eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-20 06:26:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Implement internal mode

Browse source 
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
This commit is contained in:
Jean-Yves 2024-06-29 19:23:26 +02:00
parent b37be48348
commit 571edd4bb4
No known key found for this signature in database
GPG key ID: 644C8B9C4CABAEF7
2 changed files with 9 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

10
php/src/Docker/DockerActionManager.php
View file

@ -137,7 +137,7 @@ class DockerActionManager
} elseif($internalPort === '%TALK_PORT%') {
$internalPort = $this->configurationManager->GetTalkPort();
}
if ($internalPort !== "" && $internalPort !== 'host') {
$connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.2);
if ($connection) {
@ -438,7 +438,7 @@ class DockerActionManager
$requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy();
$requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting();
$exposedPorts = [];
if ($container->GetInternalPort() !== 'host') {
foreach($container->GetPorts()->GetPorts() as $value) {
@ -478,6 +478,10 @@ class DockerActionManager
$ipBinding = $value->ipBinding;
if ($ipBinding === '%APACHE_IP_BINDING%') {
$ipBinding = $this->configurationManager->GetApacheIPBinding();
// Do not expose if AIO is in internal network mode
if ($ipBinding === '@INTERNAL') {
continue;
}
}
$portWithProtocol = $port . '/' . $protocol;
$requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [
@ -708,7 +712,7 @@ class DockerActionManager
if (!isset($imageOutput['RepoDigests'])) {
error_log('RepoDigests is not set of container ' . $containerName);
return null;
}
}
if (!is_array($imageOutput['RepoDigests'])) {
error_log('RepoDigests of ' . $containerName . ' is not an array which is not allowed!');

2
reverse-proxy.md
View file

@ -8,6 +8,8 @@ A [reverse proxy](https://en.wikipedia.org/wiki/Reverse_proxy) is basically a we
In order to run Nextcloud behind a web server or reverse proxy (like Apache, Nginx, Cloudflare Tunnel and else), you need to specify the port that AIO's Apache container shall use, add a specific config to your web server or reverse proxy and modify the startup command a bit. All examples below will use port `11000` as example `APACHE_PORT` which will be exposed on the host to receive unencrypted HTTP traffic from the reverse proxy. **Advice:** If you need https between Nextcloud and the reverse proxy because it is running on a different server in the same network, simply add another reverse proxy to the chain that runs on the same server like AIO and takes care of https proxying (most likely via self-signed cert). Another option is to create a VPN between the server that runs AIO and the server that runs the reverse proxy which takes care of encrypting the connection.
If you are using a reverse proxy attached to the `nextcloud-aio` virtual network (like the [caddy community container](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy)), you can set the `APACHE_IP_BINDING` to `@INTERNAL` to disable the exposure of the Apache container to the host network.
**Attention:** The process to run Nextcloud behind a reverse proxy consists of at least steps 1, 2 and 4:
1. **Configure the reverse proxy! See [point 1](#1-configure-the-reverse-proxy)**
1. **Use this startup command! See [point 2](#2-use-this-startup-command)**