StopLiga keeps a UniFi policy-based route named StopLiga in sync with the status and IP list published by r4y7s/laliga-ip-list.
Edit
UNIFI_HOSTandUNIFI_API_KEY, start the container, and StopLiga takes care of the route automatically.
This repo is meant to run with Docker.
- Creates the UniFi policy route automatically if it does not exist
- Reuses and updates the route if it already exists
- Picks the first available UniFi network whose purpose is
vpn-client - Applies the route to
ALL_CLIENTSwhen UniFi allows it - Enables or disables the route based on the published blocking status
- Syncs every 5 minutes by default
StopLiga uses the public destinations published by r4y7s/laliga-ip-list. It does not discover those IPs by itself.
You need:
- a UniFi gateway/controller reachable from the container
- a local UniFi Network API key
- at least one UniFi VPN Client network already configured in UniFi
StopLiga does not create the VPN tunnel itself. It creates and manages the UniFi policy route that uses that tunnel.
- Copy the example environment file.
- Edit only
UNIFI_HOSTandUNIFI_API_KEY. - Start the container.
- Follow the logs.
cp .env.example .env
docker compose pull
docker compose up -d
docker compose logs -fYour .env can stay as simple as this:
UNIFI_HOST=10.0.1.1
UNIFI_API_KEY=replace-me
UNIFI_SITE=default
UNIFI_VERIFY_TLS=false
STOPLIGA_RUN_MODE=loop
STOPLIGA_SYNC_INTERVAL_SECONDS=300
STOPLIGA_ROUTE_NAME=StopLiga
STOPLIGA_MAX_RESPONSE_BYTES=2097152| Variable | What it is for |
|---|---|
UNIFI_HOST |
IP or hostname of your UniFi router or controller |
UNIFI_API_KEY |
Local UniFi Network API key that StopLiga uses to connect |
UNIFI_SITE |
UniFi site to use. default is the normal value for most setups |
UNIFI_VERIFY_TLS |
Whether StopLiga should verify the UniFi HTTPS certificate. false is common on home setups with self-signed certs |
STOPLIGA_RUN_MODE |
loop keeps the container running and syncing continuously |
STOPLIGA_SYNC_INTERVAL_SECONDS |
How often StopLiga checks the feed and updates UniFi. 300 means every 5 minutes |
STOPLIGA_ROUTE_NAME |
UniFi route name that StopLiga will create or manage automatically |
STOPLIGA_MAX_RESPONSE_BYTES |
Safety limit for downloaded responses. Leave the default unless you have a specific reason to change it |
For the API key, open UniFi Network and go to Settings > Control Plane > Integrations, then create or copy a local Network API key and paste it into UNIFI_API_KEY in .env.
Official reference: Getting Started with the Official UniFi API
Once the container starts:
- StopLiga downloads the current blocking status.
- StopLiga downloads the current IP/CIDR list.
- StopLiga looks for the UniFi route named by
STOPLIGA_ROUTE_NAME. - If the route does not exist, StopLiga creates it automatically.
- StopLiga compares the published destinations against the UniFi route.
- StopLiga enables or disables the route to match the published blocking status.
- StopLiga updates the destination list if it changed.
Normal automatic behavior:
- if the route already exists, StopLiga updates it
- if the route does not exist, StopLiga creates it
- it uses the first available UniFi
vpn-clientnetwork - it applies the route to
ALL_CLIENTSwhen UniFi accepts that target
Fallback behavior:
- if UniFi rejects
ALL_CLIENTS, StopLiga retries with one detected client device - that degraded route stays disabled until you review it
StopLiga can create the policy route automatically, but UniFi must already have at least one VPN Client network.
- StopLiga looks for UniFi networks whose purpose is
vpn-client. - If one exists, StopLiga picks the first available one automatically.
- If no
vpn-clientnetwork exists, StopLiga stops and logs a clear error with a link to this section. - After you create a VPN Client network in UniFi, restart the container.
These are the same values that appear in .env.example.
For most users, leave everything except UNIFI_HOST and UNIFI_API_KEY unchanged.
UNIFI_HOST=10.0.1.1
UNIFI_API_KEY=replace-me
UNIFI_SITE=default
UNIFI_VERIFY_TLS=false
STOPLIGA_RUN_MODE=loop
STOPLIGA_SYNC_INTERVAL_SECONDS=300
STOPLIGA_ROUTE_NAME=StopLiga
STOPLIGA_MAX_RESPONSE_BYTES=2097152# STOPLIGA_GOTIFY_URL=https://gotify.example.com
# STOPLIGA_GOTIFY_TOKEN=replace-me
# STOPLIGA_GOTIFY_PRIORITY=5
# STOPLIGA_GOTIFY_ALLOW_PLAIN_HTTP=false
# STOPLIGA_GOTIFY_VERIFY_TLS=true
# STOPLIGA_TELEGRAM_BOT_TOKEN=123456:replace-me
# STOPLIGA_TELEGRAM_CHAT_ID=123456789
# STOPLIGA_TELEGRAM_GROUP_ID=-1001234567890
# STOPLIGA_TELEGRAM_TOPIC_ID=42Telegram options:
STOPLIGA_TELEGRAM_CHAT_ID: send to a private chat or to any chat id you already use todaySTOPLIGA_TELEGRAM_GROUP_ID: explicit target for a Telegram group or supergroupSTOPLIGA_TELEGRAM_TOPIC_ID: optional forum topic id inside that Telegram group- set either
STOPLIGA_TELEGRAM_CHAT_IDorSTOPLIGA_TELEGRAM_GROUP_ID, not both - if
STOPLIGA_TELEGRAM_TOPIC_IDis set, StopLiga sends the message with Telegrammessage_thread_id
With STOPLIGA_SYNC_INTERVAL_SECONDS=300, StopLiga runs a full sync every 5 minutes:
- download the current blocking status
- download the current IP/CIDR list
- compare that feed against the UniFi route
- enable or disable the route
- update the destination IP list if it changed
The repo includes a working docker-compose.yml:
services:
stopliga:
image: ghcr.io/jcastro/stopliga:latest
container_name: stopliga
restart: unless-stopped
env_file:
- .env
volumes:
- ./data:/data
healthcheck:
disable: trueUseful commands:
docker compose up -d
docker compose logs -f
docker compose pull && docker compose up -dIf you do not want Compose:
docker run -d \
--name stopliga \
--restart unless-stopped \
--env-file .env \
-v "$(pwd)/data:/data" \
ghcr.io/jcastro/stopliga:latest- Data source:
r4y7s/laliga-ip-list - Thanks to the maintainers of that repository for publishing and keeping the feed updated
