Support auto allow web port

README.md

@@ -49,6 +49,7 @@ Access the web terminal via `http://yourhost:2222` and login with your system us
 | `ENABLE_SSL`                    | `false` | Enable SSL (https)                                                                                        |
 | `SSL_CERT` `SSL_KEY` `SSL_CA`   |         | Host certificate paths, effective when ENABLE_SSL=true                                                    |
 | `ENABLE_IPV6`                   | `false` | Enable IPv6 support                                                                                       |
+| `AUTO_ALLOW_PORT`               | `false` | Automatically allow web ports                                                                             |
 
 ## Sponsor
 

README_CN.md

@@ -49,6 +49,7 @@ docker run -d \
 | `ENABLE_SSL`                    | `false` | 启用 SSL （https）                                 |
 | `SSL_CERT` `SSL_KEY` `SSL_CA`   |         | 主机证书路径，当 ENABLE_SSL=true 时生效            |
 | `ENABLE_IPV6`                   | `false` | 启用 IPv6 支持                                     |
+| `AUTO_ALLOW_PORT`               | `false` | 自动放行网页端口                                   |
 
 ## 赞助
 

app/run.sh

@@ -4,6 +4,7 @@ exec_dir=${EXEC_DIR:-"/opt"}
 exec_path="$exec_dir/ttyd"
 start_command=${START_COMMAND:-"login"}
 host_exists_ttyd=0
+host_exists_iptables_rule=0
 
 # ttyd 选项
 # https://github.com/tsl0922/ttyd#command-line-options
@@ -13,6 +14,9 @@ ttyd_options=()
 port=${PORT:-2222}
 ttyd_options+=(-p "$port")
 
+# 自动放行端口
+auto_allow_port=${AUTO_ALLOW_PORT:-"false"}
+
 # 允许客户端写入TTY
 allow_write=${ALLOW_WRITE:-"true"}
 if [[ "$allow_write" != "false" ]]; then
@@ -56,29 +60,51 @@ if [[ -n "$custom_options" ]]; then
     ttyd_options+=("$custom_options")
 fi
 
+function host_exec() {
+    nsenter -m -u -i -n -p -t 1 sh -c "$1"
+}
+
 start() {
     echo "Starting..."
 
-    distro=$(grep '^PRETTY_NAME' /etc/os-release | awk -F '=' '{print $2}' | tr -d '"')
-    arch=$(uname -m)
-    echo "OS: ${distro} ${arch}"
+    distro=$(host_exec "grep '^PRETTY_NAME' /etc/os-release | awk -F '=' '{print $2}' | tr -d '\"'")
+    arch=$(host_exec "uname -m")
+    echo "HostOS: ${distro} ${arch}"
 
+    # Creating directory
     if [[ ! -d "$exec_dir" ]]; then
         echo "Creating directory ${exec_dir}"
         mkdir -p "$exec_dir"
     fi
+    # Create executable
     if [[ ! -f "$exec_path" ]]; then
         cp /usr/bin/ttyd $exec_path
-        chmod +x $exec_path
         echo "Copy ttyd to $exec_path"
     else
         host_exists_ttyd=1
         echo "Host already exists $exec_path"
     fi
+    chmod +x $exec_path
+
+    # auto allow port
+    if [[ "$auto_allow_port" != "false" ]]; then
+        port_check_error=$(
+            host_exec "iptables -C INPUT -p tcp --dport $port -j ACCEPT" &>/dev/null
+            echo $?
+        )
+        if [[ "$port_check_error" -eq 0 ]]; then
+            echo "Iptables rule $port exist."
+            host_exists_iptables_rule=1
+        else
+            echo "Iptables rule $port does not exist, auto allow"
+            host_exec "iptables -I INPUT -p tcp --dport $port -j ACCEPT"
+        fi
+    fi
 
+    # exec
     exec_command="$exec_path ${ttyd_options[*]} $start_command"
     echo "ttyd startup options: $exec_command"
-    nsenter -m -u -i -n -p -t 1 sh -c "$exec_command" &
+    host_exec "$exec_command" &
 
     echo "Keep Running..."
     while true; do
@@ -92,6 +118,10 @@ stop() {
         rm "$exec_path"
         echo "Cleanup $exec_path"
     fi
+    if [[ "$auto_allow_port" != "false" && $host_exists_iptables_rule -eq 0 ]]; then
+        host_exec "iptables -D INPUT -p tcp --dport $port -j ACCEPT"
+        echo "Delete iptables rule $port."
+    fi
     exit 0
 }