nextcloud/all-in-one
1
1
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-09-15 19:16:35 +08:00
Code Issues Projects Releases Packages Wiki Activity

add on start generating caddyfile

Browse source 
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
This commit is contained in:
Jean-Yves 2024-07-14 19:53:07 +02:00
parent 0f45f7f03c
commit d8fe931c56
No known key found for this signature in database
GPG key ID: 644C8B9C4CABAEF7
6 changed files with 112 additions and 105 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
Containers/apache/Caddyfile
View file

@ -1,68 +0,0 @@
{
auto_https disable_redirects
storage file_system {
root /mnt/data/caddy
}
servers {
# trusted_proxies placeholder
}
log {
level ERROR
}
}
https://{$ADDITIONAL_TRUSTED_DOMAIN}:443,
{$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} {
header -Server
header -X-Powered-By
# Collabora
route /browser/* {
reverse_proxy {$COLLABORA_HOST}:9980
}
route /hosting/* {
reverse_proxy {$COLLABORA_HOST}:9980
}
route /cool/* {
reverse_proxy {$COLLABORA_HOST}:9980
}
# Notify Push
route /push/* {
uri strip_prefix /push
reverse_proxy {$NOTIFY_PUSH_HOST}:7867
}
# Onlyoffice
route /onlyoffice/* {
uri strip_prefix /onlyoffice
reverse_proxy {$ONLYOFFICE_HOST}:80 {
header_up X-Forwarded-Host {http.request.host}/onlyoffice
header_up X-Forwarded-Proto https
}
}
# Talk
route /standalone-signaling/* {
uri strip_prefix /standalone-signaling
reverse_proxy {$TALK_HOST}:8081
}
# Nextcloud
route {
header Strict-Transport-Security max-age=31536000;
reverse_proxy 127.0.0.1:8000
}
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
# TLS options
tls {
issuer acme {
disable_http_challenge
}
}
}

2
Containers/apache/Dockerfile
View file

@ -5,10 +5,10 @@ FROM httpd:2.4.61-alpine3.20
COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
COPY --chown=33:33 Caddyfile /Caddyfile
COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
COPY --chmod=664 supervisord.conf /supervisord.conf
COPY --chmod=775 start.sh /start.sh
COPY --chmod=775 caddyfile.sh /caddyfile.sh
COPY --chmod=775 healthcheck.sh /healthcheck.sh
VOLUME /mnt/data

100
Containers/apache/caddyfile.sh Executable file
View file

@ -0,0 +1,100 @@
#!/bin/bash
function loop {
readarray -t sorted < <(echo "$3" | tr "$2" '\n' | sort -r)
for i in "${sorted[@]}"; do
"template_loop_$1" "$i"
done
}
function template_nextcloud_route() {
cat << CADDY
route {
header Strict-Transport-Security max-age=31536000;
reverse_proxy localhost:8000
}
redir /.well-known/carddav /remote.php/dav/ 301
redir /.well-known/caldav /remote.php/dav/ 301
tls {
issuer acme {
disable_http_challenge
}
}
CADDY
}
function template_loop_route {
IFS=',' read -ra array <<< "$1"
ROUTE="${array[0]}"
URI_STRIP_PREFIX="${array[1]}"
TARGET="${array[2]}"
cat << CADDY
route $(test -z "$ROUTE" || echo "$ROUTE/* "){
$([ "$URI_STRIP_PREFIX" == "1" ] && echo "uri strip_prefix $ROUTE")
reverse_proxy $TARGET
}
CADDY
}
function template_loop_subdomain {
IFS='|' read -ra array <<< "$1"
SUBDOMAIN="${array[0]}"
ROUTES="${array[1]}"
cat << CADDY
$(echo "$TRUSTED_DOMAINS" | tr ',' '\n' | sed "s/.*/$PROTOCOL:\/\/$SUBDOMAIN&:$APACHE_PORT/" | sed '$ ! s/$/,/') {
header -Server
header -X-Powered-By
$(loop route ';' "$ROUTES")
$(test -z "$SUBDOMAIN" && template_nextcloud_route)
}
CADDY
}
function template_caddyfile {
if [ -z "$TRUSTED_DOMAINS" ]; then
IPv4_ADDRESS="private_ranges"
PROTOCOL="http"
else
IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1 | sed 's|[0-9]\+$|0/16|')"
PROTOCOL="https"
fi
cat << CADDY
{
auto_https $(test -z "$TRUSTED_DOMAINS" && echo "off" || echo "disable_redirects")
storage file_system {
root /mnt/data/caddy
}
servers {
trusted_proxies static $IPv4_ADDRESS
}
log {
level ERROR
}
}
$(loop subdomain '@' "$CADDY_ROUTES")
CADDY
}
template_caddyfile

42
Containers/apache/start.sh
View file

@ -17,46 +17,20 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
sleep 5
done
# Get ipv4-address of Apache
# shellcheck disable=SC2153
IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1)"
# Bring it in CIDR notation
# shellcheck disable=SC2001
IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')"
if [ -z "$APACHE_PORT" ]; then
export APACHE_PORT="443"
fi
# Change variables in case of reverse proxies
if [ "$APACHE_PORT" != '443' ]; then
export PROTOCOL="http"
export NC_DOMAIN=""
else
export PROTOCOL="https"
# Set trusted domains if not in reverse proxy mode
if [ "$APACHE_PORT" == '443' ]; then
if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
export TRUSTED_DOMAINS="$NC_DOMAIN"
else
export TRUSTED_DOMAINS="$ADDITIONAL_TRUSTED_DOMAIN,$NC_DOMAIN"
fi
fi
# Change the auto_https in case of reverse proxies
if [ "$APACHE_PORT" != '443' ]; then
CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)"
else
CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
fi
echo "$CADDYFILE" > /tmp/Caddyfile
# Change the trusted_proxies in case of reverse proxies
if [ "$APACHE_PORT" != '443' ]; then
CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
else
CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
fi
echo "$CADDYFILE" > /tmp/Caddyfile
# Remove additional domain if not given
if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
fi
echo "$CADDYFILE" > /tmp/Caddyfile
./caddyfile.sh > /tmp/Caddyfile
# Fix the Caddyfile format
caddy fmt --overwrite /tmp/Caddyfile

2
php/containers-schema.json
View file

@ -183,7 +183,7 @@
},
"sub_domain": {
"type": "string",
"pattern": "^[a-z-]*$"
"pattern": "^([a-z-]*\\.)*$"
},
"target": {
"type": "string",

3
php/containers.json
View file

@ -28,7 +28,8 @@
"internal_port": "%APACHE_PORT%",
"environment": [
"NC_DOMAIN=%NC_DOMAIN%",
"TALK_HOST=nextcloud-aio-talk",
"NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
"APACHE_HOST=nextcloud-aio-apache",
"APACHE_PORT=%APACHE_PORT%",
"TZ=%TIMEZONE%",
"APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",