From c8bc6a46181b6c50bc4c3b9507177cf0cce70fc7 Mon Sep 17 00:00:00 2001 From: DDSRem <1448139087@qq.com> Date: Fri, 8 Sep 2023 20:33:23 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E9=87=8D=E5=90=AF=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/build.yml | 22 ++++++++++++---------- .github/workflows/release.yml | 2 +- Dockerfile | 2 +- entrypoint | 4 ++-- haproxy.cfg | 14 +++++++++++--- 5 files changed, 27 insertions(+), 17 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 3fb09cc0..c90548b2 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,13 +14,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 - - - name: Docker meta - id: meta - uses: docker/metadata-action@v4 - with: - images: ${{ secrets.DOCKER_USERNAME }}/moviepilot + uses: actions/checkout@v4 - name: Release version @@ -29,6 +23,16 @@ jobs: app_version=$(cat version.py |sed -ne "s/APP_VERSION\s=\s'v\(.*\)'/\1/gp") echo "app_version=$app_version" >> $GITHUB_ENV + - + name: Docker meta + id: meta + uses: docker/metadata-action@v4 + with: + images: ${{ secrets.DOCKER_USERNAME }}/moviepilot + tags: | + type=raw,value=${{ env.app_version }} + type=raw,value=latest + - name: Set Up QEMU uses: docker/setup-qemu-action@v2 @@ -55,7 +59,5 @@ jobs: push: true build-args: | MOVIEPILOT_VERSION=${{ env.app_version }} - tags: | - ${{ secrets.DOCKER_USERNAME }}/moviepilot:latest - ${{ secrets.DOCKER_USERNAME }}/moviepilot:${{ env.app_version }} + tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index ad6f9149..1e42c769 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Release Version diff --git a/Dockerfile b/Dockerfile index e9386c95..64ea4ff1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -59,7 +59,7 @@ RUN apt-get update \ && cp -f /app/update /usr/local/bin/mp_update \ && cp -f /app/entrypoint /entrypoint \ && chmod +x /entrypoint /usr/local/bin/mp_update \ - && mkdir -p ${HOME} \ + && mkdir -p ${HOME} /var/lib/haproxy/server-state \ && groupadd -r moviepilot -g 911 \ && useradd -r moviepilot -g moviepilot -d ${HOME} -s /bin/bash -u 911 \ && apt-get install -y build-essential \ diff --git a/entrypoint b/entrypoint index 2335a875..0ef5a81b 100644 --- a/entrypoint +++ b/entrypoint @@ -27,8 +27,8 @@ gosu moviepilot:moviepilot playwright install chromium # 启动前端nginx服务 nginx # 启动haproxy -if [ -f "/var/run/docker.sock" ]; then - haproxy -f /etc/haproxy/haproxy.cfg +if [ -S "/var/run/docker.sock" ]; then + haproxy -f /app/haproxy.cfg fi # 设置后端服务权限掩码 umask ${UMASK} diff --git a/haproxy.cfg b/haproxy.cfg index 87a5dd94..5e01d837 100644 --- a/haproxy.cfg +++ b/haproxy.cfg @@ -12,6 +12,11 @@ global # Turn on stats unix socket server-state-file /var/lib/haproxy/server-state + setenv POST 1 + setenv ALLOW_RESTARTS 1 + setenv CONTAINERS 1 + setenv VERSION 1 + defaults mode http log global @@ -46,7 +51,10 @@ backend dockerbackend frontend dockerfrontend bind :2375 - http-request allow - http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } + http-request deny unless METH_GET || { env(POST) -m bool } + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((stop)|(restart)|(kill)) } { env(ALLOW_RESTARTS) -m bool } + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } { env(CONTAINERS) -m bool } + http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/version } { env(VERSION) -m bool } http-request deny - default_backend dockerbackend \ No newline at end of file + default_backend dockerbackend +