Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Restrict dokku apps to an ip - WIP
#!/usr/bin/env bash
set -eo pipefail; [[ $DOKKU_TRACE ]] && set -x
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
APP="$1"
verify_app_name "$APP"
TMP_WORK_DIR="$2"
REV="$3" # optional, may not be sent for tar-based builds
HOSTS="/etc/hosts"
IP4="dokku_apps_ip4"
IP6="dokku_apps_ip6"
IP4_replacement="#"
IP6_replacement="#"
if grep -q "$IP4" "$HOSTS" 2>/dev/null
then
IP4_replacement="list-n dokku_apps_ip4"
fi
if grep -q "$IP6" "$HOSTS" 2>/dev/null
then
IP6_replacement="list-n dokku_apps_ip6"
fi
if [ "$IP4_replacement" == "#" ] && [ "$IP6_replacement" == "#" ]
then
echo "*"
echo "*"
echo "* To restrict apps to a specific IP, map those IPs to"
echo "* the following domains in $HOSTS"
echo "*"
echo "* dokku_apps_ip4"
echo "* dokku_apps_ip6"
echo "*"
echo "* They map top IPv4 and IPv6 ips respectively."
echo "* If you do not provide one apps will not listen"
echo "* to no IP rather than listen to all."
echo "*"
echo "*"
exit
fi
APP_NGINX="/home/dokku/$APP/nginx.conf"
APP_ORIGINAL_NGINX="/home/dokku/$APP/nginx.conf.original"
cp $APP_NGINX $APP_ORIGINAL_NGINX
sed -i "s/listen[^\[;]*80;/$IP4_replacement:80;/" "$APP_NGINX"
sed -i "s/listen[^;]*[::]80;/$IP6_replacement:80;/" "$APP_NGINX"
sed -i "s/listen[^\[;]*http2;/$IP4_replacement:443 ssl http2;/" "$APP_NGINX"
sed -i "s/listen[^;]*[::][^;]*http2;/$IP6_replacement:443 ssl http2;/" "$APP_NGINX"
sed -i "s/list-n/listen/" "$APP_NGINX"
@babakness
Copy link
Author

babakness commented May 21, 2018

Output of Dokku trace

+ export DOKKU_HOST_ROOT=/home/dokku
+ DOKKU_HOST_ROOT=/home/dokku
+ export DOKKU_DISTRO
++ . /etc/os-release
++ echo ubuntu
+ DOKKU_DISTRO=ubuntu
+ export DOKKU_IMAGE=gliderlabs/herokuish
+ DOKKU_IMAGE=gliderlabs/herokuish
+ export DOKKU_LIB_ROOT=/var/lib/dokku
+ DOKKU_LIB_ROOT=/var/lib/dokku
+ export PLUGIN_PATH=/var/lib/dokku/plugins
+ PLUGIN_PATH=/var/lib/dokku/plugins
+ export PLUGIN_AVAILABLE_PATH=/var/lib/dokku/plugins/available
+ PLUGIN_AVAILABLE_PATH=/var/lib/dokku/plugins/available
+ export PLUGIN_ENABLED_PATH=/var/lib/dokku/plugins/enabled
+ PLUGIN_ENABLED_PATH=/var/lib/dokku/plugins/enabled
+ export PLUGIN_CORE_PATH=/var/lib/dokku/core-plugins
+ PLUGIN_CORE_PATH=/var/lib/dokku/core-plugins
+ export PLUGIN_CORE_AVAILABLE_PATH=/var/lib/dokku/core-plugins/available
+ PLUGIN_CORE_AVAILABLE_PATH=/var/lib/dokku/core-plugins/available
+ export PLUGIN_CORE_ENABLED_PATH=/var/lib/dokku/core-plugins/enabled
+ PLUGIN_CORE_ENABLED_PATH=/var/lib/dokku/core-plugins/enabled
+ export DOKKU_API_VERSION=1
+ DOKKU_API_VERSION=1
+ export DOKKU_NOT_IMPLEMENTED_EXIT=10
+ DOKKU_NOT_IMPLEMENTED_EXIT=10
+ export DOKKU_VALID_EXIT=0
+ DOKKU_VALID_EXIT=0
+ export DOKKU_LOGS_DIR=/var/log/dokku
+ DOKKU_LOGS_DIR=/var/log/dokku
+ export DOKKU_EVENTS_LOGFILE=/var/log/dokku/events.log
+ DOKKU_EVENTS_LOGFILE=/var/log/dokku/events.log
+ export DOKKU_CONTAINER_LABEL=dokku
+ DOKKU_CONTAINER_LABEL=dokku
+ export DOKKU_GLOBAL_RUN_ARGS=--label=dokku
+ DOKKU_GLOBAL_RUN_ARGS=--label=dokku
+ source /var/lib/dokku/core-plugins/available/common/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
+ parse_args trace off
+ declare 'desc=top-level cli arg parser'
+ local next_index=1
+ local skip=false
+ args=("$@")
+ local args
+ for arg in "$@"
+ [[ false == \t\r\u\e ]]
+ case "$arg" in
+ next_index=2
+ for arg in "$@"
+ [[ false == \t\r\u\e ]]
+ case "$arg" in
+ next_index=3
+ return 0
+ args=("$@")
+ skip_arg=false
+ [[ trace =~ ^--.* ]]
+ has_tty
+ declare 'desc=return 0 if we have a tty'
++ /usr/bin/tty
+ [[ /dev/pts/0 == \n\o\t\ \a\ \t\t\y ]]
+ return 0
++ id -un
+ [[ root != \d\o\k\k\u ]]
+ [[ ! trace =~ plugin:* ]]
+ [[ ! trace == \s\s\h\-\k\e\y\s\:\a\d\d ]]
++ id -un
+ export SSH_USER=root
+ SSH_USER=root
+ sudo -u dokku -E -H /usr/bin/dokku trace off
+ export DOKKU_HOST_ROOT=/home/dokku
+ DOKKU_HOST_ROOT=/home/dokku
+ export DOKKU_DISTRO
++ . /etc/os-release
++ echo ubuntu
+ DOKKU_DISTRO=ubuntu
+ export DOKKU_IMAGE=gliderlabs/herokuish
+ DOKKU_IMAGE=gliderlabs/herokuish
+ export DOKKU_LIB_ROOT=/var/lib/dokku
+ DOKKU_LIB_ROOT=/var/lib/dokku
+ export PLUGIN_PATH=/var/lib/dokku/plugins
+ PLUGIN_PATH=/var/lib/dokku/plugins
+ export PLUGIN_AVAILABLE_PATH=/var/lib/dokku/plugins/available
+ PLUGIN_AVAILABLE_PATH=/var/lib/dokku/plugins/available
+ export PLUGIN_ENABLED_PATH=/var/lib/dokku/plugins/enabled
+ PLUGIN_ENABLED_PATH=/var/lib/dokku/plugins/enabled
+ export PLUGIN_CORE_PATH=/var/lib/dokku/core-plugins
+ PLUGIN_CORE_PATH=/var/lib/dokku/core-plugins
+ export PLUGIN_CORE_AVAILABLE_PATH=/var/lib/dokku/core-plugins/available
+ PLUGIN_CORE_AVAILABLE_PATH=/var/lib/dokku/core-plugins/available
+ export PLUGIN_CORE_ENABLED_PATH=/var/lib/dokku/core-plugins/enabled
+ PLUGIN_CORE_ENABLED_PATH=/var/lib/dokku/core-plugins/enabled
+ export DOKKU_API_VERSION=1
+ DOKKU_API_VERSION=1
+ export DOKKU_NOT_IMPLEMENTED_EXIT=10
+ DOKKU_NOT_IMPLEMENTED_EXIT=10
+ export DOKKU_VALID_EXIT=0
+ DOKKU_VALID_EXIT=0
+ export DOKKU_LOGS_DIR=/var/log/dokku
+ DOKKU_LOGS_DIR=/var/log/dokku
+ export DOKKU_EVENTS_LOGFILE=/var/log/dokku/events.log
+ DOKKU_EVENTS_LOGFILE=/var/log/dokku/events.log
+ export DOKKU_CONTAINER_LABEL=dokku
+ DOKKU_CONTAINER_LABEL=dokku
+ export DOKKU_GLOBAL_RUN_ARGS=--label=dokku
+ DOKKU_GLOBAL_RUN_ARGS=--label=dokku
+ source /var/lib/dokku/core-plugins/available/common/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
+ parse_args trace off
+ declare 'desc=top-level cli arg parser'
+ local next_index=1
+ local skip=false
+ args=("$@")
+ local args
+ for arg in "$@"
+ [[ false == \t\r\u\e ]]
+ case "$arg" in
+ next_index=2
+ for arg in "$@"
+ [[ false == \t\r\u\e ]]
+ case "$arg" in
+ next_index=3
+ return 0
+ args=("$@")
+ skip_arg=false
+ [[ trace =~ ^--.* ]]
+ has_tty
+ declare 'desc=return 0 if we have a tty'
++ /usr/bin/tty
+ [[ /dev/pts/0 == \n\o\t\ \a\ \t\t\y ]]
+ return 0
++ id -un
+ [[ dokku != \d\o\k\k\u ]]
+ [[ trace =~ ^plugin:.* ]]
+ [[ trace == \s\s\h\-\k\e\y\s\:\a\d\d ]]
+ [[ -n '' ]]
+ dokku_auth trace off
+ declare 'desc=calls user-auth plugin trigger'
+ export SSH_USER=root
+ SSH_USER=root
+ export SSH_NAME=default
+ SSH_NAME=default
+ plugn trigger user-auth root default trace off
+ source /var/lib/dokku/core-plugins/available/common/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
+ [[ ! -n '' ]]
+ source /var/lib/dokku/core-plugins/available/common/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
+ [[ trace =~ (ssh-keys:add|ssh-keys:remove) ]]
+ return 0
+ case "$1" in
+ execute_dokku_cmd trace off
+ declare 'desc=executes dokku sub-commands'
+ local PLUGIN_NAME=trace
+ local PLUGIN_CMD=trace
+ local implemented=0
+ local script
+ argv=("$@")
+ local argv
+ case "$PLUGIN_NAME" in
+ local PLUGIN_NAME=00_dokku-standard
++ readlink -f /var/lib/dokku/plugins/enabled/00_dokku-standard
+ [[ /var/lib/dokku/core-plugins/available/00_dokku-standard == *core-plugins* ]]
+ [[ trace == \t\r\a\c\e ]]
+ shift 1
+ [[ ! -z '' ]]
+ set -- trace off
+ [[ -x /var/lib/dokku/plugins/enabled/00_dokku-standard/subcommands/default ]]
+ [[ -x /var/lib/dokku/plugins/enabled/00_dokku-standard/subcommands/trace ]]
+ /var/lib/dokku/plugins/enabled/00_dokku-standard/subcommands/trace trace off
+ source /var/lib/dokku/core-plugins/available/common/functions
++ set -eo pipefail
++ [[ -n 1 ]]
++ set -x
+ dokku_trace_cmd trace off
+ declare 'desc=enables/disables DOKKU_TRACE'
+ local cmd=trace
+ [[ -d /home/dokku/.dokkurc ]]
+ [[ off == \o\n ]]
+ [[ off == \o\f\f ]]
+ [[ off == \o\n ]]
+ [[ off == \o\f\f ]]
+ echo 'Disabling dokku trace'
Disabling dokku trace
+ rm -f /home/dokku/.dokkurc/DOKKU_TRACE
+ implemented=1
+ [[ 1 -eq 0 ]]
+ [[ 1 -eq 0 ]]
+ exit 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment