Merge branch 'master' into patch-1

RaspAP · Jan 9, 2024 · fddc0d6 · fddc0d6
2 parents 77e69c1 + 9063387
commit fddc0d6
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 15 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,3 +1,6 @@
-FROM jrei/systemd-debian:10
+FROM jrei/systemd-debian:12
 RUN apt update && apt install -y sudo wget procps curl systemd && rm -rf /var/lib/apt/lists/*
-COPY setup.sh .
+RUN curl -sL https://install.raspap.com | bash -s -- --yes --wireguard 1 --openvpn 1 --adblock 1
+COPY firewall-rules.sh /home/firewall-rules.sh
+RUN chmod +x /home/firewall-rules.sh
+CMD /home/firewall-rules.sh
diff --git a/README.md b/README.md
@@ -7,22 +7,18 @@ A community-led docker container for RaspAP
 # Usage
 ```
 docker run --name raspap -it -d --privileged --network=host -v /sys/fs/cgroup:/sys/fs/cgroup:ro --cap-add SYS_ADMIN ghcr.io/raspap/raspap-docker:latest
-docker exec -it raspap bash
-$ ./setup.sh
-docker restart raspap
-Web GUI should be accessible on http://localhost by default
 ```
-## Workaround for arm devices
-To use this container on arm devices you have to make cgroups writable:
+Web GUI should be accessible on http://localhost by default
+
+## Workaround for ARM devices
+To use this container on ARM devices you have to make cgroups writable:
 ```
 docker run --name raspap -it -d --privileged --network=host --cgroupns=host -v /sys/fs/cgroup:/sys/fs/cgroup:rw --cap-add SYS_ADMIN ghcr.io/raspap/raspap-docker:latest
-docker exec -it raspap bash
-$ ./setup.sh
-docker restart raspap
-Web GUI should be accessible on http://localhost by default
 ```
+Web GUI should be accessible on http://localhost by default
+
 ## Allow WiFi-clients to connect to LAN and internet
-Because of docker isolation and security defaults the following rules must be added in the docker container:
+Because of docker isolation and security defaults the following rules must be added on the docker host:
 ```
 iptables -I DOCKER-USER -i src_if -o dst_if -j ACCEPT
 iptables -t nat -C POSTROUTING -o eth0 -j MASQUERADE || iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

diff --git a/firewall-rules.sh b/firewall-rules.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+iptables -I DOCKER-USER -i src_if -o dst_if -j ACCEPT
+iptables -t nat -C POSTROUTING -o eth0 -j MASQUERADE || iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+iptables -C FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT || iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+iptables -C FORWARD -i wlan0 -o eth0 -j ACCEPT || iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
+iptables-save
diff --git a/setup.sh b/setup.sh