eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-20 06:26:57 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

nextcloud - limit access to php-fpm

Browse source 
Signed-off-by: Simon L <szaimen@e.mail.de>
This commit is contained in:
Simon L 2023-09-07 16:55:29 +02:00
parent 133a7500f9
commit be55bbe7c1
3 changed files with 20 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
Containers/nextcloud/entrypoint.sh
View file

@ -524,11 +524,8 @@ if [ "$COLLABORA_ENABLED" = 'yes' ]; then
# Fix https://github.com/nextcloud/all-in-one/issues/188:
php /var/www/html/occ config:system:set allow_local_remote_servers --type=bool --value=true
# Make collabora more save
COLLABORA_IPv4_ADDRESS="$(echo "<?php echo gethostbyname('$NC_DOMAIN');" | php | head -1)"
COLLABORA_IPv6_ADDRESS="<?php \$record = dns_get_record('$NC_DOMAIN', DNS_AAAA);"
# shellcheck disable=SC2016
COLLABORA_IPv6_ADDRESS+='if (!empty($record)) {echo $record[0]["ipv6"];}'
COLLABORA_IPv6_ADDRESS="$(echo "$COLLABORA_IPv6_ADDRESS" | php | head -1)"
COLLABORA_IPv4_ADDRESS="$(dig "$NC_DOMAIN" A +short | grep '^[0-9.]\+$' | sort | head -n1)"
COLLABORA_IPv6_ADDRESS="$(dig "$NC_DOMAIN" AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)"
COLLABORA_ALLOW_LIST="$(php /var/www/html/occ config:app:get richdocuments wopi_allowlist)"
if [ -n "$COLLABORA_IPv4_ADDRESS" ]; then
if ! echo "$COLLABORA_ALLOW_LIST" | grep -q "$COLLABORA_IPv4_ADDRESS"; then