eightball/all-in-one
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2025-12-19 22:16:49 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

secure imaginary with imaginary_key

Browse source 
Signed-off-by: Simon L <szaimen@e.mail.de>
This commit is contained in:
Simon L 2024-03-04 11:48:21 +01:00
parent 6bc2d1d6ae
commit fd3f6d9018
4 changed files with 22 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Containers/imaginary/Dockerfile
View file

@ -23,9 +23,11 @@ RUN set -ex; \
vips-magick \ vips-magick \
vips-heif \ vips-heif \
vips-jxl \ vips-jxl \
vips-poppler vips-poppler \
bash
COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
COPY --chmod=775 start.sh /start.sh
ENV PORT 9000 ENV PORT 9000
@ -33,7 +35,7 @@ USER nobody
# https://github.com/h2non/imaginary#memory-issues # https://github.com/h2non/imaginary#memory-issues
ENV MALLOC_ARENA_MAX=2 ENV MALLOC_ARENA_MAX=2
ENTRYPOINT ["imaginary", "-return-size", "-max-allowed-resolution", "222.2"] ENTRYPOINT ["/start.sh"]
HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1 HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
LABEL com.centurylinklabs.watchtower.enable="false" LABEL com.centurylinklabs.watchtower.enable="false"

7
Containers/imaginary/start.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
if [ -z "$IMAGINARY_SECRET" ]; then
imaginary -return-size -max-allowed-resolution 222.2 "$@"
else
imaginary -return-size -max-allowed-resolution 222.2 -key "$IMAGINARY_SECRET" "$@"
fi

1
Containers/nextcloud/entrypoint.sh
View file

@ -703,6 +703,7 @@ fi
if [ "$IMAGINARY_ENABLED" = 'yes' ]; then if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary" php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000" php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
php /var/www/html/occ config:system:set preview_imaginary_key --value="$IMAGINARY_SECRET"
else else
if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
php /var/www/html/occ config:system:delete enabledPreviewProviders 0 php /var/www/html/occ config:system:delete enabledPreviewProviders 0

12
php/containers.json
View file

@ -146,7 +146,8 @@
"NEXTCLOUD_PASSWORD", "NEXTCLOUD_PASSWORD",
"TURN_SECRET", "TURN_SECRET",
"SIGNALING_SECRET", "SIGNALING_SECRET",
"FULLTEXTSEARCH_PASSWORD" "FULLTEXTSEARCH_PASSWORD",
"IMAGINARY_SECRET"
], ],
"volumes": [ "volumes": [
{ {
@ -220,7 +221,8 @@
"APACHE_PORT=%APACHE_PORT%", "APACHE_PORT=%APACHE_PORT%",
"APACHE_IP_BINDING=%APACHE_IP_BINDING%", "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
"ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%", "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%",
"THIS_IS_AIO=true" "THIS_IS_AIO=true",
"IMAGINARY_SECRET=%IMAGINARY_SECRET%"
], ],
"stop_grace_period": 600, "stop_grace_period": 600,
"restart": "unless-stopped", "restart": "unless-stopped",
@ -646,7 +648,8 @@
], ],
"internal_port": "9000", "internal_port": "9000",
"environment": [ "environment": [
"TZ=%TIMEZONE%" "TZ=%TIMEZONE%",
"IMAGINARY_SECRET=%IMAGINARY_SECRET%"
], ],
"restart": "unless-stopped", "restart": "unless-stopped",
"cap_add": [ "cap_add": [
@ -664,6 +667,9 @@
"read_only": true, "read_only": true,
"tmpfs": [ "tmpfs": [
"/tmp" "/tmp"
],
"secrets": [
"IMAGINARY_SECRET"
] ]
}, },
{ {