Skip to content

Commit 87ee42d

Browse files
bmpandradebmpandrade
authored
chore: ensure fail2ban stays disabled when FAIL2BAN_DISABLED is set (#796)
* chore: ensure fail2ban stays disabled when FAIL2BAN_DISABLED is set * chore: update docker aio entrypoint with extra validation on env vars check
1 parent e29b7ee commit 87ee42d

File tree

2 files changed

+13
-7
lines changed

2 files changed

+13
-7
lines changed

docker/all-in-one/Dockerfile

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,7 @@ COPY --chown=postgres:postgres docker/all-in-one/etc/postgresql.schema.sql /etc/
179179
# Customizations for postgres_exporter
180180
COPY --chown=postgres:postgres docker/all-in-one/opt/postgres_exporter/queries.yml /opt/postgres_exporter/queries.yml
181181

182+
# Customizations for fail2ban
182183
COPY docker/all-in-one/etc/fail2ban/filter.d /etc/fail2ban/filter.d/
183184
COPY docker/all-in-one/etc/fail2ban/jail.d /etc/fail2ban/jail.d/
184185

docker/all-in-one/entrypoint.sh

Lines changed: 12 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -227,21 +227,26 @@ find /etc/supervisor/ -type d -exec chmod 0770 {} +
227227
find /etc/supervisor/ -type f -exec chmod 0660 {} +
228228

229229
# Start services in the background
230-
if [ -z "${POSTGRES_ONLY:-}" ]; then
231-
sed -i "s| # - postgrest| - postgrest|g" /etc/adminapi/adminapi.yaml
232-
sed -i "s|files = db-only/\*.conf|files = services/\*.conf db-only/\*.conf|g" $SUPERVISOR_CONF
233-
configure_services
234-
else
230+
if [ "${POSTGRES_ONLY:-}" == "true" ]; then
235231
sed -i "s| - postgrest| # - postgrest|g" /etc/adminapi/adminapi.yaml
236232
sed -i "s|files = services/\*.conf db-only/\*.conf|files = db-only/\*.conf|g" $SUPERVISOR_CONF
237233
/init/configure-adminapi.sh
234+
else
235+
sed -i "s| # - postgrest| - postgrest|g" /etc/adminapi/adminapi.yaml
236+
sed -i "s|files = db-only/\*.conf|files = services/\*.conf db-only/\*.conf|g" $SUPERVISOR_CONF
237+
configure_services
238238
fi
239239

240-
if [ "${AUTOSHUTDOWN_ENABLED:-}" ]; then
240+
if [ "${AUTOSHUTDOWN_ENABLED:-}" == "true" ]; then
241241
sed -i "s/autostart=.*/autostart=true/" /etc/supervisor/db-only/supa-shutdown.conf
242242
fi
243243

244-
if [ "${PLATFORM_DEPLOYMENT:-}" ]; then
244+
if [ "${FAIL2BAN_DISABLED:-}" == "true" ]; then
245+
sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/fail2ban.conf
246+
sed -i "s/autorestart=.*/autorestart=false/" /etc/supervisor/services/fail2ban.conf
247+
fi
248+
249+
if [ "${PLATFORM_DEPLOYMENT:-}" == "true" ]; then
245250
enable_swap
246251
create_lsn_checkpoint_file
247252
fi

0 commit comments

Comments
 (0)