diff --git a/.config/reverse_proxy.config.php b/.config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/.config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/16.0/fpm-alpine/config/reverse_proxy.config.php b/16.0/fpm-alpine/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/16.0/fpm-alpine/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/16.0/fpm/config/reverse_proxy.config.php b/16.0/fpm/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/16.0/fpm/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/17.0/apache/config/reverse_proxy.config.php b/17.0/apache/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/17.0/apache/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/17.0/fpm-alpine/config/reverse_proxy.config.php b/17.0/fpm-alpine/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/17.0/fpm-alpine/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/17.0/fpm/config/reverse_proxy.config.php b/17.0/fpm/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/17.0/fpm/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/18.0/apache/config/reverse_proxy.config.php b/18.0/apache/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/18.0/apache/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/18.0/fpm-alpine/config/reverse_proxy.config.php b/18.0/fpm-alpine/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/18.0/fpm-alpine/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/18.0/fpm/config/reverse_proxy.config.php b/18.0/fpm/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/18.0/fpm/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/README.md b/README.md index 69ab22d9..c7fda8a6 100644 --- a/README.md +++ b/README.md @@ -158,6 +158,14 @@ To use an external SMTP server, you have to provide the connection details. To c Check the [Nextcloud documentation](https://docs.nextcloud.com/server/15/admin_manual/configuration_server/email_configuration.html) for other values to configure SMTP. +## Using the apache image behind a reverse proxy and auto configure server host and protocol + +The apache image will replace the remote addr (ip address visible to Nextcloud) with the ip address from `X-Real-IP` if the request is coming from a proxy in 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client ip (`HTTP_X_FORWARDED_FOR`) from a trusted proxy disable rewrite ip and the reverse proxies ip address to `TRUSTED_PROXIES`. + +- `APACHE_DISABLE_REWRITE_IP` (not set by default): Set to 1 to disable rewrite ip. + +- `TRUSTED_PROXIES` (empty by default): A space-separated list of trusted proxies. CIDR notation is supported for IPv4. + # Running this image with docker-compose The easiest way to get a fully featured and functional setup is using a `docker-compose` file. There are too many different possibilities to setup your system, so here are only some examples of what you have to look for. diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 2510743e..07b44d61 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -43,6 +43,12 @@ file_env() { unset "$fileVar" } +if expr "$1" : "apache" 1>/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then