linuxserver
diff --git a/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion b/‎Dockerfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Dockerfile.complex‎
Lines changed: 0 additions & 33 deletions b/‎Dockerfile.complex‎
Lines changed: 0 additions & 33 deletions
diff --git a/‎README.md‎
Lines changed: 63 additions & 18 deletions b/‎README.md‎
Lines changed: 63 additions & 18 deletions
diff --git a/‎app/swag-ondemand.py‎
Lines changed: 105 additions & 0 deletions b/‎app/swag-ondemand.py‎
Lines changed: 105 additions & 0 deletions
diff --git a/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-add-package/run‎
Lines changed: 0 additions & 30 deletions b/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-add-package/run‎
Lines changed: 0 additions & 30 deletions
diff --git a/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-add-package/up‎
Lines changed: 0 additions & 1 deletion b/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-add-package/up‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-install/run‎
Lines changed: 0 additions & 8 deletions b/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-install/run‎
Lines changed: 0 additions & 8 deletions
diff --git a/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-install/type‎
Lines changed: 0 additions & 1 deletion b/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-install/type‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-install/up‎
Lines changed: 0 additions & 1 deletion b/‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-install/up‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎…ame-add-package/dependencies.d/init-mods‎ ‎…encies.d/init-mod-universal-docker-setup‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-add-package/dependencies.d/init-mods renamed to root/etc/s6-overlay/s6-rc.d/init-mod-swag-ondemand-setup/dependencies.d/init-mod-universal-docker-setup b/‎…ame-add-package/dependencies.d/init-mods‎ ‎…encies.d/init-mod-universal-docker-setup‎root/etc/s6-overlay/s6-rc.d/init-mod-imagename-modname-add-package/dependencies.d/init-mods renamed to root/etc/s6-overlay/s6-rc.d/init-mod-swag-ondemand-setup/dependencies.d/init-mod-universal-docker-setup
@@ -2,7 +2,7 @@
 
 FROM scratch
 
-LABEL maintainer="username"
+LABEL maintainer="quietsy"
 
 # copy local files
 COPY root/ /
@@ -1,25 +1,70 @@
-# Rsync - Docker mod for openssh-server
+# On-demand - Docker mod for SWAG
 
-This mod adds rsync to openssh-server, to be installed/updated during container start.
+This mod gives SWAG the ability to start containers on-demand when accessed through SWAG and stop them after a period of inactivity. It takes a few seconds for containers to start on-demand, you'll need to refresh the tab.
 
-In openssh-server docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:openssh-server-rsync`
+## Requirements:
+- This mod needs the [universal-docker mod](https://github.com/linuxserver/docker-mods/tree/universal-docker) installed and set up with either mapping `docker.sock` or setting the environment variable `DOCKER_HOST=remoteaddress`.
+- On-demand containers must have a label `swag_ondemand=enable` at a minimum.
 
-If adding multiple mods, enter them in an array separated by `|`, such as `DOCKER_MODS=linuxserver/mods:openssh-server-rsync|linuxserver/mods:openssh-server-mod2`
+## Setup:
+- In SWAG's docker arguments, set an environment variable `DOCKER_MODS=linuxserver/mods:universal-docker|linuxserver/mods:swag-ondemand` and either add a volume mapping for `/var/run/docker.sock:/var/run/docker.sock:ro`, or set an environment var `DOCKER_HOST=remoteaddress` (read the security considerations below).
+- Add the label `swag_ondemand=enable` to on-demand containers.
+    ```yaml
+    somecontainer:
+        container_name: somecontainer
+        ...
+        labels:
+            - swag_ondemand=enable
+    ```
+- Replace the following line in `/config/nginx/nginx.conf`:
+    ```nginx
+    access_log /config/log/nginx/access.log;
+    ```
+    With:
+    ```nginx
+    log_format main '$remote_addr - $remote_user [$time_local] '
+                    '"$request_method $scheme://$host$request_uri $server_protocol" '
+                    '$status $body_bytes_sent '
+                    '"$http_referer" "$http_user_agent"';
+    access_log /config/log/nginx/access.log main;
+    ```
+- *Optional* - In SWAG's docker arguments, set an environment variable `SWAG_ONDEMAND_STOP_THRESHOLD` to override the period of inactivity in seconds before stopping the container. Defaults to `1800` which is 30 minutes.
+    ```yaml
+    swag:
+        container_name: swag
+        ...
+        environment:
+            - SWAG_ONDEMAND_STOP_THRESHOLD=1800
+    ```
 
-# Mod creation instructions
+## Labels:
+- `swag_ondemand=enable` - required for on-demand.
+- `swag_ondemand_urls=https://wake.domain.com,https://app.domain.com/up` - *optional* - overrides the monitored URLs for starting the container on-demand. Defaults to `https://somecontainer.,http://somecontainer.`.
 
-* Fork the repo, create a new branch based on the branch `template`.
-* Edit the `Dockerfile` for the mod. `Dockerfile.complex` is only an example and included for reference; it should be deleted when done.
-* Inspect the `root` folder contents. Edit, add and remove as necessary.
-* After all init scripts and services are created, run `find ./  -path "./.git" -prune -o \( -name "run" -o -name "finish" -o -name "check" \) -not -perm -u=x,g=x,o=x -print -exec chmod +x {} +` to fix permissions.
-* Edit this readme with pertinent info, delete these instructions.
-* Finally edit the `.github/workflows/BuildImage.yml`. Customize the vars for `BASEIMAGE` and `MODNAME`. Set the versioning logic and `MULTI_ARCH` if needed.
-* Ask the team to create a new branch named `<baseimagename>-<modname>`. Baseimage should be the name of the image the mod will be applied to. The new branch will be based on the `template` branch.
-* Submit PR against the branch created by the team.
+## URLs:
+- Accessed URLs need to start with one of `swag_ondemand_urls` to be matched, for example, setting `https://plex.` will apply to `https://plex.domain.com` and `https://plex.domain.com/something`.
+- `swag_ondemand_urls` default to `https://somecontainer.,http://somecontainer.`, for example `https://plex.,http://plex.`.
+- `swag_ondemand_urls` don't need to be valid, it will work as long as it reaches swag and gets logged by nginx under `/config/log/nginx/access.log`.
+- The same URL can be set on multiple containers and all of them will be started when accessing that URL.
 
+## Security Consideration:
+Mapping the `docker.sock`, especially in a publicly accessible container is a security liability. Since this mod only needs read-only access to the docker api, the recommended method is to proxy the `docker.sock` via a solution like [our docker socket proxy](https://github.com/linuxserver/docker-socket-proxy), limit the access, and set `DOCKER_HOST=` to point to the proxy address.
 
-## Tips and tricks
-
-* Some images have helpers built in, these images are currently:
-    * [Openvscode-server](https://github.com/linuxserver/docker-openvscode-server/pull/10/files)
-    * [Code-server](https://github.com/linuxserver/docker-code-server/pull/95)
+Here's a sample compose yaml snippet for linuxserver/docker-socket-proxy:
+```yaml
+  socket-proxy:
+    image: lscr.io/linuxserver/socket-proxy:latest
+    container_name: socket-proxy
+    environment:
+      - ALLOW_START=1
+      - ALLOW_STOP=1
+      - CONTAINERS=1
+      - POST=1
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    restart: unless-stopped
+    read_only: true
+    tmpfs:
+      - /run
+```
+Then the env var in SWAG can be set as `DOCKER_HOST=socket-proxy`. This will allow docker cli in SWAG to be able to retrieve info on other containers, but it won't be allowed to spin up new containers.
@@ -0,0 +1,105 @@
+from datetime import datetime
+import docker
+import os
+import threading
+import time
+
+last_accessed_urls = set()
+last_accessed_urls_lock = threading.Lock()
+ondemand_containers = {}
+ondemand_containers_lock = threading.Lock()
+stop_threshold = int(os.environ.get("SWAG_ONDEMAND_STOP_THRESHOLD", "1800"))
+
+class ContainerThread(threading.Thread):
+    def process_containers(self, docker_client):
+        global ondemand_containers
+        containers = docker_client.containers.list(all=True, filters={ "label": ["swag_ondemand=enable"] })
+        container_names = {container.name for container in containers}
+        
+        for container_name in list(ondemand_containers.keys()):
+            if container_name in container_names:
+                continue
+            ondemand_containers.pop(container_name)
+            print(f"{datetime.now()} - Stopped monitoring {container_name}")
+        
+        for container in containers:
+            container_urls = container.labels.get("swag_ondemand_urls", f"https://{container.name}.,http://{container.name}.")
+            if container.name not in ondemand_containers.keys():
+                last_accessed = datetime.now()
+                print(f"{datetime.now()} - Started monitoring {container.name}")
+            else:
+                last_accessed = ondemand_containers[container.name]["last_accessed"]
+            ondemand_containers[container.name] = { "status": container.status, "urls": container_urls, "last_accessed": last_accessed }
+
+    def stop_containers(self, docker_client):
+        global ondemand_containers
+        
+        for container_name in ondemand_containers.keys():
+            if ondemand_containers[container_name]["status"] != "running":
+                continue
+            inactive_seconds = (datetime.now() - ondemand_containers[container_name]["last_accessed"]).total_seconds()
+            if inactive_seconds < stop_threshold:
+                continue
+            docker_client.containers.get(container_name).stop()
+            print(f"{datetime.now()} - Stopped {container_name} after {stop_threshold}s of inactivity")
+    
+    def start_containers(self, docker_client):
+        global ondemand_containers
+        last_accessed_urls_lock.acquire()
+        last_accessed_urls_combined = ",".join(last_accessed_urls)
+        last_accessed_urls.clear()
+        last_accessed_urls_lock.release()
+        
+        for container_name in ondemand_containers.keys():
+            accessed = False
+            for ondemand_url in ondemand_containers[container_name]["urls"].split(","):
+                if ondemand_url not in last_accessed_urls_combined:
+                    continue
+                ondemand_containers[container_name]["last_accessed"] = datetime.now()
+                accessed = True
+            if not accessed or ondemand_containers[container_name]["status"] == "running":
+                continue
+            docker_client.containers.get(container_name).start()
+            print(f"{datetime.now()} - Started {container_name}")
+            ondemand_containers[container_name]["status"] = "running"
+
+    def run(self):
+        while True:
+            docker_client = docker.from_env()
+            with ondemand_containers_lock:
+                self.process_containers(docker_client)
+                self.start_containers(docker_client)
+                self.stop_containers(docker_client)
+            time.sleep(5)
+
+class LogReaderThread(threading.Thread):
+    logname = "/config/log/nginx/access.log"
+    
+    def tail(self, f):
+        f.seek(0,2)
+        inode = os.fstat(f.fileno()).st_ino
+
+        while True:
+            line = f.readline()
+            if not line:
+                time.sleep(1)
+                if os.stat(self.logname).st_ino != inode:
+                    f.close()
+                    f = open(self.logname, 'r')
+                    inode = os.fstat(f.fileno()).st_ino
+                continue
+            yield line
+
+    def run(self):
+        logfile = open(self.logname, "r")
+        for line in self.tail(logfile):
+            for part in line.split():
+                if not part.startswith("http"):
+                    continue
+                with last_accessed_urls_lock:
+                    last_accessed_urls.add(part)
+                    print(f"{datetime.now()} - Accessed {part}")
+                break
+
+ContainerThread().start()
+LogReaderThread().start()