luci-app-docker: access docker container from WAN can be enabled/disabled

2025-04-19 03:43:29 +00:00 · 2019-10-16 03:21:08 -07:00 · 2019-10-16 03:21:08 -07:00 · dcf59f6341
commit dcf59f6341
parent eed55e8a0f
9 changed files with 28 additions and 30 deletions
--- a/package/lean/luci-app-docker/Makefile
+++ b/package/lean/luci-app-docker/Makefile
@ -10,7 +10,7 @@ LUCI_TITLE:=Luci for Docker-CE
 LUCI_DEPENDS:=+docker-ce
 LUCI_PKGARCH:=all
 PKG_VERSION:=1
-PKG_RELEASE:=7
+PKG_RELEASE:=8

 include $(TOPDIR)/feeds/luci/luci.mk

--- a/package/lean/luci-app-docker/luasrc/controller/docker.lua
+++ b/package/lean/luci-app-docker/luasrc/controller/docker.lua
@ -1,7 +1,7 @@
 module("luci.controller.docker", package.seeall)

 function index()
-	if not nixio.fs.access("/etc/config/docker") then
+	if not nixio.fs.access("/etc/config/dockerd") then
 		return
 	end
 	
--- a/package/lean/luci-app-docker/luasrc/model/cbi/docker.lua
+++ b/package/lean/luci-app-docker/luasrc/model/cbi/docker.lua
@ -2,10 +2,10 @@ local running = (luci.sys.call("pidof portainer >/dev/null") == 0)
 local button = ""

 if running then
-	button = "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br /><br /><input type=\"button\" value=\" " .. translate("Open Portainer Docker Admin") .. " \" onclick=\"window.open('http://'+window.location.hostname+':" .. 9999 .. "')\"/>"
+	button = "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br /><br /><input type=\"button\" value=\" " .. translate("Open Portainer Docker Admin") .. " \" onclick=\"window.open('http://'+window.location.hostname+':" .. 9999 .. "')\"/><br />"
 end

-m = Map("docker", "Docker CE", translate("Docker is a set of platform-as-a-service (PaaS) products that use OS-level virtualization to deliver software in packages called containers."))
+m = Map("dockerd", "Docker CE", translate("Docker is a set of platform-as-a-service (PaaS) products that use OS-level virtualization to deliver software in packages called containers.") .. button)


 m:section(SimpleSection).template  = "docker/docker_status"
@ -13,12 +13,12 @@ m:section(SimpleSection).template  = "docker/docker_status"
 s = m:section(TypedSection, "docker")
 s.anonymous = true

-wan_mode = s:option(Flag, "enabled", translate("Enable WAN access Dokcer"))
+wan_mode = s:option(Flag, "wan_mode", translate("Enable WAN access Dokcer"), translate("Enable WAN access docker mapped ports"))
 wan_mode.default = 0
 wan_mode.rmempty = false
-wan_mode.description = translate(("!") .. button)

-o = s:option(Button,"certificate",translate("Docker Readme First"))
+
+o = s:option(Button,"readme",translate("Docker Readme First"))
 o.inputtitle = translate("Download DockerReadme.pdf")
 o.description = translate("Please download DockerReadme.pdf to read when first-running")
 o.inputstyle = "reload"
--- a/package/lean/luci-app-docker/po/zh-cn/docker.po
+++ b/package/lean/luci-app-docker/po/zh-cn/docker.po
@ -4,7 +4,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2015-06-23 20:16+0800\n"
 "PO-Revision-Date: 2015-06-23 20:17+0800\n"
-"Last-Translator: 981213 <gch981213@gmail.com>\n"
+"Last-Translator: coolsnowwolf <coolsnowwolf@gmail.com>\n"
 "Language-Team: PandoraBox Team\n"
 "Language: zh_CN\n"
 "MIME-Version: 1.0\n"
@ -27,7 +27,7 @@ msgid "Enable WAN access Dokcer"
 msgstr "允许 WAN 访问 Dokcer"

 msgid "Enable WAN access docker mapped ports"
-msgstr "允许 WAN 访问 Dokcer 映射后的端口（易受攻击，不推荐！）"
+msgstr "允许 WAN 访问 Dokcer 映射后的端口（易受攻击！）。<br /><br />推荐禁用该选项后，用系统防火墙选择性映射 172.17.0.X:XX 端口到 WAN"

 msgid "Docker Readme First"
 msgstr "Docker 初始化无脑配置教程"
--- a/package/lean/luci-app-docker/root/etc/config/docker
+++ b/package/lean/luci-app-docker/root/etc/config/docker
@ -1,6 +0,0 @@
-
-config docker
-	option wan_mode '1'
-	option enable '1'
-	option enabled '0'
-
--- a/package/lean/luci-app-docker/root/etc/config/dockerd
+++ b/package/lean/luci-app-docker/root/etc/config/dockerd
@ -0,0 +1,4 @@
+
+config docker
+	option wan_mode '0'
+
--- a/package/lean/luci-app-docker/root/etc/docker-pppoe
+++ b/package/lean/luci-app-docker/root/etc/docker-pppoe
@ -1,13 +0,0 @@
-#!/bin/sh
-
-sleep 10
-
-docker_ok=$(iptables -t filter -L FORWARD | grep DOCKER)
-
-while [ -z "$docker_ok" ]; do 
-  echo "DOCKER Chain not ready" && sleep 10
-  docker_ok=$(iptables -t filter -L FORWARD | grep DOCKER)
-done
-
-iptables -D FORWARD -i pppoe-wan -o docker0 -j DROP 2>/dev/null
-iptables -I FORWARD -i pppoe-wan -o docker0 -j DROP
--- a/package/lean/luci-app-docker/root/etc/init.d/dockerd
+++ b/package/lean/luci-app-docker/root/etc/init.d/dockerd
@ -5,12 +5,18 @@ START=25

 start_service() {
 	local nofile=$(cat /proc/sys/fs/nr_open)
+	local wanmode=$(uci get dockerd.@docker[0].wan_mode)
+	
+	if [ $wanmode = "1" ] ;then
+	dockerwan=" "
+	else
+	dockerwan="--iptables=false"
+  fi

 	procd_open_instance
 	procd_set_param stderr 1
-	procd_set_param command /usr/bin/dockerd
+	procd_set_param command /usr/bin/dockerd $dockerwan
 	procd_set_param limits nofile="${nofile} ${nofile}"
 	procd_close_instance
 	
-	/etc/docker-pppoe &>/dev/null &
 }
--- a/package/lean/luci-app-docker/root/etc/uci-defaults/docker
+++ b/package/lean/luci-app-docker/root/etc/uci-defaults/docker
@ -1,4 +1,11 @@
 #!/bin/sh

+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@dockerd[-1]
+	add ucitrack dockerd
+	set ucitrack.@dockerd[-1].init=dockerd
+	commit ucitrack
+EOF
+
 rm -f /tmp/luci-indexcache
 exit 0