eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-20 14:36:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

don't allow access from nextcloud-aio-nextcloud

Browse source 
Signed-off-by: szaimen <szaimen@e.mail.de>
This commit is contained in:
szaimen 2022-05-06 20:24:12 +02:00
parent 0b0d872c05
commit 0bf4538fb9
1 changed files with 6 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Containers/mastercontainer/start.sh
View file

@ -135,14 +135,19 @@ chown www-data:www-data -R /mnt/docker-aio-config/session/
chown www-data:www-data -R /mnt/docker-aio-config/caddy/ chown www-data:www-data -R /mnt/docker-aio-config/caddy/
chown root:root -R /mnt/docker-aio-config/certs/ chown root:root -R /mnt/docker-aio-config/certs/
# Don't allow access to the AIO interface directly from the Nextcloud container # Don't allow access to the AIO interface from the Nextcloud container
# Probably more cosmetic than anything but at least an attempt # Probably more cosmetic than anything but at least an attempt
if ! grep -q '# nextcloud-aio-block' /etc/apache2/apache2.conf; then if ! grep -q '# nextcloud-aio-block' /etc/apache2/apache2.conf; then
if ! NETWORK_GATEWAY="$(docker inspect nextcloud-aio-mastercontainer --format "{{.NetworkSettings.Gateway}}")" || [ -z "$NETWORK_GATEWAY" ]; then
echo "Could not get the gateway of the mastercontainer. Cannot continue."
exit 1
fi
cat << APACHE_CONF >> /etc/apache2/apache2.conf cat << APACHE_CONF >> /etc/apache2/apache2.conf
# nextcloud-aio-block-start # nextcloud-aio-block-start
<Location /> <Location />
order allow,deny order allow,deny
deny from nextcloud-aio-nextcloud.nextcloud-aio deny from nextcloud-aio-nextcloud.nextcloud-aio
deny from $NETWORK_GATEWAY
allow from all allow from all
</Location> </Location>
# nextcloud-aio-block-end # nextcloud-aio-block-end