feat(install): block port 3000 after Forgejo install, English instructions
- Automatically add iptables DOCKER-USER DROP rule for port 3000 so Forgejo is only reachable via NPM proxy, not directly from the internet - Rewrite post-install instructions in English with all 6 NPM setup steps including SSL config and correct ROOT_URL / SSH Port values Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
xtcnet
parent
6ef729eb45
commit
50dff1712e
1 changed files with 25 additions and 17 deletions
32
install.sh
32
install.sh
|
|
@ -615,35 +615,43 @@ YAML
|
|||
if docker ps --format '{{.Names}}' | grep -q "^${FORGEJO_CONTAINER_NAME}$"; then
|
||||
local server_ip
|
||||
server_ip=$(hostname -I | awk '{print $1}')
|
||||
|
||||
# Block direct external access to port 3000 (accessible via NPM proxy only)
|
||||
log_step "Blocking external access to port 3000..."
|
||||
iptables -D DOCKER-USER -p tcp --dport 3000 -j DROP 2>/dev/null || true
|
||||
iptables -I DOCKER-USER -p tcp --dport 3000 -j DROP
|
||||
log_ok "Port 3000 is now private (NPM proxy only)."
|
||||
|
||||
echo ""
|
||||
separator
|
||||
echo -e "${GREEN}${BOLD} FORGEJO INSTALLED SUCCESSFULLY!${NC}"
|
||||
separator
|
||||
echo -e " ${CYAN}Forgejo Web UI${NC} : ${BOLD}http://${server_ip}:3000${NC}"
|
||||
echo -e " ${CYAN}Git SSH${NC} : ${BOLD}ssh://git@${server_ip}:2222${NC}"
|
||||
echo -e " ${CYAN}Git HTTPS${NC}: via NPM proxy after hostname setup below"
|
||||
echo ""
|
||||
separator
|
||||
echo -e "${BOLD} Thêm hostname trong Nginx Proxy Manager${NC}"
|
||||
echo -e "${BOLD} Add Hostname in Nginx Proxy Manager${NC}"
|
||||
separator
|
||||
echo -e " ${YELLOW}Bước 1:${NC} Mở Admin UI tại ${BOLD}http://${server_ip}:81${NC}"
|
||||
echo -e " ${YELLOW}Step 1:${NC} Open NPM Admin UI at ${BOLD}http://${server_ip}:81${NC}"
|
||||
echo ""
|
||||
echo -e " ${YELLOW}Bước 2:${NC} Vào ${BOLD}Proxy Hosts${NC} → nhấn ${BOLD}Add Proxy Host${NC}"
|
||||
echo -e " ${YELLOW}Step 2:${NC} Go to ${BOLD}Proxy Hosts${NC} → click ${BOLD}Add Proxy Host${NC}"
|
||||
echo ""
|
||||
echo -e " ${YELLOW}Bước 3:${NC} Tab ${BOLD}Details${NC} — điền thông tin:"
|
||||
echo -e " ${YELLOW}Step 3:${NC} ${BOLD}Details${NC} tab:"
|
||||
echo -e " Domain Names : ${CYAN}git.yourdomain.com${NC}"
|
||||
echo -e " Scheme : ${CYAN}http${NC}"
|
||||
echo -e " Forward Hostname : ${CYAN}forgejo${NC} ← tên container"
|
||||
echo -e " Forward Hostname : ${CYAN}forgejo${NC} (container name)"
|
||||
echo -e " Forward Port : ${CYAN}3000${NC}"
|
||||
echo -e " ☑ Cache Assets ☑ Block Common Exploits"
|
||||
echo -e " [x] Cache Assets [x] Block Common Exploits"
|
||||
echo ""
|
||||
echo -e " ${YELLOW}Bước 4:${NC} Tab ${BOLD}SSL${NC} → chọn ${BOLD}Request a new SSL Certificate${NC}"
|
||||
echo -e " ☑ Force SSL ☑ HTTP/2 Support"
|
||||
echo -e " ${YELLOW}Step 4:${NC} ${BOLD}SSL${NC} tab → select ${BOLD}Request a new SSL Certificate${NC}"
|
||||
echo -e " [x] Force SSL [x] HTTP/2 Support"
|
||||
echo ""
|
||||
echo -e " ${YELLOW}Bước 5:${NC} Nhấn ${BOLD}Save${NC}."
|
||||
echo -e " ${YELLOW}Step 5:${NC} Click ${BOLD}Save${NC}."
|
||||
echo ""
|
||||
echo -e " ${YELLOW}Bước 6:${NC} Mở ${BOLD}http://${server_ip}:3000${NC} → hoàn tất Forgejo setup"
|
||||
echo -e " ${YELLOW}Step 6:${NC} Open ${BOLD}https://git.yourdomain.com${NC} → complete Forgejo setup"
|
||||
echo -e " Server Domain : ${CYAN}git.yourdomain.com${NC}"
|
||||
echo -e " Base URL (ROOT_URL): ${CYAN}https://git.yourdomain.com${NC}"
|
||||
echo -e " Base URL : ${CYAN}https://git.yourdomain.com${NC}"
|
||||
echo -e " SSH Port : ${CYAN}2222${NC}"
|
||||
separator
|
||||
else
|
||||
log_err "Forgejo did not start. Check: docker logs ${FORGEJO_CONTAINER_NAME}"
|
||||
|
|
|
|||
Loading…
Reference in a new issue