fix: #179 protect caddy admin port from an outside actors

ptah-sh · Sep 15, 2024 · 91df9f8 · 91df9f8
1 parent b051b65
commit 91df9f8
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 2 deletions.
diff --git a/app/Models/Service.php b/app/Models/Service.php
@@ -80,7 +80,7 @@ protected static function booted()
 
     protected function generateUniqueSlug($id)
     {
-        $slug = Str::slug($this->name);
+        $slug = Str::slug($this->name, '_');
         $vocabulary = config('ptah.services.slug.vocabulary');
         $adjectives = config('ptah.services.slug.adjectives');
 

diff --git a/scripts/self-hosted/core.sh b/scripts/self-hosted/core.sh
@@ -87,13 +87,21 @@ if [ -z "$SKIP_CORE_INSTALL" ]; then
     header "Install System Packages"
 
     $PKG_UPDATE_REGISTRIES
-    $PKG_INSTALL sudo curl unzip ca-certificates apache2-utils
+    $PKG_INSTALL sudo curl unzip ca-certificates apache2-utils netfilter-persistent
 
     header "Install Docker"
     help_text "installation script provided by Docker and available at https://get.docker.com/"
 
     curl -fsSL https://get.docker.com/ | sh
 
+    header "Configure Docker"
+    help_text "Adding Caddy admin port to iptables"
+
+    iptables -I DOCKER-USER -p tcp -s 127.0.0.1 --dport 2019 -j ACCEPT
+    iptables -I DOCKER-USER -p tcp --dport 2019 -j REJECT --reject-with tcp-reset
+
+    netfilter-persistent save
+
     rm -f /tmp/ptah-agent
 
     curl -L https://github.com/ptah-sh/ptah-agent/releases/latest/download/ptah-agent-linux-x86_64.bin -o /tmp/ptah-agent