eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-20 06:26:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

allow to skip the domain verification and add documentation for cloudflare argo tunnel

Browse source 
Signed-off-by: szaimen <szaimen@e.mail.de>
This commit is contained in:
szaimen 2022-06-30 14:34:36 +02:00
parent 758a721d84
commit 7f245bd048
6 changed files with 89 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

1
php/public/index.php
View file

@ -97,6 +97,7 @@ $app->get('/containers', function ($request, $response, $args) use ($container)
'daily_backup_time' => $configurationManager->GetDailyBackupTime(),
'is_daily_backup_running' => $configurationManager->isDailyBackupRunning(),
'timezone' => $configurationManager->GetTimezone(),
'skip_domain_validation' => $configurationManager->shouldDomainValidationBeSkipped(),
]);
})->setName('profile');
$app->get('/login', function ($request, $response, $args) use ($container) {

112
php/src/Data/ConfigurationManager.php
View file

@ -198,67 +198,71 @@ class ConfigurationManager
throw new InvalidSettingConfigurationException("Please enter a domain and not an IP-address!");
}
$dnsRecordIP = gethostbyname($domain);
if ($dnsRecordIP === $domain) {
$dnsRecordIP = '';
}
// Skip domain validation if opted in to do so
if ($this->shouldDomainValidationBeSkipped()) {
if (empty($dnsRecordIP)) {
$record = dns_get_record($domain, DNS_AAAA);
if (!empty($record)) {
$dnsRecordIP = $record[0]['ipv6'];
$dnsRecordIP = gethostbyname($domain);
if ($dnsRecordIP === $domain) {
$dnsRecordIP = '';
}
}
// Validate IP
if(!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
throw new InvalidSettingConfigurationException("DNS config is not set for this domain or the domain is not a valid domain! (It was found to be set to '" . $dnsRecordIP . "')");
}
if (empty($dnsRecordIP)) {
$record = dns_get_record($domain, DNS_AAAA);
if (!empty($record)) {
$dnsRecordIP = $record[0]['ipv6'];
}
}
// Get the apache port
$port = $this->GetApachePort();
// Validate IP
if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP)) {
throw new InvalidSettingConfigurationException("DNS config is not set for this domain or the domain is not a valid domain! (It was found to be set to '" . $dnsRecordIP . "')");
}
if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$errorMessage = "It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')";
if ($port === '443') {
throw new InvalidSettingConfigurationException($errorMessage);
// Get the apache port
$port = $this->GetApachePort();
if (!filter_var($dnsRecordIP, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE)) {
$errorMessage = "It seems like the ip-address is set to an internal or reserved ip-address. This is not supported. (It was found to be set to '" . $dnsRecordIP . "')";
if ($port === '443') {
throw new InvalidSettingConfigurationException($errorMessage);
} else {
error_log($errorMessage);
}
}
// Check if port 443 is open
$connection = @fsockopen($domain, 443, $errno, $errstr, 10);
if ($connection) {
fclose($connection);
} else {
error_log($errorMessage);
throw new InvalidSettingConfigurationException("The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port.");
}
}
// Check if port 443 is open
$connection = @fsockopen($domain, 443, $errno, $errstr, 10);
if ($connection) {
fclose($connection);
} else {
throw new InvalidSettingConfigurationException("The server is not reachable on Port 443. You can verify this e.g. with 'https://portchecker.co/' by entering your domain there as ip-address and port 443 as port.");
}
// Get Instance ID
$instanceID = $this->GetSecret('INSTANCE_ID');
// Get Instance ID
$instanceID = $this->GetSecret('INSTANCE_ID');
// set protocol
if ($port !== '443') {
$protocol = 'https://';
} else {
$protocol = 'http://';
}
// set protocol
if ($port !== '443') {
$protocol = 'https://';
} else {
$protocol = 'http://';
}
// Check if response is correct
$ch = curl_init();
$testUrl = $protocol . $domain . ':443';
curl_setopt($ch, CURLOPT_URL, $testUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = (string)curl_exec($ch);
# Get rid of trailing \n
$response = str_replace("\n", "", $response);
// Check if response is correct
$ch = curl_init();
$testUrl = $protocol . $domain . ':443';
curl_setopt($ch, CURLOPT_URL, $testUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = (string)curl_exec($ch);
# Get rid of trailing \n
$response = str_replace("\n", "", $response);
if ($response !== $instanceID) {
error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
error_log('Expected was: ' . $instanceID);
error_log('The error message was: ' . curl_error($ch));
throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
if ($response !== $instanceID) {
error_log('The response of the connection attempt to "' . $testUrl . '" was: ' . $response);
error_log('Expected was: ' . $instanceID);
error_log('The error message was: ' . curl_error($ch));
throw new InvalidSettingConfigurationException("Domain does not point to this server or the reverse proxy is not configured correctly. See the mastercontainer logs for more details. ('sudo docker logs -f nextcloud-aio-mastercontainer')");
}
}
// Write domain
@ -549,4 +553,12 @@ class ConfigurationManager
$config['timezone'] = '';
$this->WriteConfig($config);
}
public function shouldDomainValidationBeSkipped() : bool {
$envVariableOutput = getenv('SKIP_DOMAIN_VALIDATION');
if ($envVariableOutput !== false) {
return true;
}
return false;
}
}

9
php/templates/containers.twig
View file

@ -79,14 +79,19 @@
Nextcloud AIO stands for Nextcloud All In One and provides easy deployment and maintenance with most features included in this one Nextcloud instance.<br><br>
<h2>New AIO instance</h2>
Please type in the domain that will be used for Nextcloud if you want to create a new instance:<br><br />
{% if skip_domain_validation == true %}
<b>Please Note:</b> The domain validation is disabled so any domain will be accepted here! So make sure that you do not make a typo here as you will not be able to change it afterwards!<br><br>
{% endif %}
<form method="POST" action="/api/configuration" class="xhr">
<input type="text" name="domain" value="{{ domain }}" placeholder="nextcloud.yourdomain.com"/>
<input type="hidden" name="{{csrf.keys.name}}" value="{{csrf.name}}">
<input type="hidden" name="{{csrf.keys.value}}" value="{{csrf.value}}">
<input class="button" type="submit" value="Submit" />
</form>
Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. <br /><br/>
{% if skip_domain_validation == false %}
Make sure that this server is reachable on Port 443 and you've correctly set up the DNS config for the domain that you enter. <br><br>
If you have a dynamic IP-address, you can use e.g. <a href="https://ddclient.net/">DDclient</a> with a compatible domain provider for DNS updates. <br /><br/>
{% endif %}
<h2>Restore former AIO instance from backup</h2>
You can alternatively restore a former AIO instance from backup.<br><br>