nextcloud/all-in-one
1
1
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-11-09 13:42:55 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3515 from nextcloud/enh/3461/do-not-expose-udp

Browse source
This commit is contained in:
Simon L 2023-10-18 13:57:05 +02:00 committed by GitHub
commit 1daacdfa99
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
php/src/Docker/DockerActionManager.php
View file

@ -425,12 +425,17 @@ class DockerActionManager
if ($container->GetInternalPort() !== 'host') { if ($container->GetInternalPort() !== 'host') {
foreach($container->GetPorts()->GetPorts() as $value) { foreach($container->GetPorts()->GetPorts() as $value) {
$port = $value->port; $port = $value->port;
$protocol = $value->protocol;
if ($port === '%APACHE_PORT%') { if ($port === '%APACHE_PORT%') {
$port = $this->configurationManager->GetApachePort(); $port = $this->configurationManager->GetApachePort();
// Do not expose udp if AIO is in reverse proxy mode
if ($port !== '443' && $protocol === 'udp') {
continue;
}
} else if ($port === '%TALK_PORT%') { } else if ($port === '%TALK_PORT%') {
$port = $this->configurationManager->GetTalkPort(); $port = $this->configurationManager->GetTalkPort();
} }
$portWithProtocol = $port . '/' . $value->protocol; $portWithProtocol = $port . '/' . $protocol;
$exposedPorts[$portWithProtocol] = null; $exposedPorts[$portWithProtocol] = null;
} }
$requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio'; $requestBody['HostConfig']['NetworkMode'] = 'nextcloud-aio';
@ -442,8 +447,13 @@ class DockerActionManager
$requestBody['ExposedPorts'] = $exposedPorts; $requestBody['ExposedPorts'] = $exposedPorts;
foreach ($container->GetPorts()->GetPorts() as $value) { foreach ($container->GetPorts()->GetPorts() as $value) {
$port = $value->port; $port = $value->port;
$protocol = $value->protocol;
if ($port === '%APACHE_PORT%') { if ($port === '%APACHE_PORT%') {
$port = $this->configurationManager->GetApachePort(); $port = $this->configurationManager->GetApachePort();
// Do not expose udp if AIO is in reverse proxy mode
if ($port !== '443' && $protocol === 'udp') {
continue;
}
} else if ($port === '%TALK_PORT%') { } else if ($port === '%TALK_PORT%') {
$port = $this->configurationManager->GetTalkPort(); $port = $this->configurationManager->GetTalkPort();
} }
@ -451,7 +461,6 @@ class DockerActionManager
if ($ipBinding === '%APACHE_IP_BINDING%') { if ($ipBinding === '%APACHE_IP_BINDING%') {
$ipBinding = $this->configurationManager->GetApacheIPBinding(); $ipBinding = $this->configurationManager->GetApacheIPBinding();
} }
$protocol = $value->protocol;
$portWithProtocol = $port . '/' . $protocol; $portWithProtocol = $port . '/' . $protocol;
$requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [ $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
[ [