eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-20 06:26:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

address review

Browse source 
Signed-off-by: Simon L <szaimen@e.mail.de>
This commit is contained in:
Simon L 2023-08-30 15:13:08 +02:00
parent cac797114a
commit a56fbb6045
5 changed files with 25 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Containers/docker-socket-proxy/Dockerfile
View file

@ -1,10 +1,16 @@
FROM haproxy:2.8.2-alpine3.18 FROM haproxy:2.8.2-alpine3.18
USER root USER root
RUN apk add --no-cache ca-certificates tzdata bind-tools ENV NEXTCLOUD_HOST nextcloud-aio-nextcloud
RUN set -ex; \
apk add --no-cache \
ca-certificates \
tzdata \
bind-tools; \
chmod -R 777 /tmp
COPY --chmod=775 start.sh /start.sh COPY --chmod=775 *.sh /
COPY --chmod=664 haproxy.cfg /conf/haproxy.cfg COPY --chmod=664 haproxy.cfg /haproxy.cfg
ENTRYPOINT ["/start.sh"] ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD [ "$(wget http://127.0.0.1:2375/v1.41/_ping -qO -)" = "OK" ] || exit 1 HEALTHCHECK CMD /healthcheck.sh

3
Containers/docker-socket-proxy/haproxy.cfg
View file

@ -1,3 +1,5 @@
# Inspiration: https://github.com/Tecnativa/docker-socket-proxy/blob/master/haproxy.cfg
defaults defaults
timeout connect 10s timeout connect 10s
timeout client 10s timeout client 10s
@ -8,7 +10,6 @@ frontend http
bind :2375 bind :2375
http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER } http-request deny unless { src 127.0.0.1 } || { src ::1 } || { src NC_IPV4_PLACEHOLDER } || { src NC_IPV6_PLACEHOLDER }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((start)|(stop)|(restart)|(kill)) } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers/[a-zA-Z0-9_.-]+/((start)|(stop)|(restart)|(kill)) }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/auth }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/containers }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/images }
http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info } http-request allow if { path,url_dec -m reg -i ^(/v[\d\.]+)?/info }

6
Containers/docker-socket-proxy/healthcheck.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/bash
nc -z "$NEXTCLOUD_HOST" 9000 || exit 0
if [ "$(wget http://127.0.0.1:2375/v1.41/_ping -qO -)" != "OK" ]; then
exit 1
fi

11
Containers/docker-socket-proxy/start.sh
View file

@ -8,12 +8,13 @@ done
set -x set -x
IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short | grep '^[0-9.]\+$' | sort | head -n1)" IPv4_ADDRESS_NC="$(dig nextcloud-aio-nextcloud IN A +short | grep '^[0-9.]\+$' | sort | head -n1)"
sed -i "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|g" HAPROXYFILE="$(sed "s|NC_IPV4_PLACEHOLDER|$IPv4_ADDRESS_NC|" /haproxy.cfg)"
sed -i "s# || { src NC_IPV4_PLACEHOLDER }##g" /conf/haproxy.cfg echo "$HAPROXYFILE" > /tmp/haproxy.cfg
IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)" IPv6_ADDRESS_NC="$(dig nextcloud-aio-nextcloud AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
sed -i "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|g" HAPROXYFILE="$(sed "s# || { src NC_IPV6_PLACEHOLDER }##g" /tmp/haproxy.cfg)"
sed -i "s# || { src NC_IPV6_PLACEHOLDER }##g" /conf/haproxy.cfg HAPROXYFILE="$(echo "$HAPROXYFILE" | sed "s|NC_IPV6_PLACEHOLDER|$IPv6_ADDRESS_NC|")"
echo "$HAPROXYFILE" > /tmp/haproxy.cfg
set +x set +x
haproxy -f /conf/haproxy.cfg -db haproxy -f /tmp/haproxy.cfg -db

4
php/containers.json
View file

@ -661,9 +661,7 @@
"restart": "unless-stopped", "restart": "unless-stopped",
"read_only": true, "read_only": true,
"tmpfs": [ "tmpfs": [
"/run", "/tmp"
"/conf",
"/var/lib/haproxy"
] ]
} }
] ]