Cadoles/eole-gitea
20
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

Correction des problèmes iptables sur eolebase

Browse Source
This commit is contained in:
Philippe Caseiro 2016-03-02 14:21:05 +01:00
parent fe1e87c363
commit f2a2bd15fd
2 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
dicos/50_gogs.xml
View File

@ -57,6 +57,7 @@
<variable name='git_domain' type='string' description='Domaine git ... fixme ...' mode='expert'> <variable name='git_domain' type='string' description='Domaine git ... fixme ...' mode='expert'>
<value>localhost</value> <value>localhost</value>
</variable> </variable>
<variable name='gogs_nginx' type='oui/non' hidden='True'/>
</family> </family>
</variables> </variables>
<constraints> <constraints>
@ -68,16 +69,24 @@
<param>non</param> <param>non</param>
<target type='filelist'>gogs</target> <target type='filelist'>gogs</target>
<target type='filelist'>gogs-nginx</target> <target type='filelist'>gogs-nginx</target>
<target type='servicelist'>gogs</target> <target type='servicelist'>gogs</target>
<target type='family'>forge</target> <target type='family'>forge</target>
<target type='service_accesslist'>gogs_ssh</target> <target type='service_accesslist'>gogs_ssh</target>
</condition> </condition>
<condition name='disabled_if_in' source='activer_revprox' fallback='True'> <fill name='calc_multi_condition' target='gogs_nginx'>
<param>oui</param>
<param name="operator">OR</param>
<param type="eole" name="condition_1" optional="True">activer_revprox</param>
<param name="condition_2">non</param>
<param name='match'>oui</param>
<param name='mismatch'>non</param>
</fill>
<condition name='disabled_if_in' source='gogs_nginx'>
<param>non</param> <param>non</param>
<target type='filelist'>gogs-nginx</target> <target type='filelist'>gogs-nginx</target>
<target type='service_accesslist'>gogs_with_nginx</target> <target type='service_accesslist'>gogs_with_nginx</target>
</condition> </condition>
<condition name='disabled_if_in' source='activer_revprox' fallback='True'> <condition name='disabled_if_in' source='gogs_nginx'>
<param>oui</param> <param>oui</param>
<target type='service_accesslist'>gogs_without_nginx</target> <target type='service_accesslist'>gogs_without_nginx</target>
</condition> </condition>

2
tmpl/51-gogs-nat_rules
View File

@ -3,7 +3,7 @@
# #
# Rules for SSH git clone # Rules for SSH git clone
# #
/sbin/iptables -A eth0-cont -d 192.0.2.101/32 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
%if %%getVar('mode_conteneur_actif','non') == 'oui' %if %%getVar('mode_conteneur_actif','non') == 'oui'
/sbin/iptables -A eth0-cont -d %%adresse_ip_forge/32 -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
/sbin/iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp --syn --dport %%git_ssh_port -j DNAT --to-destination %%container_ip_forge:22 /sbin/iptables -t nat -A PREROUTING -i eth0 -s 0/0 -p tcp --syn --dport %%git_ssh_port -j DNAT --to-destination %%container_ip_forge:22
%end if %end if