare-real-ip` -# Mod creation instructions +If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:swag-cloudflare-real-ip|linuxserver/mods:swag-f2bdiscord` -* Fork the repo, create a new branch based on the branch `template`. -* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done. -* Inspect the `root` folder contents. Edit, add and remove as necessary. -* Edit this readme with pertinent info, delete these instructions. -* Finally edit the `.github/workflows/BuildImage.yml`. Customize the build branch, and the vars for `BASEIMAGE` and `MODNAME`. -* Ask the team to create a new branch named `-`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch. -* Submit PR against the branch created by the team. +## Mod usage instructions + +The file gets placed in your persistant data, at `/config/nginx/cf_real-ip.conf` + +To enable nginx to read the ips from this file, you need the following in your nginx.conf: + +```nginx +real_ip_header X-Forwarded-For; +real_ip_recursive on; +include /config/nginx/cf_real-ip.conf; +``` + +I also recommend including your docker-network as a valid ip `set_real_ip_from 172.17.0.0/16;` in the snippet above. diff --git a/root/etc/cont-init.d/98-cloudflare b/root/etc/cont-init.d/98-cloudflare new file mode 100644 index 0000000..6f0ecba --- /dev/null +++ b/root/etc/cont-init.d/98-cloudflare @@ -0,0 +1,10 @@ +#!/usr/bin/with-contenv bash +# shellcheck shell=bash +# shellcheck disable=SC2046 + +printf "set_real_ip_from %b;\n" $({ + curl -s "https://www.cloudflare.com/ips-v4" & + curl -s "https://www.cloudflare.com/ips-v6" +}) >/config/nginx/cf_real-ip.conf + +chown abc:abc /config/nginx/cf_real-ip.conf diff --git a/root/etc/cont-init.d/98-vpn-config b/root/etc/cont-init.d/98-vpn-config deleted file mode 100644 index a5f9127..0000000 --- a/root/etc/cont-init.d/98-vpn-config +++ /dev/null @@ -1,27 +0,0 @@ -#!/usr/bin/with-contenv bash - -# Determine if setup is needed -if [ ! -f /usr/local/lib/python***/dist-packages/sshuttle ] && \ -[ -f /usr/bin/apt ]; then - ## Ubuntu - apt-get update - apt-get install --no-install-recommends -y \ - iptables \ - openssh-client \ - python3 \ - python3-pip - pip3 install sshuttle -fi -if [ ! -f /usr/lib/python***/site-packages/sshuttle ] && \ -[ -f /sbin/apk ]; then - # Alpine - apk add --no-cache \ - iptables \ - openssh \ - py3-pip \ - python3 - pip3 install sshuttle -fi - -chown -R root:root /root -chmod -R 600 /root/.ssh diff --git a/root/etc/services.d/sshvpn/run b/root/etc/services.d/sshvpn/run deleted file mode 100644 index 7d49e79..0000000 --- a/root/etc/services.d/sshvpn/run +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/with-contenv bash - -sshuttle --dns --remote root@${HOST}:${PORT} 0/0 -x 172.17.0.0/16 From fd476f50c3ab5ce8d5e5f9aaaba666b1b79b85e2 Mon Sep 17 00:00:00 2001 From: Roxedus Date: Mon, 26 Oct 2020 00:38:25 +0100 Subject: [PATCH 3/3] swag:cloudflare-real-ip Updates after review --- Dockerfile | 2 +- root/etc/cont-init.d/{98-cloudflare => 98-cloudflare-real-ip} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename root/etc/cont-init.d/{98-cloudflare => 98-cloudflare-real-ip} (100%) diff --git a/Dockerfile b/Dockerfile index ac89b65..e44fce6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM scratch -LABEL maintaner="Roxedus" +LABEL maintainer="Roxedus" # copy local files COPY root/ / diff --git a/root/etc/cont-init.d/98-cloudflare b/root/etc/cont-init.d/98-cloudflare-real-ip similarity index 100% rename from root/etc/cont-init.d/98-cloudflare rename to root/etc/cont-init.d/98-cloudflare-real-ip