aaron/nextcloud-docker
0
0
Fork 0
mirror of https://github.com/nextcloud/docker.git synced 2025-01-25 23:23:54 +01:00
Code Activity

Disable rewriteip for apache image (#1010)

Browse source 
* Disable rewrite ip for apache image

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

* Run update.sh

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
This commit is contained in:
kesselb 2020-04-06 22:44:58 +02:00 committed by GitHub
parent efe3caebdc
commit 63438ef792
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 178 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
.config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

11
16.0/apache/config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

6
16.0/apache/entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then

11
16.0/fpm-alpine/config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

6
16.0/fpm-alpine/entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then

11
16.0/fpm/config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

6
16.0/fpm/entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then

11
17.0/apache/config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

6
17.0/apache/entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then

11
17.0/fpm-alpine/config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

6
17.0/fpm-alpine/entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then

11
17.0/fpm/config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

6
17.0/fpm/entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then

11
18.0/apache/config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

6
18.0/apache/entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then

11
18.0/fpm-alpine/config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

6
18.0/fpm-alpine/entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then

11
18.0/fpm/config/reverse_proxy.config.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$trustedProxies = getenv('TRUSTED_PROXIES');
if ($trustedProxies) {
$trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
} else {
$trustedProxies = null;
}
$CONFIG['trusted_proxies'] = $trustedProxies;

6
18.0/fpm/entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then

8
README.md
View file

@ -158,6 +158,14 @@ To use an external SMTP server, you have to provide the connection details. To c
Check the [Nextcloud documentation](https://docs.nextcloud.com/server/15/admin_manual/configuration_server/email_configuration.html) for other values to configure SMTP.
## Using the apache image behind a reverse proxy and auto configure server host and protocol
The apache image will replace the remote addr (ip address visible to Nextcloud) with the ip address from `X-Real-IP` if the request is coming from a proxy in 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client ip (`HTTP_X_FORWARDED_FOR`) from a trusted proxy disable rewrite ip and the reverse proxies ip address to `TRUSTED_PROXIES`.
- `APACHE_DISABLE_REWRITE_IP` (not set by default): Set to 1 to disable rewrite ip.
- `TRUSTED_PROXIES` (empty by default): A space-separated list of trusted proxies. CIDR notation is supported for IPv4.
# Running this image with docker-compose
The easiest way to get a fully featured and functional setup is using a `docker-compose` file. There are too many different possibilities to setup your system, so here are only some examples of what you have to look for.

6
docker-entrypoint.sh
View file

@ -43,6 +43,12 @@ file_env() {
unset "$fileVar"
}
if expr "$1" : "apache" 1>/dev/null; then
if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
a2disconf remoteip
fi
fi
if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
if [ -n "${REDIS_HOST+x}" ]; then