Commit 50816ccd authored by Johannes Zellner's avatar Johannes Zellner

Allow restart.sh to be run as root

parent bdc4de88
......@@ -16,6 +16,18 @@ ADD easyrsa-vars.sh /app/code/easyrsa/
# Workaround quantum permissions bug
RUN chown -R cloudron:cloudron /app/code/easyrsa
## Sudoers
ADD cloudron.sudo /etc/sudoers.d/cloudron
ADD restart.sh /app/code/restart.sh
## Setting up TUN device
RUN mknod /app/code/net-tun c 10 200
## Supervisor
ADD supervisor/ /etc/supervisor/conf.d/
RUN sed -e 's,^logfile=.*$,logfile=/run/supervisord.log,' -i /etc/supervisor/supervisord.conf
RUN sed -e 's,^chmod=.*$,chmod=0760\nchown=cloudron:cloudron,' -i /etc/supervisor/supervisord.conf
## Installing web-admin interface & packaging scripts
ADD package.json package-lock.json /app/code/
ADD src /app/code/src
......@@ -26,12 +38,4 @@ ADD start.sh server.js openvpn.conf.template regen-crl.sh restart.sh /app/code/
# Somehow postinstall is not run automatically when building docker image
RUN npm install --production && npm run postinstall
## Setting up TUN device
RUN mknod /app/code/net-tun c 10 200
## Supervisor
ADD supervisor/ /etc/supervisor/conf.d/
RUN sed -e 's,^logfile=.*$,logfile=/run/supervisord.log,' -i /etc/supervisor/supervisord.conf
RUN sed -e 's,^chmod=.*$,chmod=0760\nchown=cloudron:cloudron,' -i /etc/supervisor/supervisord.conf
CMD [ "/app/code/start.sh" ]
Defaults!/app/code/restart.sh env_keep="HOME"
cloudron ALL=(ALL) NOPASSWD: /app/code/restart.sh
......@@ -4,6 +4,8 @@ set -eu
# WARNING if this file is changed also check if start.sh needs adjustment!
echo "==> Restart after config changes"
# Add iptables rules for NATing VPN traffic
network=$(cat /app/data/openvpn.conf | sed -ne 's/^server \(.*\) .*$/\1/p')
echo "==> Configuring nat rules for ${network}"
......
......@@ -115,7 +115,7 @@ function setOpenVPNSetting(settings) {
function restartOpenVPN() {
try {
execSync('/app/code/restart.sh');
execSync('sudo /app/code/restart.sh', { stdio: 'inherit' });
} catch (e) {
return e;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment