From a9f9885e655bf1b16b7c8d3a5131ef161065492e Mon Sep 17 00:00:00 2001 From: Dominic Giebert Date: Tue, 8 Oct 2024 16:19:59 +0200 Subject: [PATCH 1/3] Add FORWARDED_FOR_HEADERS to the reverse-proxy config (#2272) * Add FORWARDED_FOR_HEADERS to the reverse-proxy config Signed-off-by: Dominic Giebert * Add FORWARDED_FOR_HEADERS to documentation Signed-off-by: Dominic Giebert --------- Signed-off-by: Dominic Giebert --- .config/reverse-proxy.config.php | 5 +++++ README.md | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.config/reverse-proxy.config.php b/.config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/.config/reverse-proxy.config.php +++ b/.config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/README.md b/README.md index abe5b25b..d8f41dcb 100644 --- a/README.md +++ b/README.md @@ -261,7 +261,7 @@ To use the hooks triggered by the `entrypoint` script, either ``` -## Using the apache image behind a reverse proxy and auto configure server host and protocol +## Using the image behind a reverse proxy and auto configure server host and protocol The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`. @@ -276,6 +276,7 @@ If the `TRUSTED_PROXIES` approach does not work for you, try using fixed values - `OVERWRITECLIURL` (empty by default): Set the cli url of the proxy (e.g. https://mydnsname.example.com) - `OVERWRITEWEBROOT` (empty by default): Set the absolute path of the proxy. - `OVERWRITECONDADDR` (empty by default): Regex to overwrite the values dependent on the remote address. +- `FORWARDED_FOR_HEADERS` (empty by default): HTTP headers with the original client IP address Check the [Nexcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html) for more details. From 6c1075b88d7184b067ce7c685ed55d136f7f0635 Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Tue, 8 Oct 2024 14:20:13 +0000 Subject: [PATCH 2/3] Runs update.sh --- 28/apache/config/reverse-proxy.config.php | 5 +++++ 28/fpm-alpine/config/reverse-proxy.config.php | 5 +++++ 28/fpm/config/reverse-proxy.config.php | 5 +++++ 29/apache/config/reverse-proxy.config.php | 5 +++++ 29/fpm-alpine/config/reverse-proxy.config.php | 5 +++++ 29/fpm/config/reverse-proxy.config.php | 5 +++++ 30/apache/config/reverse-proxy.config.php | 5 +++++ 30/fpm-alpine/config/reverse-proxy.config.php | 5 +++++ 30/fpm/config/reverse-proxy.config.php | 5 +++++ 9 files changed, 45 insertions(+) diff --git a/28/apache/config/reverse-proxy.config.php b/28/apache/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/28/apache/config/reverse-proxy.config.php +++ b/28/apache/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/28/fpm-alpine/config/reverse-proxy.config.php b/28/fpm-alpine/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/28/fpm-alpine/config/reverse-proxy.config.php +++ b/28/fpm-alpine/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/28/fpm/config/reverse-proxy.config.php b/28/fpm/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/28/fpm/config/reverse-proxy.config.php +++ b/28/fpm/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/29/apache/config/reverse-proxy.config.php b/29/apache/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/29/apache/config/reverse-proxy.config.php +++ b/29/apache/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/29/fpm-alpine/config/reverse-proxy.config.php b/29/fpm-alpine/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/29/fpm-alpine/config/reverse-proxy.config.php +++ b/29/fpm-alpine/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/29/fpm/config/reverse-proxy.config.php b/29/fpm/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/29/fpm/config/reverse-proxy.config.php +++ b/29/fpm/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/30/apache/config/reverse-proxy.config.php b/30/apache/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/30/apache/config/reverse-proxy.config.php +++ b/30/apache/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/30/fpm-alpine/config/reverse-proxy.config.php b/30/fpm-alpine/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/30/fpm-alpine/config/reverse-proxy.config.php +++ b/30/fpm-alpine/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/30/fpm/config/reverse-proxy.config.php b/30/fpm/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/30/fpm/config/reverse-proxy.config.php +++ b/30/fpm/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} From 178f8b65d34f49f649aa729de148c24a4d79db84 Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Fri, 11 Oct 2024 00:32:21 +0000 Subject: [PATCH 3/3] Runs update.sh --- 28/apache/Dockerfile | 6 +++--- 28/fpm-alpine/Dockerfile | 6 +++--- 28/fpm/Dockerfile | 6 +++--- 29/apache/Dockerfile | 6 +++--- 29/fpm-alpine/Dockerfile | 6 +++--- 29/fpm/Dockerfile | 6 +++--- versions.json | 12 ++++++------ 7 files changed, 24 insertions(+), 24 deletions(-) diff --git a/28/apache/Dockerfile b/28/apache/Dockerfile index 5834feec..a9e4f152 100644 --- a/28/apache/Dockerfile +++ b/28/apache/Dockerfile @@ -140,7 +140,7 @@ RUN { \ } > /etc/apache2/conf-available/apache-limits.conf; \ a2enconf apache-limits -ENV NEXTCLOUD_VERSION 28.0.10 +ENV NEXTCLOUD_VERSION 28.0.11 RUN set -ex; \ fetchDeps=" \ @@ -150,8 +150,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/28/fpm-alpine/Dockerfile b/28/fpm-alpine/Dockerfile index a03b7cbb..5d0f0eb5 100644 --- a/28/fpm-alpine/Dockerfile +++ b/28/fpm-alpine/Dockerfile @@ -120,7 +120,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 28.0.10 +ENV NEXTCLOUD_VERSION 28.0.11 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ @@ -128,8 +128,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/28/fpm/Dockerfile b/28/fpm/Dockerfile index 00980561..b4531eee 100644 --- a/28/fpm/Dockerfile +++ b/28/fpm/Dockerfile @@ -125,7 +125,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 28.0.10 +ENV NEXTCLOUD_VERSION 28.0.11 RUN set -ex; \ fetchDeps=" \ @@ -135,8 +135,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/29/apache/Dockerfile b/29/apache/Dockerfile index 9cec1c9d..874348e8 100644 --- a/29/apache/Dockerfile +++ b/29/apache/Dockerfile @@ -140,7 +140,7 @@ RUN { \ } > /etc/apache2/conf-available/apache-limits.conf; \ a2enconf apache-limits -ENV NEXTCLOUD_VERSION 29.0.7 +ENV NEXTCLOUD_VERSION 29.0.8 RUN set -ex; \ fetchDeps=" \ @@ -150,8 +150,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/29/fpm-alpine/Dockerfile b/29/fpm-alpine/Dockerfile index 2469a6bb..bd0828e3 100644 --- a/29/fpm-alpine/Dockerfile +++ b/29/fpm-alpine/Dockerfile @@ -120,7 +120,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 29.0.7 +ENV NEXTCLOUD_VERSION 29.0.8 RUN set -ex; \ apk add --no-cache --virtual .fetch-deps \ @@ -128,8 +128,8 @@ RUN set -ex; \ gnupg \ ; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/29/fpm/Dockerfile b/29/fpm/Dockerfile index b5836693..1b216522 100644 --- a/29/fpm/Dockerfile +++ b/29/fpm/Dockerfile @@ -125,7 +125,7 @@ RUN { \ VOLUME /var/www/html -ENV NEXTCLOUD_VERSION 29.0.7 +ENV NEXTCLOUD_VERSION 29.0.8 RUN set -ex; \ fetchDeps=" \ @@ -135,8 +135,8 @@ RUN set -ex; \ apt-get update; \ apt-get install -y --no-install-recommends $fetchDeps; \ \ - curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2"; \ - curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc"; \ + curl -fsSL -o nextcloud.tar.bz2 "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2"; \ + curl -fsSL -o nextcloud.tar.bz2.asc "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc"; \ export GNUPGHOME="$(mktemp -d)"; \ # gpg key from https://nextcloud.com/nextcloud.asc gpg --batch --keyserver keyserver.ubuntu.com --recv-keys 28806A878AE423A28372792ED75899B9A724937A; \ diff --git a/versions.json b/versions.json index 5e2fbdcb..241dc1c1 100644 --- a/versions.json +++ b/versions.json @@ -27,9 +27,9 @@ }, "29": { "branch": "29", - "version": "29.0.7", - "url": "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2", - "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-29.0.7.tar.bz2.asc", + "version": "29.0.8", + "url": "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-29.0.8.tar.bz2.asc", "variants": { "apache": { "variant": "apache", @@ -53,9 +53,9 @@ }, "28": { "branch": "28", - "version": "28.0.10", - "url": "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2", - "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-28.0.10.tar.bz2.asc", + "version": "28.0.11", + "url": "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2", + "ascUrl": "https://download.nextcloud.com/server/releases/nextcloud-28.0.11.tar.bz2.asc", "variants": { "apache": { "variant": "apache",