eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Expose Forgejo publicly at forge.eblu.me #278

Merged
eblume merged 14 commits from feature/forge-public into main 2026-03-03 08:40:42 -08:00
Conversation 0 Commits 14 Files changed 49 +2 -5
2 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit fedfdb1228 - Show all commits

Remove Alpine's default SSH jails for fail2ban

Prev Next 
Alpine ships alpine-ssh.conf with sshd and sshd-ddos jails enabled.
These fail on startup because there's no SSH server or /var/log/messages
in the container. Remove the file after install instead of trying to
override via [DEFAULT] (per-jail enabled=true beats DEFAULT).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Erich Blume 2026-03-03 08:34:21 -08:00
commit fedfdb1228

3
fly/Dockerfile
View file

@ -9,7 +9,8 @@ COPY --from=docker.io/tailscale/tailscale:stable \
RUN mkdir -p /var/run/tailscale /var/lib/tailscale \ RUN mkdir -p /var/run/tailscale /var/lib/tailscale \
&& apk add --no-cache iptables ip6tables \ && apk add --no-cache iptables ip6tables \
&& apk add --no-cache libc6-compat \ && apk add --no-cache libc6-compat \
&& apk add --no-cache fail2ban && apk add --no-cache fail2ban \
&& rm -f /etc/fail2ban/jail.d/alpine-ssh.conf
# Copy Alloy binary from official image (Ubuntu-based, needs libc6-compat) # Copy Alloy binary from official image (Ubuntu-based, needs libc6-compat)
COPY --from=docker.io/grafana/alloy:v1.13.1 \ COPY --from=docker.io/grafana/alloy:v1.13.1 \

4
fly/fail2ban/jail.d/forge.conf
View file

@ -1,7 +1,3 @@
# Disable all default jails — this container has no SSH, mail, etc.
[DEFAULT]
enabled = false
[forge-login] [forge-login]
enabled = true enabled = true
filter = forge-login filter = forge-login