From 15c7b4a9081051d9691fcb5747d8a7f1c999a1bc Mon Sep 17 00:00:00 2001 From: Nick Hammond Date: Fri, 7 Feb 2025 13:45:38 -0700 Subject: [PATCH 1/3] Add example docker-setup hook to configure UFW and fail2ban --- .../cli/templates/sample_hooks/docker-setup.sample | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample index 2fb07d7d7..66cd1947a 100755 --- a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample +++ b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample @@ -1,3 +1,11 @@ #!/bin/sh -echo "Docker set up on $KAMAL_HOSTS..." +bundle exec kamal server exec " + ufw allow ssh && \ + ufw allow http && \ + ufw allow https && \ + ufw --force enable && \ + apt-get install fail2ban -y && \ + systemctl start fail2ban && \ + systemctl enable fail2ban && \ + systemctl status fail2ban" From 96b8e541ed87a02f92b384429ef4a32c7e69edb0 Mon Sep 17 00:00:00 2001 From: Nick Hammond Date: Fri, 7 Feb 2025 13:47:44 -0700 Subject: [PATCH 2/3] Don't check fial2ban status since it's going to be noisy, rely on exit code --- lib/kamal/cli/templates/sample_hooks/docker-setup.sample | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample index 66cd1947a..0f8daaa58 100755 --- a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample +++ b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample @@ -7,5 +7,4 @@ bundle exec kamal server exec " ufw --force enable && \ apt-get install fail2ban -y && \ systemctl start fail2ban && \ - systemctl enable fail2ban && \ - systemctl status fail2ban" + systemctl enable fail2ban" From 0d2f51fafb40128acec639dac24db082ba3baa90 Mon Sep 17 00:00:00 2001 From: Nick Hammond Date: Fri, 7 Feb 2025 14:20:39 -0700 Subject: [PATCH 3/3] Use bin/kamal --- lib/kamal/cli/templates/sample_hooks/docker-setup.sample | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample index 0f8daaa58..32f2dad58 100755 --- a/lib/kamal/cli/templates/sample_hooks/docker-setup.sample +++ b/lib/kamal/cli/templates/sample_hooks/docker-setup.sample @@ -1,6 +1,6 @@ #!/bin/sh -bundle exec kamal server exec " +bin/kamal server exec " ufw allow ssh && \ ufw allow http && \ ufw allow https && \