From 0bf4538fb92890318ea789012bd73fcc951a5dba Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Fri, 6 May 2022 20:24:12 +0200
Subject: [PATCH] don't allow access from nextcloud-aio-nextcloud

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index f67f2353..2d7f62de 100755
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -135,14 +135,19 @@ chown www-data:www-data -R /mnt/docker-aio-config/session/
 chown www-data:www-data -R /mnt/docker-aio-config/caddy/
 chown root:root -R /mnt/docker-aio-config/certs/
 
-# Don't allow access to the AIO interface directly from the Nextcloud container
+# Don't allow access to the AIO interface from the Nextcloud container
 # Probably more cosmetic than anything but at least an attempt
 if ! grep -q '# nextcloud-aio-block' /etc/apache2/apache2.conf; then
+    if ! NETWORK_GATEWAY="$(docker inspect nextcloud-aio-mastercontainer --format "{{.NetworkSettings.Gateway}}")" || [ -z "$NETWORK_GATEWAY" ]; then
+        echo "Could not get the gateway of the mastercontainer. Cannot continue."
+        exit 1
+    fi
     cat << APACHE_CONF >> /etc/apache2/apache2.conf
 # nextcloud-aio-block-start
 <Location />
 order allow,deny
 deny from nextcloud-aio-nextcloud.nextcloud-aio
+deny from $NETWORK_GATEWAY
 allow from all
 </Location>
 # nextcloud-aio-block-end