add configurable firewall host IP for firewall command generation
This commit is contained in:
parent
340f8e5bef
commit
f57d2fc6be
4 changed files with 28 additions and 1 deletions
|
|
@ -8,3 +8,7 @@ ENCRYPTION_KEY=CHANGE_ME_TO_A_VALID_FERNET_KEY
|
|||
|
||||
# The local port that the web interface will bind to
|
||||
WEB_PORT=8814
|
||||
|
||||
# Optional: The IP address or hostname of this Docker host to show in the Firewall Helper.
|
||||
# If not set, the hostname used to access the web interface will be used.
|
||||
# FIREWALL_HOST_IP=192.168.1.100
|
||||
|
|
|
|||
|
|
@ -12,4 +12,5 @@ services:
|
|||
- WEB_PASSWORD=${WEB_PASSWORD:-admin}
|
||||
# Generate a secure key using: python -c "from cryptography.fernet import Fernet; print(Fernet.generate_key().decode())"
|
||||
- ENCRYPTION_KEY=${ENCRYPTION_KEY:-CHANGE_ME_TO_A_VALID_FERNET_KEY}
|
||||
- FIREWALL_HOST_IP=${FIREWALL_HOST_IP:-}
|
||||
restart: unless-stopped
|
||||
|
|
|
|||
5
main.py
5
main.py
|
|
@ -15,6 +15,7 @@ from cryptography.fernet import Fernet
|
|||
|
||||
WEB_PASSWORD = os.getenv("WEB_PASSWORD", "admin")
|
||||
ENCRYPTION_KEY = os.getenv("ENCRYPTION_KEY")
|
||||
FIREWALL_HOST_IP = os.getenv("FIREWALL_HOST_IP")
|
||||
DB_PATH = "data/instances.db"
|
||||
|
||||
if not ENCRYPTION_KEY or ENCRYPTION_KEY == "CHANGE_ME_TO_A_VALID_FERNET_KEY":
|
||||
|
|
@ -166,6 +167,10 @@ def create_instance(inst: InstanceCreate):
|
|||
conn.close()
|
||||
return {"status": "ok"}
|
||||
|
||||
@app.get("/api/config")
|
||||
def get_config():
|
||||
return {"firewall_host_ip": FIREWALL_HOST_IP}
|
||||
|
||||
@app.delete("/api/instances/{id}")
|
||||
def delete_instance(id: int):
|
||||
conn = sqlite3.connect(DB_PATH)
|
||||
|
|
|
|||
|
|
@ -6,14 +6,31 @@ document.addEventListener('DOMContentLoaded', () => {
|
|||
const ufwCmd = document.getElementById('ufw-cmd');
|
||||
const iptablesCmd = document.getElementById('iptables-cmd');
|
||||
|
||||
let config = { firewall_host_ip: null };
|
||||
|
||||
const updateFirewallCmds = () => {
|
||||
const port = portInput.value || '4646';
|
||||
const hostIp = window.location.hostname;
|
||||
const hostIp = config.firewall_host_ip || window.location.hostname;
|
||||
ufwCmd.textContent = `sudo ufw allow from ${hostIp} to any port ${port} proto tcp`;
|
||||
iptablesCmd.textContent = `sudo iptables -I INPUT -p tcp -s ${hostIp} --dport ${port} -j ACCEPT`;
|
||||
};
|
||||
|
||||
const fetchConfig = async () => {
|
||||
try {
|
||||
const res = await fetch('/api/config');
|
||||
if (res.ok) {
|
||||
config = await res.json();
|
||||
updateFirewallCmds();
|
||||
}
|
||||
} catch (e) {
|
||||
console.error('Failed to fetch config:', e);
|
||||
}
|
||||
};
|
||||
|
||||
portInput.addEventListener('input', updateFirewallCmds);
|
||||
|
||||
// Initial fetch of config and instances
|
||||
fetchConfig();
|
||||
updateFirewallCmds();
|
||||
|
||||
const fetchInstances = async () => {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue