fix: #179 protect caddy admin port from an outside actors

bohdan-shulha · bohdan-shulha · commit 91df9f8b6929 · 2024-09-15T16:36:36.000+02:00
diff --git a/app/Models/Service.php b/app/Models/Service.php
@@ -80,7 +80,7 @@ protected static function booted()
 
     protected function generateUniqueSlug($id)
     {
-        $slug = Str::slug($this->name);
+        $slug = Str::slug($this->name, '_');
         $vocabulary = config('ptah.services.slug.vocabulary');
         $adjectives = config('ptah.services.slug.adjectives');
 
diff --git a/scripts/self-hosted/core.sh b/scripts/self-hosted/core.sh
@@ -87,13 +87,21 @@ if [ -z "$SKIP_CORE_INSTALL" ]; then
     header "Install System Packages"
 
     $PKG_UPDATE_REGISTRIES
-    $PKG_INSTALL sudo curl unzip ca-certificates apache2-utils
+    $PKG_INSTALL sudo curl unzip ca-certificates apache2-utils netfilter-persistent
 
     header "Install Docker"
     help_text "installation script provided by Docker and available at https://get.docker.com/"
 
     curl -fsSL https://get.docker.com/ | sh
 
+    header "Configure Docker"
+    help_text "Adding Caddy admin port to iptables"
+
+    iptables -I DOCKER-USER -p tcp -s 127.0.0.1 --dport 2019 -j ACCEPT
+    iptables -I DOCKER-USER -p tcp --dport 2019 -j REJECT --reject-with tcp-reset
+
+    netfilter-persistent save
+
     rm -f /tmp/ptah-agent
     
     curl -L https://github.com/ptah-sh/ptah-agent/releases/latest/download/ptah-agent-linux-x86_64.bin -o /tmp/ptah-agent

Original file line number	Diff line number	Diff line change
`@@ -80,7 +80,7 @@ protected static function booted()`
`80`	`80`
`81`	`81`	`protected function generateUniqueSlug($id)`
`82`	`82`	`{`
`83`		`- $slug = Str::slug($this->name);`
	`83`	`+ $slug = Str::slug($this->name, '_');`
`84`	`84`	`$vocabulary = config('ptah.services.slug.vocabulary');`
`85`	`85`	`$adjectives = config('ptah.services.slug.adjectives');`
`86`	`86`