From 2d30be59edbc8107747a0536ab0e8514522e5a8e Mon Sep 17 00:00:00 2001 From: adripo <26493496+adripo@users.noreply.github.com> Date: Thu, 21 Mar 2024 05:16:50 +0100 Subject: [PATCH 1/4] fix: opcache configuration Signed-off-by: adripo <26493496+adripo@users.noreply.github.com> --- Dockerfile-alpine.template | 6 +++--- Dockerfile-debian.template | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 4553997a..9d6d8bd5 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -83,13 +83,13 @@ ENV PHP_MEMORY_LIMIT 512M ENV PHP_UPLOAD_LIMIT 512M RUN { \ echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=32'; \ + echo 'opcache.interned_strings_buffer=64'; \ echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ + echo 'opcache.memory_consumption=256'; \ echo 'opcache.save_comments=1'; \ echo 'opcache.revalidate_freq=60'; \ echo 'opcache.jit=1255'; \ - echo 'opcache.jit_buffer_size=128M'; \ + echo 'opcache.jit_buffer_size=8M'; \ } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ \ echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 8b66dd34..6e4452fa 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -95,13 +95,13 @@ RUN set -ex; \ # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache RUN { \ echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=32'; \ + echo 'opcache.interned_strings_buffer=64'; \ echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=128'; \ + echo 'opcache.memory_consumption=256'; \ echo 'opcache.save_comments=1'; \ echo 'opcache.revalidate_freq=60'; \ echo 'opcache.jit=1255'; \ - echo 'opcache.jit_buffer_size=128M'; \ + echo 'opcache.jit_buffer_size=8M'; \ } > "${PHP_INI_DIR}/conf.d/opcache-recommended.ini"; \ \ echo 'apc.enable_cli=1' >> "${PHP_INI_DIR}/conf.d/docker-php-ext-apcu.ini"; \ From e1ffc53e130858c7b9d00a534ca536e774331f33 Mon Sep 17 00:00:00 2001 From: adripo <26493496+adripo@users.noreply.github.com> Date: Wed, 3 Apr 2024 19:52:27 +0200 Subject: [PATCH 2/4] fix: revert opcache memory consumption and strings buffer Signed-off-by: adripo <26493496+adripo@users.noreply.github.com> --- Dockerfile-alpine.template | 4 ++-- Dockerfile-debian.template | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile-alpine.template b/Dockerfile-alpine.template index 9d6d8bd5..88d8144f 100644 --- a/Dockerfile-alpine.template +++ b/Dockerfile-alpine.template @@ -83,9 +83,9 @@ ENV PHP_MEMORY_LIMIT 512M ENV PHP_UPLOAD_LIMIT 512M RUN { \ echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=64'; \ + echo 'opcache.interned_strings_buffer=32'; \ echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=256'; \ + echo 'opcache.memory_consumption=128'; \ echo 'opcache.save_comments=1'; \ echo 'opcache.revalidate_freq=60'; \ echo 'opcache.jit=1255'; \ diff --git a/Dockerfile-debian.template b/Dockerfile-debian.template index 6e4452fa..744e9663 100644 --- a/Dockerfile-debian.template +++ b/Dockerfile-debian.template @@ -95,9 +95,9 @@ RUN set -ex; \ # see https://docs.nextcloud.com/server/latest/admin_manual/installation/server_tuning.html#enable-php-opcache RUN { \ echo 'opcache.enable=1'; \ - echo 'opcache.interned_strings_buffer=64'; \ + echo 'opcache.interned_strings_buffer=32'; \ echo 'opcache.max_accelerated_files=10000'; \ - echo 'opcache.memory_consumption=256'; \ + echo 'opcache.memory_consumption=128'; \ echo 'opcache.save_comments=1'; \ echo 'opcache.revalidate_freq=60'; \ echo 'opcache.jit=1255'; \ From a9f9885e655bf1b16b7c8d3a5131ef161065492e Mon Sep 17 00:00:00 2001 From: Dominic Giebert Date: Tue, 8 Oct 2024 16:19:59 +0200 Subject: [PATCH 3/4] Add FORWARDED_FOR_HEADERS to the reverse-proxy config (#2272) * Add FORWARDED_FOR_HEADERS to the reverse-proxy config Signed-off-by: Dominic Giebert * Add FORWARDED_FOR_HEADERS to documentation Signed-off-by: Dominic Giebert --------- Signed-off-by: Dominic Giebert --- .config/reverse-proxy.config.php | 5 +++++ README.md | 3 ++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.config/reverse-proxy.config.php b/.config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/.config/reverse-proxy.config.php +++ b/.config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/README.md b/README.md index abe5b25b..d8f41dcb 100644 --- a/README.md +++ b/README.md @@ -261,7 +261,7 @@ To use the hooks triggered by the `entrypoint` script, either ``` -## Using the apache image behind a reverse proxy and auto configure server host and protocol +## Using the image behind a reverse proxy and auto configure server host and protocol The apache image will replace the remote addr (IP address visible to Nextcloud) with the IP address from `X-Real-IP` if the request is coming from a proxy in `10.0.0.0/8`, `172.16.0.0/12` or `192.168.0.0/16` by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client IP (`HTTP_X_FORWARDED_FOR`) from a trusted proxy, then disable rewrite IP and add the reverse proxy's IP address to `TRUSTED_PROXIES`. @@ -276,6 +276,7 @@ If the `TRUSTED_PROXIES` approach does not work for you, try using fixed values - `OVERWRITECLIURL` (empty by default): Set the cli url of the proxy (e.g. https://mydnsname.example.com) - `OVERWRITEWEBROOT` (empty by default): Set the absolute path of the proxy. - `OVERWRITECONDADDR` (empty by default): Regex to overwrite the values dependent on the remote address. +- `FORWARDED_FOR_HEADERS` (empty by default): HTTP headers with the original client IP address Check the [Nexcloud documentation](https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/reverse_proxy_configuration.html) for more details. From 6c1075b88d7184b067ce7c685ed55d136f7f0635 Mon Sep 17 00:00:00 2001 From: GitHub Workflow Date: Tue, 8 Oct 2024 14:20:13 +0000 Subject: [PATCH 4/4] Runs update.sh --- 28/apache/config/reverse-proxy.config.php | 5 +++++ 28/fpm-alpine/config/reverse-proxy.config.php | 5 +++++ 28/fpm/config/reverse-proxy.config.php | 5 +++++ 29/apache/config/reverse-proxy.config.php | 5 +++++ 29/fpm-alpine/config/reverse-proxy.config.php | 5 +++++ 29/fpm/config/reverse-proxy.config.php | 5 +++++ 30/apache/config/reverse-proxy.config.php | 5 +++++ 30/fpm-alpine/config/reverse-proxy.config.php | 5 +++++ 30/fpm/config/reverse-proxy.config.php | 5 +++++ 9 files changed, 45 insertions(+) diff --git a/28/apache/config/reverse-proxy.config.php b/28/apache/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/28/apache/config/reverse-proxy.config.php +++ b/28/apache/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/28/fpm-alpine/config/reverse-proxy.config.php b/28/fpm-alpine/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/28/fpm-alpine/config/reverse-proxy.config.php +++ b/28/fpm-alpine/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/28/fpm/config/reverse-proxy.config.php b/28/fpm/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/28/fpm/config/reverse-proxy.config.php +++ b/28/fpm/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/29/apache/config/reverse-proxy.config.php b/29/apache/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/29/apache/config/reverse-proxy.config.php +++ b/29/apache/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/29/fpm-alpine/config/reverse-proxy.config.php b/29/fpm-alpine/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/29/fpm-alpine/config/reverse-proxy.config.php +++ b/29/fpm-alpine/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/29/fpm/config/reverse-proxy.config.php b/29/fpm/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/29/fpm/config/reverse-proxy.config.php +++ b/29/fpm/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/30/apache/config/reverse-proxy.config.php b/30/apache/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/30/apache/config/reverse-proxy.config.php +++ b/30/apache/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/30/fpm-alpine/config/reverse-proxy.config.php b/30/fpm-alpine/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/30/fpm-alpine/config/reverse-proxy.config.php +++ b/30/fpm-alpine/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +} diff --git a/30/fpm/config/reverse-proxy.config.php b/30/fpm/config/reverse-proxy.config.php index 7df0415e..30c660ff 100644 --- a/30/fpm/config/reverse-proxy.config.php +++ b/30/fpm/config/reverse-proxy.config.php @@ -28,3 +28,8 @@ $trustedProxies = getenv('TRUSTED_PROXIES'); if ($trustedProxies) { $CONFIG['trusted_proxies'] = array_filter(array_map('trim', explode(' ', $trustedProxies))); } + +$forwardedForHeaders = getenv('FORWARDED_FOR_HEADERS'); +if ($forwardedForHeaders) { + $CONFIG['forwarded_for_headers'] = array_filter(array_map('trim', explode(' ', $forwardedForHeaders))); +}