From 6e9261f30687fd385c3185bc5f814fe789b47066 Mon Sep 17 00:00:00 2001 From: szaimen Date: Wed, 8 Dec 2021 18:12:56 +0100 Subject: [PATCH] allow to run this behind a reverse proxy Signed-off-by: szaimen --- Containers/apache/Caddyfile | 2 +- Containers/apache/Dockerfile | 2 +- Containers/apache/start.sh | 13 ++++++++++ Containers/domaincheck/lighttpd.conf | 2 +- Containers/domaincheck/start.sh | 4 ++++ Containers/mastercontainer/start.sh | 17 +++++++++++++ php/containers.json | 12 ++++++---- php/src/ContainerDefinitionFetcher.php | 6 +++++ php/src/Data/ConfigurationManager.php | 33 +++++++++++++++++++++++++- php/src/Docker/DockerActionManager.php | 2 ++ 10 files changed, 84 insertions(+), 9 deletions(-) diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile index aeeb1ba8..6862ba95 100644 --- a/Containers/apache/Caddyfile +++ b/Containers/apache/Caddyfile @@ -6,7 +6,7 @@ } } -https://{$NC_DOMAIN}:443 { +{$PROTOCOL}://{$NC_DOMAIN}:{$APACHE_PORT} { # Notify Push route /push/* { diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile index d33f236b..e72ca4d1 100644 --- a/Containers/apache/Dockerfile +++ b/Containers/apache/Dockerfile @@ -59,7 +59,7 @@ COPY start.sh /usr/bin/ COPY supervisord.conf / RUN chmod +x /usr/bin/start.sh; \ chmod +r /supervisord.conf; \ - chmod +r /Caddyfile; + chmod +w /Caddyfile; # Give root a random password RUN echo "root:$(openssl rand -base64 12)" | chpasswd diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh index 55b2ce2f..272efc68 100644 --- a/Containers/apache/start.sh +++ b/Containers/apache/start.sh @@ -23,6 +23,19 @@ while ! nc -z "$COLLABORA_HOST" 9980; do sleep 5 done +if [ -z "$APACHE_PORT" ]; then + export APACHE_PORT="443" +fi + +if [ "$APACHE_PORT" != '443' ]; then + export PROTOCOL="http" + export NC_DOMAIN="" + sed -i 's|auto_https.*|auto_https off|' /Caddyfile +else + export PROTOCOL="https" + sed -i 's|auto_https.*|auto_https disable_redirects|' /Caddyfile +fi + # Add caddy path mkdir -p /mnt/data/caddy/ diff --git a/Containers/domaincheck/lighttpd.conf b/Containers/domaincheck/lighttpd.conf index dff794ed..6580846d 100644 --- a/Containers/domaincheck/lighttpd.conf +++ b/Containers/domaincheck/lighttpd.conf @@ -1,6 +1,6 @@ server.document-root = "/var/www/domaincheck/" -server.port = 443 +server.port = env.APACHE_PORT server.username = "www-data" server.groupname = "www-data" diff --git a/Containers/domaincheck/start.sh b/Containers/domaincheck/start.sh index 3f652609..80744830 100644 --- a/Containers/domaincheck/start.sh +++ b/Containers/domaincheck/start.sh @@ -7,6 +7,10 @@ fi echo "$INSTANCE_ID" > /var/www/domaincheck/index.html +if [ -z "$APACHE_PORT" ]; then + export APACHE_PORT="443" +fi + # Check config file lighttpd -tt -f /etc/lighttpd/lighttpd.conf diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index ff124334..77587767 100755 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -6,6 +6,14 @@ print_green() { printf "%b%s%b\n" "\e[0;92m" "$TEXT" "\e[0m" } +# Function to check if number was provided +check_if_number() { +case "${1}" in + ''|*[!0-9]*) return 1 ;; + *) return 0 ;; +esac +} + # Check if socket is available and readable if ! [ -a "/var/run/docker.sock" ]; then echo "Docker socket is not available. Cannot continue." @@ -68,6 +76,15 @@ The string must be equal to/start with '/mnt/' or '/media/' or be equal to '/var exit 1 fi fi +if [ -n "$APACHE_PORT" ]; then + if ! check_if_number "$APACHE_PORT"; then + echo "You provided an Apache port but did not only use numbers" + exit 1 + elif ! [ "$APACHE_PORT" -le 65535 ] || ! [ "$APACHE_PORT" -ge 1 ]; then + echo "The provided Apache port is invalid. It must be between 1 and 65535" + exit 1 + fi +fi # Add important folders mkdir -p /mnt/docker-aio-config/data/ diff --git a/php/containers.json b/php/containers.json index 93b18fdb..0dbd5cdd 100644 --- a/php/containers.json +++ b/php/containers.json @@ -10,17 +10,18 @@ "displayName": "Apache", "containerName": "nextcloud/aio-apache", "ports": [ - "443/tcp" + "%APACHE_PORT%/tcp" ], "internalPorts": [ - "443" + "%APACHE_PORT%" ], "secrets": [], "environmentVariables": [ "NC_DOMAIN=%NC_DOMAIN%", "NEXTCLOUD_HOST=nextcloud-aio-nextcloud", "COLLABORA_HOST=nextcloud-aio-collabora", - "TALK_HOST=nextcloud-aio-talk" + "TALK_HOST=nextcloud-aio-talk", + "APACHE_PORT=%APACHE_PORT%" ], "volumes": [ { @@ -276,11 +277,12 @@ "displayName": "Domaincheck", "containerName": "nextcloud/aio-domaincheck", "ports": [ - "443/tcp" + "%APACHE_PORT%/tcp" ], "internalPorts": [], "environmentVariables": [ - "INSTANCE_ID=%INSTANCE_ID%" + "INSTANCE_ID=%INSTANCE_ID%", + "APACHE_PORT=%APACHE_PORT%" ], "volumes": [], "secrets": [ diff --git a/php/src/ContainerDefinitionFetcher.php b/php/src/ContainerDefinitionFetcher.php index bed2b8c0..ddb8d280 100644 --- a/php/src/ContainerDefinitionFetcher.php +++ b/php/src/ContainerDefinitionFetcher.php @@ -51,11 +51,17 @@ class ContainerDefinitionFetcher foreach ($data['production'] as $entry) { $ports = new ContainerPorts(); foreach ($entry['ports'] as $port) { + if($port === '%APACHE_PORT%/tcp') { + $port = $this->configurationManager->GetApachePort() . '/tcp'; + } $ports->AddPort($port); } $internalPorts = new ContainerInternalPorts(); foreach ($entry['internalPorts'] as $internalPort) { + if($internalPort === '%APACHE_PORT%') { + $internalPort = $this->configurationManager->GetApachePort(); + } $internalPorts->AddInternalPort($internalPort); } diff --git a/php/src/Data/ConfigurationManager.php b/php/src/Data/ConfigurationManager.php index bfe5672a..c43956fc 100644 --- a/php/src/Data/ConfigurationManager.php +++ b/php/src/Data/ConfigurationManager.php @@ -148,8 +148,16 @@ class ConfigurationManager // Get Instance ID $instanceID = $this->GetSecret('INSTANCE_ID'); + // set protocol + $port = $this->GetApachePort(); + if ($port !== '443') { + $protocol = 'https://'; + } else { + $protocol = 'http://'; + } + $ch = curl_init(); - curl_setopt($ch, CURLOPT_URL,'http://' . $domain . ':443'); + curl_setopt($ch, CURLOPT_URL, $protocol . $domain . ':443'); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); $response = (string)curl_exec($ch); # Get rid of trailing \n @@ -232,6 +240,29 @@ class ConfigurationManager $this->WriteConfig($config); } + public function GetApachePort() : string { + $port = getenv('APACHE_PORT'); + if ($port === false) { + $config = $this->GetConfig(); + if (!isset($config['apache_port']) || $config['apache_port'] === '') { + $config['apache_port'] = '443'; + } + return $config['apache_port']; + } else { + if(file_exists(DataConst::GetConfigFile())) { + $config = $this->GetConfig(); + if (!isset($config['apache_port'])) { + $config['apache_port'] = ''; + } + if ($port !== $config['apache_port']) { + $config['apache_port'] = $port; + $this->WriteConfig($config); + } + } + return $port; + } + } + /** * @throws InvalidSettingConfigurationException */ diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index 349d99dd..88bb3093 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -214,6 +214,8 @@ class DockerActionManager $replacements[1] = $this->configurationManager->GetAIOURL(); } elseif ($out[1] === 'SELECTED_RESTORE_TIME') { $replacements[1] = $this->configurationManager->GetSelectedRestoreTime(); + } elseif ($out[1] === 'APACHE_PORT') { + $replacements[1] = $this->configurationManager->GetApachePort(); } else { $replacements[1] = $this->configurationManager->GetSecret($out[1]); }