Merge claude/1
This commit is contained in:
commit
007b39ea14
@ -155,26 +155,13 @@ EOL"
|
||||
local result=$(sudo chown $CFG_DOCKER_INSTALL_USER:$CFG_DOCKER_INSTALL_USER $override_conf_file)
|
||||
checkSuccess "Updating ownership for override.conf"
|
||||
|
||||
# Disable userland-proxy so the kernel/net driver forwards ports directly
|
||||
# and the container sees the real client source IP instead of the
|
||||
# rootlesskit gateway. Merge into any existing daemon.json rather than
|
||||
# clobbering it.
|
||||
docker_cfg_dir="/home/$CFG_DOCKER_INSTALL_USER/.config/docker"
|
||||
daemon_json="$docker_cfg_dir/daemon.json"
|
||||
|
||||
local result=$(sudo -u "$CFG_DOCKER_INSTALL_USER" mkdir -p "$docker_cfg_dir")
|
||||
checkSuccess "Create the rootless docker config directory if it doesn't exist"
|
||||
|
||||
if sudo test -f "$daemon_json"; then
|
||||
local result=$(sudo bash -c "tmp=\$(mktemp) && jq '. + {\"userland-proxy\": false}' '$daemon_json' > \"\$tmp\" && mv \"\$tmp\" '$daemon_json'")
|
||||
checkSuccess "Setting userland-proxy=false in existing daemon.json"
|
||||
else
|
||||
local result=$(sudo bash -c "printf '%s\n' '{\"userland-proxy\": false}' > '$daemon_json'")
|
||||
checkSuccess "Writing rootless daemon.json with userland-proxy=false"
|
||||
fi
|
||||
|
||||
local result=$(sudo chown $CFG_DOCKER_INSTALL_USER:$CFG_DOCKER_INSTALL_USER "$daemon_json")
|
||||
checkSuccess "Updating ownership for daemon.json"
|
||||
# NOTE: we deliberately do NOT set "userland-proxy": false here. Disabling
|
||||
# it makes rootless dockerd require br_netfilter
|
||||
# (/proc/sys/net/bridge/bridge-nf-call-iptables), which isn't present in
|
||||
# the rootless netns on Debian — the daemon then fails to create the
|
||||
# default bridge and won't start. The userland proxy's lack of source-IP
|
||||
# propagation doesn't matter here: apps sit behind Traefik, which carries
|
||||
# the real client IP via X-Forwarded-For at L7.
|
||||
|
||||
local result=$(dockerCommandRunInstallUser "systemctl --user daemon-reload")
|
||||
checkSuccess "Reload the systemd user manager configuration"
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user