9 files changed, 114 insertions, 40 deletions
diff --git a/cmd/puppeth/module_dashboard.go b/cmd/puppeth/module_dashboard.go
index 17f119111..1cf6cab79 100644
--- a/cmd/puppeth/module_dashboard.go
+++ b/cmd/puppeth/module_dashboard.go
@@ -425,6 +425,11 @@ services:
       - "{{.Port}}:80"{{else}}
     environment:
       - VIRTUAL_HOST={{.VHost}}{{end}}
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "10"
     restart: always
 `
 
diff --git a/cmd/puppeth/module_ethstats.go b/cmd/puppeth/module_ethstats.go
index 571df1454..5d3fa5fc0 100644
--- a/cmd/puppeth/module_ethstats.go
+++ b/cmd/puppeth/module_ethstats.go
@@ -42,7 +42,7 @@ RUN \
 WORKDIR /eth-netstats
 EXPOSE 3000
 
-RUN echo 'module.exports = {trusted: [{{.Trusted}}], banned: []};' > lib/utils/config.js
+RUN echo 'module.exports = {trusted: [{{.Trusted}}], banned: [{{.Banned}}]};' > lib/utils/config.js
 
 CMD ["npm", "start"]
 `
@@ -59,25 +59,37 @@ services:
       - "{{.Port}}:3000"{{end}}
     environment:
       - WS_SECRET={{.Secret}}{{if .VHost}}
-      - VIRTUAL_HOST={{.VHost}}{{end}}
+      - VIRTUAL_HOST={{.VHost}}{{end}}{{if .Banned}}
+      - BANNED={{.Banned}}{{end}}
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "10"
     restart: always
 `
 
 // deployEthstats deploys a new ethstats container to a remote machine via SSH,
 // docker and docker-compose. If an instance with the specified network name
 // already exists there, it will be overwritten!
-func deployEthstats(client *sshClient, network string, port int, secret string, vhost string, trusted []string) ([]byte, error) {
+func deployEthstats(client *sshClient, network string, port int, secret string, vhost string, trusted []string, banned []string) ([]byte, error) {
 	// Generate the content to upload to the server
 	workdir := fmt.Sprintf("%d", rand.Int63())
 	files := make(map[string][]byte)
 
+	trustedLabels := make([]string, len(trusted))
 	for i, address := range trusted {
-		trusted[i] = fmt.Sprintf("\"%s\"", address)
+		trustedLabels[i] = fmt.Sprintf("\"%s\"", address)
+	}
+	bannedLabels := make([]string, len(banned))
+	for i, address := range banned {
+		bannedLabels[i] = fmt.Sprintf("\"%s\"", address)
 	}
 
 	dockerfile := new(bytes.Buffer)
 	template.Must(template.New("").Parse(ethstatsDockerfile)).Execute(dockerfile, map[string]interface{}{
-		"Trusted": strings.Join(trusted, ", "),
+		"Trusted": strings.Join(trustedLabels, ", "),
+		"Banned":  strings.Join(bannedLabels, ", "),
 	})
 	files[filepath.Join(workdir, "Dockerfile")] = dockerfile.Bytes()
 
@@ -87,6 +99,7 @@ func deployEthstats(client *sshClient, network string, port int, secret string,
 		"Port":    port,
 		"Secret":  secret,
 		"VHost":   vhost,
+		"Banned":  strings.Join(banned, ","),
 	})
 	files[filepath.Join(workdir, "docker-compose.yaml")] = composefile.Bytes()
 
@@ -107,11 +120,12 @@ type ethstatsInfos struct {
 	port   int
 	secret string
 	config string
+	banned []string
 }
 
 // String implements the stringer interface.
 func (info *ethstatsInfos) String() string {
-	return fmt.Sprintf("host=%s, port=%d, secret=%s", info.host, info.port, info.secret)
+	return fmt.Sprintf("host=%s, port=%d, secret=%s, banned=%v", info.host, info.port, info.secret, info.banned)
 }
 
 // checkEthstats does a health-check against an ethstats server to verify whether
@@ -145,6 +159,9 @@ func checkEthstats(client *sshClient, network string) (*ethstatsInfos, error) {
 	if port != 80 && port != 443 {
 		config += fmt.Sprintf(":%d", port)
 	}
+	// Retrieve the IP blacklist
+	banned := strings.Split(infos.envvars["BANNED"], ",")
+
 	// Run a sanity check to see if the port is reachable
 	if err = checkPort(host, port); err != nil {
 		log.Warn("Ethstats service seems unreachable", "server", host, "port", port, "err", err)
@@ -155,5 +172,6 @@ func checkEthstats(client *sshClient, network string) (*ethstatsInfos, error) {
 		port:   port,
 		secret: secret,
 		config: config,
+		banned: banned,
 	}, nil
 }
diff --git a/cmd/puppeth/module_faucet.go b/cmd/puppeth/module_faucet.go
index 5a5dc6506..acf1e4324 100644
--- a/cmd/puppeth/module_faucet.go
+++ b/cmd/puppeth/module_faucet.go
@@ -82,6 +82,11 @@ services:
       - CAPTCHA_SECRET={{.CaptchaSecret}}{{if .VHost}}
       - VIRTUAL_HOST={{.VHost}}
       - VIRTUAL_PORT=8080{{end}}
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "10"
     restart: always
 `
 
diff --git a/cmd/puppeth/module_nginx.go b/cmd/puppeth/module_nginx.go
index 0eac5ace5..fd6d1d74e 100644
--- a/cmd/puppeth/module_nginx.go
+++ b/cmd/puppeth/module_nginx.go
@@ -43,6 +43,11 @@ services:
       - "{{.Port}}:80"
     volumes:
       - /var/run/docker.sock:/tmp/docker.sock:ro
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "10"
     restart: always
 `
 
diff --git a/cmd/puppeth/module_node.go b/cmd/puppeth/module_node.go
index ce1d34135..9fe97c892 100644
--- a/cmd/puppeth/module_node.go
+++ b/cmd/puppeth/module_node.go
@@ -68,6 +68,11 @@ services:
       - MINER_NAME={{.Etherbase}}
       - GAS_TARGET={{.GasTarget}}
       - GAS_PRICE={{.GasPrice}}
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "1m"
+        max-file: "10"
     restart: always
 `
 
diff --git a/cmd/puppeth/ssh.go b/cmd/puppeth/ssh.go
index 93668945c..26f846685 100644
--- a/cmd/puppeth/ssh.go
+++ b/cmd/puppeth/ssh.go
@@ -122,7 +122,7 @@ func dial(server string, pubkey []byte) (*sshClient, error) {
 			}
 		}
 		// If a public key exists for this SSH server, check that it matches
-		if bytes.Compare(pubkey, key.Marshal()) == 0 {
+		if bytes.Equal(pubkey, key.Marshal()) {
 			return nil
 		}
 		// We have a mismatch, forbid connecting
diff --git a/cmd/puppeth/wizard.go b/cmd/puppeth/wizard.go
index 51e64688e..518741279 100644
--- a/cmd/puppeth/wizard.go
+++ b/cmd/puppeth/wizard.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io/ioutil"
 	"math/big"
+	"net"
 	"os"
 	"path/filepath"
 	"sort"
@@ -106,17 +107,15 @@ func (w *wizard) readString() string {
 // readDefaultString reads a single line from stdin, trimming if from spaces. If
 // an empty line is entered, the default value is returned.
 func (w *wizard) readDefaultString(def string) string {
-	for {
-		fmt.Printf("> ")
-		text, err := w.in.ReadString('\n')
-		if err != nil {
-			log.Crit("Failed to read user input", "err", err)
-		}
-		if text = strings.TrimSpace(text); text != "" {
-			return text
-		}
-		return def
+	fmt.Printf("> ")
+	text, err := w.in.ReadString('\n')
+	if err != nil {
+		log.Crit("Failed to read user input", "err", err)
+	}
+	if text = strings.TrimSpace(text); text != "" {
+		return text
 	}
+	return def
 }
 
 // readInt reads a single line from stdin, trimming if from spaces, enforcing it
@@ -162,6 +161,7 @@ func (w *wizard) readDefaultInt(def int) int {
 	}
 }
 
+/*
 // readFloat reads a single line from stdin, trimming if from spaces, enforcing it
 // to parse into a float.
 func (w *wizard) readFloat() float64 {
@@ -182,6 +182,7 @@ func (w *wizard) readFloat() float64 {
 		return val
 	}
 }
+*/
 
 // readDefaultFloat reads a single line from stdin, trimming if from spaces, enforcing
 // it to parse into a float. If an empty line is entered, the default value is returned.
@@ -207,15 +208,13 @@ func (w *wizard) readDefaultFloat(def float64) float64 {
 // readPassword reads a single line from stdin, trimming it from the trailing new
 // line and returns it. The input will not be echoed.
 func (w *wizard) readPassword() string {
-	for {
-		fmt.Printf("> ")
-		text, err := terminal.ReadPassword(int(syscall.Stdin))
-		if err != nil {
-			log.Crit("Failed to read password", "err", err)
-		}
-		fmt.Println()
-		return string(text)
+	fmt.Printf("> ")
+	text, err := terminal.ReadPassword(int(syscall.Stdin))
+	if err != nil {
+		log.Crit("Failed to read password", "err", err)
 	}
+	fmt.Println()
+	return string(text)
 }
 
 // readAddress reads a single line from stdin, trimming if from spaces and converts
@@ -279,3 +278,26 @@ func (w *wizard) readJSON() string {
 		return string(blob)
 	}
 }
+
+// readIPAddress reads a single line from stdin, trimming if from spaces and
+// converts it to a network IP address.
+func (w *wizard) readIPAddress() net.IP {
+	for {
+		// Read the IP address from the user
+		fmt.Printf("> ")
+		text, err := w.in.ReadString('\n')
+		if err != nil {
+			log.Crit("Failed to read user input", "err", err)
+		}
+		if text = strings.TrimSpace(text); text == "" {
+			return nil
+		}
+		// Make sure it looks ok and return it if so
+		ip := net.ParseIP(text)
+		if ip == nil {
+			log.Error("Invalid IP address, please retry")
+			continue
+		}
+		return ip
+	}
+}
diff --git a/cmd/puppeth/wizard_ethstats.go b/cmd/puppeth/wizard_ethstats.go
index c117a6027..504d8fd9c 100644
--- a/cmd/puppeth/wizard_ethstats.go
+++ b/cmd/puppeth/wizard_ethstats.go
@@ -60,6 +60,22 @@ func (w *wizard) deployEthstats() {
 		fmt.Printf("What should be the secret password for the API? (default = %s)\n", infos.secret)
 		infos.secret = w.readDefaultString(infos.secret)
 	}
+	// Gather any blacklists to ban from reporting
+	fmt.Println()
+	fmt.Printf("Keep existing IP %v blacklist (y/n)? (default = yes)\n", infos.banned)
+	if w.readDefaultString("y") != "y" {
+		infos.banned = nil
+
+		fmt.Println()
+		fmt.Println("Which IP addresses should be blacklisted?")
+		for {
+			if ip := w.readIPAddress(); ip != nil {
+				infos.banned = append(infos.banned, ip.String())
+				continue
+			}
+			break
+		}
+	}
 	// Try to deploy the ethstats server on the host
 	trusted := make([]string, 0, len(w.servers))
 	for _, client := range w.servers {
@@ -67,7 +83,7 @@ func (w *wizard) deployEthstats() {
 			trusted = append(trusted, client.address)
 		}
 	}
-	if out, err := deployEthstats(client, w.network, infos.port, infos.secret, infos.host, trusted); err != nil {
+	if out, err := deployEthstats(client, w.network, infos.port, infos.secret, infos.host, trusted, infos.banned); err != nil {
 		log.Error("Failed to deploy ethstats container", "err", err)
 		if len(out) > 0 {
 			fmt.Printf("%s\n", out)
diff --git a/cmd/puppeth/wizard_network.go b/cmd/puppeth/wizard_network.go
index 0455e1ef3..ff2ff74f5 100644
--- a/cmd/puppeth/wizard_network.go
+++ b/cmd/puppeth/wizard_network.go
@@ -71,22 +71,20 @@ func (w *wizard) makeServer() string {
 	fmt.Println()
 	fmt.Println("Please enter remote server's address:")
 
-	for {
-		// Read and fial the server to ensure docker is present
-		input := w.readString()
-
-		client, err := dial(input, nil)
-		if err != nil {
-			log.Error("Server not ready for puppeth", "err", err)
-			return ""
-		}
-		// All checks passed, start tracking the server
-		w.servers[input] = client
-		w.conf.Servers[input] = client.pubkey
-		w.conf.flush()
+	// Read and fial the server to ensure docker is present
+	input := w.readString()
 
-		return input
+	client, err := dial(input, nil)
+	if err != nil {
+		log.Error("Server not ready for puppeth", "err", err)
+		return ""
 	}
+	// All checks passed, start tracking the server
+	w.servers[input] = client
+	w.conf.Servers[input] = client.pubkey
+	w.conf.flush()
+
+	return input
 }
 
 // selectServer lists the user all the currnetly known servers to choose from,