From dcf59f634127c3895a460bb80d717b99eef86310 Mon Sep 17 00:00:00 2001
From: LEAN-ESX <coolsnowwolf@gmail.com>
Date: Wed, 16 Oct 2019 03:21:08 -0700
Subject: [PATCH] luci-app-docker: access docker container from WAN can be
 enabled/disabled

---
 package/lean/luci-app-docker/Makefile               |  2 +-
 .../luci-app-docker/luasrc/controller/docker.lua    |  2 +-
 .../luci-app-docker/luasrc/model/cbi/docker.lua     | 10 +++++-----
 package/lean/luci-app-docker/po/zh-cn/docker.po     |  4 ++--
 package/lean/luci-app-docker/root/etc/config/docker |  6 ------
 .../lean/luci-app-docker/root/etc/config/dockerd    |  4 ++++
 package/lean/luci-app-docker/root/etc/docker-pppoe  | 13 -------------
 .../lean/luci-app-docker/root/etc/init.d/dockerd    | 10 ++++++++--
 .../luci-app-docker/root/etc/uci-defaults/docker    |  7 +++++++
 9 files changed, 28 insertions(+), 30 deletions(-)
 delete mode 100644 package/lean/luci-app-docker/root/etc/config/docker
 create mode 100644 package/lean/luci-app-docker/root/etc/config/dockerd
 delete mode 100755 package/lean/luci-app-docker/root/etc/docker-pppoe

diff --git a/package/lean/luci-app-docker/Makefile b/package/lean/luci-app-docker/Makefile
index 7a1784fca..19ea282ed 100755
--- a/package/lean/luci-app-docker/Makefile
+++ b/package/lean/luci-app-docker/Makefile
@@ -10,7 +10,7 @@ LUCI_TITLE:=Luci for Docker-CE
 LUCI_DEPENDS:=+docker-ce
 LUCI_PKGARCH:=all
 PKG_VERSION:=1
-PKG_RELEASE:=7
+PKG_RELEASE:=8
 
 include $(TOPDIR)/feeds/luci/luci.mk
 
diff --git a/package/lean/luci-app-docker/luasrc/controller/docker.lua b/package/lean/luci-app-docker/luasrc/controller/docker.lua
index 46ef03ce2..93b8f6618 100644
--- a/package/lean/luci-app-docker/luasrc/controller/docker.lua
+++ b/package/lean/luci-app-docker/luasrc/controller/docker.lua
@@ -1,7 +1,7 @@
 module("luci.controller.docker", package.seeall)
 
 function index()
-	if not nixio.fs.access("/etc/config/docker") then
+	if not nixio.fs.access("/etc/config/dockerd") then
 		return
 	end
 	
diff --git a/package/lean/luci-app-docker/luasrc/model/cbi/docker.lua b/package/lean/luci-app-docker/luasrc/model/cbi/docker.lua
index e998670d8..750418b76 100644
--- a/package/lean/luci-app-docker/luasrc/model/cbi/docker.lua
+++ b/package/lean/luci-app-docker/luasrc/model/cbi/docker.lua
@@ -2,10 +2,10 @@ local running = (luci.sys.call("pidof portainer >/dev/null") == 0)
 local button = ""
 
 if running then
-	button = "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br /><br /><input type=\"button\" value=\" " .. translate("Open Portainer Docker Admin") .. " \" onclick=\"window.open('http://'+window.location.hostname+':" .. 9999 .. "')\"/>"
+	button = "&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<br /><br /><input type=\"button\" value=\" " .. translate("Open Portainer Docker Admin") .. " \" onclick=\"window.open('http://'+window.location.hostname+':" .. 9999 .. "')\"/><br />"
 end
 
-m = Map("docker", "Docker CE", translate("Docker is a set of platform-as-a-service (PaaS) products that use OS-level virtualization to deliver software in packages called containers."))
+m = Map("dockerd", "Docker CE", translate("Docker is a set of platform-as-a-service (PaaS) products that use OS-level virtualization to deliver software in packages called containers.") .. button)
 
 
 m:section(SimpleSection).template  = "docker/docker_status"
@@ -13,12 +13,12 @@ m:section(SimpleSection).template  = "docker/docker_status"
 s = m:section(TypedSection, "docker")
 s.anonymous = true
 
-wan_mode = s:option(Flag, "enabled", translate("Enable WAN access Dokcer"))
+wan_mode = s:option(Flag, "wan_mode", translate("Enable WAN access Dokcer"), translate("Enable WAN access docker mapped ports"))
 wan_mode.default = 0
 wan_mode.rmempty = false
-wan_mode.description = translate(("!") .. button)
 
-o = s:option(Button,"certificate",translate("Docker Readme First"))
+
+o = s:option(Button,"readme",translate("Docker Readme First"))
 o.inputtitle = translate("Download DockerReadme.pdf")
 o.description = translate("Please download DockerReadme.pdf to read when first-running")
 o.inputstyle = "reload"
diff --git a/package/lean/luci-app-docker/po/zh-cn/docker.po b/package/lean/luci-app-docker/po/zh-cn/docker.po
index c0b24e315..b95369aac 100644
--- a/package/lean/luci-app-docker/po/zh-cn/docker.po
+++ b/package/lean/luci-app-docker/po/zh-cn/docker.po
@@ -4,7 +4,7 @@ msgstr ""
 "Report-Msgid-Bugs-To: \n"
 "POT-Creation-Date: 2015-06-23 20:16+0800\n"
 "PO-Revision-Date: 2015-06-23 20:17+0800\n"
-"Last-Translator: 981213 <gch981213@gmail.com>\n"
+"Last-Translator: coolsnowwolf <coolsnowwolf@gmail.com>\n"
 "Language-Team: PandoraBox Team\n"
 "Language: zh_CN\n"
 "MIME-Version: 1.0\n"
@@ -27,7 +27,7 @@ msgid "Enable WAN access Dokcer"
 msgstr "允许 WAN 访问 Dokcer"
 
 msgid "Enable WAN access docker mapped ports"
-msgstr "允许 WAN 访问 Dokcer 映射后的端口（易受攻击，不推荐！）"
+msgstr "允许 WAN 访问 Dokcer 映射后的端口（易受攻击！）。<br /><br />推荐禁用该选项后，用系统防火墙选择性映射 172.17.0.X:XX 端口到 WAN"
 
 msgid "Docker Readme First"
 msgstr "Docker 初始化无脑配置教程"
diff --git a/package/lean/luci-app-docker/root/etc/config/docker b/package/lean/luci-app-docker/root/etc/config/docker
deleted file mode 100644
index 94d95300a..000000000
--- a/package/lean/luci-app-docker/root/etc/config/docker
+++ /dev/null
@@ -1,6 +0,0 @@
-
-config docker
-	option wan_mode '1'
-	option enable '1'
-	option enabled '0'
-
diff --git a/package/lean/luci-app-docker/root/etc/config/dockerd b/package/lean/luci-app-docker/root/etc/config/dockerd
new file mode 100644
index 000000000..b73c0a3e3
--- /dev/null
+++ b/package/lean/luci-app-docker/root/etc/config/dockerd
@@ -0,0 +1,4 @@
+
+config docker
+	option wan_mode '0'
+
diff --git a/package/lean/luci-app-docker/root/etc/docker-pppoe b/package/lean/luci-app-docker/root/etc/docker-pppoe
deleted file mode 100755
index a9989aada..000000000
--- a/package/lean/luci-app-docker/root/etc/docker-pppoe
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/sh
-
-sleep 10
-
-docker_ok=$(iptables -t filter -L FORWARD | grep DOCKER)
-
-while [ -z "$docker_ok" ]; do 
-  echo "DOCKER Chain not ready" && sleep 10
-  docker_ok=$(iptables -t filter -L FORWARD | grep DOCKER)
-done
-
-iptables -D FORWARD -i pppoe-wan -o docker0 -j DROP 2>/dev/null
-iptables -I FORWARD -i pppoe-wan -o docker0 -j DROP
diff --git a/package/lean/luci-app-docker/root/etc/init.d/dockerd b/package/lean/luci-app-docker/root/etc/init.d/dockerd
index 9a3d72f6c..5d6f36bf2 100755
--- a/package/lean/luci-app-docker/root/etc/init.d/dockerd
+++ b/package/lean/luci-app-docker/root/etc/init.d/dockerd
@@ -5,12 +5,18 @@ START=25
 
 start_service() {
 	local nofile=$(cat /proc/sys/fs/nr_open)
+	local wanmode=$(uci get dockerd.@docker[0].wan_mode)
+	
+	if [ $wanmode = "1" ] ;then
+	dockerwan=" "
+	else
+	dockerwan="--iptables=false"
+  fi
 
 	procd_open_instance
 	procd_set_param stderr 1
-	procd_set_param command /usr/bin/dockerd
+	procd_set_param command /usr/bin/dockerd $dockerwan
 	procd_set_param limits nofile="${nofile} ${nofile}"
 	procd_close_instance
 	
-	/etc/docker-pppoe &>/dev/null &
 }
diff --git a/package/lean/luci-app-docker/root/etc/uci-defaults/docker b/package/lean/luci-app-docker/root/etc/uci-defaults/docker
index d7bfee271..e03f47783 100755
--- a/package/lean/luci-app-docker/root/etc/uci-defaults/docker
+++ b/package/lean/luci-app-docker/root/etc/uci-defaults/docker
@@ -1,4 +1,11 @@
 #!/bin/sh
 
+uci -q batch <<-EOF >/dev/null
+	delete ucitrack.@dockerd[-1]
+	add ucitrack dockerd
+	set ucitrack.@dockerd[-1].init=dockerd
+	commit ucitrack
+EOF
+
 rm -f /tmp/luci-indexcache
 exit 0