mirror of
https://github.com/nextcloud/all-in-one.git
synced 2024-09-21 07:16:09 +08:00
Merge pull request #3318 from nextcloud/enh/noid/limit-nextcloud-to-few
This commit is contained in:
commit
a823e1d3ce
|
@ -190,6 +190,7 @@ RUN set -ex; \
|
|||
sudo \
|
||||
grep \
|
||||
nodejs \
|
||||
bind-tools \
|
||||
coreutils; \
|
||||
\
|
||||
grep -q '^pm = dynamic' /usr/local/etc/php-fpm.d/www.conf; \
|
||||
|
|
|
@ -524,11 +524,8 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
|
|||
# Fix https://github.com/nextcloud/all-in-one/issues/188:
|
||||
php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
|
||||
# Make collabora more save
|
||||
COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
|
||||
COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
|
||||
# shellcheck disable=SC2016
|
||||
COLLABORA_IPv6_ADDRESS+='if (!empty($record)) {echo $record[0]["ipv6"];}'
|
||||
COLLABORA_IPv6_ADDRESS="$(echo "$COLLABORA_IPv6_ADDRESS" | php | head -1)"
|
||||
COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short | grep '^[0-9.]\+$' | sort | head -n1)"
|
||||
COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
|
||||
COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
|
||||
if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
|
||||
if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then
|
||||
|
|
|
@ -25,6 +25,23 @@ if [ -f "/var/www/html/config/config.php" ]; then
|
|||
fi
|
||||
fi
|
||||
|
||||
set -x
|
||||
IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short | grep '^[0-9.]\+$' | sort | head -n1)"
|
||||
IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
|
||||
IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short | grep '^[0-9.]\+$' | sort | head -n1)"
|
||||
IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
|
||||
IPv4_ADDRESS_NOTIFY_PUSH="$(dig nextcloud-aio-notify-push A +short | grep '^[0-9.]\+$' | sort | head -n1)"
|
||||
IPv6_ADDRESS_NOTIFY_PUSH="$(dig nextcloud-aio-notify-push AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
|
||||
IPv4_ADDRESS_DSP="$(dig nextcloud-aio-docker-socket-proxy A +short | grep '^[0-9.]\+$' | sort | head -n1)"
|
||||
IPv6_ADDRESS_DSP="$(dig nextcloud-aio-docker-socket-proxy AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
|
||||
set +x
|
||||
|
||||
sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf
|
||||
sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER,$IPv4_ADDRESS_NOTIFY_PUSH,$IPv6_ADDRESS_NOTIFY_PUSH,$IPv4_ADDRESS_DSP,$IPv6_ADDRESS_DSP|" /usr/local/etc/php-fpm.d/www.conf
|
||||
sed -i "listen.allowed_clients/s/,,/,/" /usr/local/etc/php-fpm.d/www.conf
|
||||
sed -i "listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf
|
||||
grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf
|
||||
|
||||
# Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR
|
||||
if [ -n "$TRUSTED_CACERTS_DIR" ]; then
|
||||
echo "User required to trust additional CA certificates, running 'update-ca-certificates.'"
|
||||
|
|
Loading…
Reference in a new issue