nextcloud/all-in-one
1
1
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-10-04 20:46:50 +08:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3416 from nextcloud/enh/noid/use-caddy-for-self-signed-cert

Browse source 
mastercontainer - use Caddy for generating self-singed cert
This commit is contained in:
Simon L 2023-09-29 18:16:34 +02:00 committed by GitHub
commit b0c859a080
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 13 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
Containers/mastercontainer/Caddyfile
View file

@ -24,6 +24,15 @@ http://:80 {
redir https://{host}{uri} redir https://{host}{uri}
} }
https://:8080 {
reverse_proxy localhost:8000 {
trusted_proxies private_ranges
}
tls internal {
on_demand
}
}
https://:8443 { https://:8443 {
reverse_proxy localhost:8000 reverse_proxy localhost:8000

15
Containers/mastercontainer/Dockerfile
View file

@ -23,6 +23,7 @@ RUN set -ex; \
usermod -u 333 -g 333 xfs; \ usermod -u 333 -g 333 xfs; \
groupmod -g 33 www-data; \ groupmod -g 33 www-data; \
usermod -u 33 -g 33 www-data; \ usermod -u 33 -g 33 www-data; \
apk del --no-cache shadow; \
\ \
apk add --no-cache \ apk add --no-cache \
util-linux-misc \ util-linux-misc \
@ -31,10 +32,9 @@ RUN set -ex; \
bash \ bash \
apache2 \ apache2 \
apache2-proxy \ apache2-proxy \
apache2-ssl \
supervisor \ supervisor \
openssl \
sudo \ sudo \
nss \
netcat-openbsd \ netcat-openbsd \
curl \ curl \
grep; \ grep; \
@ -65,6 +65,7 @@ RUN set -ex; \
chmod +x /usr/local/bin/composer; \ chmod +x /usr/local/bin/composer; \
cd /var/www/docker-aio; \ cd /var/www/docker-aio; \
git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \ git clone https://github.com/nextcloud-releases/all-in-one.git --depth 1 .; \
apk del --no-cache git; \
find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \ find ./ -maxdepth 1 -mindepth 1 -not -path ./php -not -path ./community-containers -exec rm -r {} \; ; \
chown www-data:www-data -R /var/www/docker-aio; \ chown www-data:www-data -R /var/www/docker-aio; \
cd php; \ cd php; \
@ -77,10 +78,6 @@ RUN set -ex; \
rm -r php/data; \ rm -r php/data; \
rm -r php/session; \ rm -r php/session; \
\ \
mkdir -p /etc/apache2/certs; \
cd /etc/apache2/certs; \
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout /etc/apache2/certs/ssl.key -out /etc/apache2/certs/ssl.crt; \
\
sed -i \ sed -i \
-e '/^Listen /d' \ -e '/^Listen /d' \
-e 's/^LogLevel .*/LogLevel error/' \ -e 's/^LogLevel .*/LogLevel error/' \
@ -99,13 +96,7 @@ RUN set -ex; \
-e 's/\(ScriptAlias \)/#\1/' \ -e 's/\(ScriptAlias \)/#\1/' \
/etc/apache2/httpd.conf; \ /etc/apache2/httpd.conf; \
mkdir -p /etc/apache2/logs; \ mkdir -p /etc/apache2/logs; \
rm /etc/apache2/conf.d/ssl.conf; \
echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \ echo "ServerName localhost" | tee -a /etc/apache2/httpd.conf; \
grep -q '^LoadModule lbmethod_heartbeat_module' /etc/apache2/conf.d/proxy.conf; \
sed -i 's|^LoadModule lbmethod_heartbeat_module.*|#LoadModule lbmethod_heartbeat_module|' /etc/apache2/conf.d/proxy.conf; \
echo "SSLSessionCache nonenotnull" | tee -a /etc/apache2/httpd.conf; \
echo "LoadModule ssl_module modules/mod_ssl.so" | tee -a /etc/apache2/httpd.conf; \
echo "LoadModule socache_shmcb_module modules/mod_socache_shmcb.so" | tee -a /etc/apache2/httpd.conf; \
echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \ echo "Include /etc/apache2/sites-available/mastercontainer.conf" | tee -a /etc/apache2/httpd.conf; \
\ \
rm -f /etc/apache2/conf.d/default.conf \ rm -f /etc/apache2/conf.d/default.conf \

13
Containers/mastercontainer/mastercontainer.conf
View file

@ -38,19 +38,6 @@ Listen 8080
</Directory> </Directory>
</VirtualHost> </VirtualHost>
# Https host
<VirtualHost *:8080>
# Proxy to https
ProxyPass / http://localhost:8000/
ProxyPassReverse / http://localhost:8000/
ProxyPreserveHost On
# SSL
SSLCertificateKeyFile /etc/apache2/certs/ssl.key
SSLCertificateFile /etc/apache2/certs/ssl.crt
SSLEngine on
SSLProtocol -all +TLSv1.2 +TLSv1.3
</VirtualHost>
# Increase timeout in case e.g. the initial download takes a long time # Increase timeout in case e.g. the initial download takes a long time
Timeout 7200 Timeout 7200
ProxyTimeout 7200 ProxyTimeout 7200

18
Containers/mastercontainer/start.sh
View file

@ -300,7 +300,6 @@ fi
mkdir -p /mnt/docker-aio-config/data/ mkdir -p /mnt/docker-aio-config/data/
mkdir -p /mnt/docker-aio-config/session/ mkdir -p /mnt/docker-aio-config/session/
mkdir -p /mnt/docker-aio-config/caddy/ mkdir -p /mnt/docker-aio-config/caddy/
mkdir -p /mnt/docker-aio-config/certs/
# Adjust permissions for all instances # Adjust permissions for all instances
chmod 770 -R /mnt/docker-aio-config chmod 770 -R /mnt/docker-aio-config
@ -308,7 +307,6 @@ chmod 777 /mnt/docker-aio-config
chown www-data:www-data -R /mnt/docker-aio-config/data/ chown www-data:www-data -R /mnt/docker-aio-config/data/
chown www-data:www-data -R /mnt/docker-aio-config/session/ chown www-data:www-data -R /mnt/docker-aio-config/session/
chown www-data:www-data -R /mnt/docker-aio-config/caddy/ chown www-data:www-data -R /mnt/docker-aio-config/caddy/
chown root:root -R /mnt/docker-aio-config/certs/
# Don't allow access to the AIO interface from the Nextcloud container # Don't allow access to the AIO interface from the Nextcloud container
# Probably more cosmetic than anything but at least an attempt # Probably more cosmetic than anything but at least an attempt
@ -324,22 +322,6 @@ allow from all
APACHE_CONF APACHE_CONF
fi fi
# Adjust certs
GENERATED_CERTS="/mnt/docker-aio-config/certs"
TMP_CERTS="/etc/apache2/certs"
mkdir -p "$GENERATED_CERTS"
cd "$GENERATED_CERTS" || exit 1
if ! [ -f ./ssl.crt ] && ! [ -f ./ssl.key ]; then
openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=DE/ST=BE/L=Local/O=Dev/CN=nextcloud.local" -keyout ./ssl.key -out ./ssl.crt
fi
if [ -f ./ssl.crt ] && [ -f ./ssl.key ]; then
cd "$TMP_CERTS" || exit 1
rm ./ssl.crt
rm ./ssl.key
cp "$GENERATED_CERTS/ssl.crt" ./
cp "$GENERATED_CERTS/ssl.key" ./
fi
print_green "Initial startup of Nextcloud All-in-One complete! print_green "Initial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server! You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080 E.g. https://internal.ip.of.this.server:8080