From 63438ef792fdedd4ceb80664d22391aca21f6bd1 Mon Sep 17 00:00:00 2001 From: kesselb Date: Mon, 6 Apr 2020 22:44:58 +0200 Subject: [PATCH] Disable rewriteip for apache image (#1010) * Disable rewrite ip for apache image Signed-off-by: Daniel Kesselberg * Run update.sh Signed-off-by: Daniel Kesselberg --- .config/reverse_proxy.config.php | 11 +++++++++++ 16.0/apache/config/reverse_proxy.config.php | 11 +++++++++++ 16.0/apache/entrypoint.sh | 6 ++++++ 16.0/fpm-alpine/config/reverse_proxy.config.php | 11 +++++++++++ 16.0/fpm-alpine/entrypoint.sh | 6 ++++++ 16.0/fpm/config/reverse_proxy.config.php | 11 +++++++++++ 16.0/fpm/entrypoint.sh | 6 ++++++ 17.0/apache/config/reverse_proxy.config.php | 11 +++++++++++ 17.0/apache/entrypoint.sh | 6 ++++++ 17.0/fpm-alpine/config/reverse_proxy.config.php | 11 +++++++++++ 17.0/fpm-alpine/entrypoint.sh | 6 ++++++ 17.0/fpm/config/reverse_proxy.config.php | 11 +++++++++++ 17.0/fpm/entrypoint.sh | 6 ++++++ 18.0/apache/config/reverse_proxy.config.php | 11 +++++++++++ 18.0/apache/entrypoint.sh | 6 ++++++ 18.0/fpm-alpine/config/reverse_proxy.config.php | 11 +++++++++++ 18.0/fpm-alpine/entrypoint.sh | 6 ++++++ 18.0/fpm/config/reverse_proxy.config.php | 11 +++++++++++ 18.0/fpm/entrypoint.sh | 6 ++++++ README.md | 8 ++++++++ docker-entrypoint.sh | 6 ++++++ 21 files changed, 178 insertions(+) create mode 100644 .config/reverse_proxy.config.php create mode 100644 16.0/apache/config/reverse_proxy.config.php create mode 100644 16.0/fpm-alpine/config/reverse_proxy.config.php create mode 100644 16.0/fpm/config/reverse_proxy.config.php create mode 100644 17.0/apache/config/reverse_proxy.config.php create mode 100644 17.0/fpm-alpine/config/reverse_proxy.config.php create mode 100644 17.0/fpm/config/reverse_proxy.config.php create mode 100644 18.0/apache/config/reverse_proxy.config.php create mode 100644 18.0/fpm-alpine/config/reverse_proxy.config.php create mode 100644 18.0/fpm/config/reverse_proxy.config.php diff --git a/.config/reverse_proxy.config.php b/.config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/.config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/16.0/fpm-alpine/config/reverse_proxy.config.php b/16.0/fpm-alpine/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/16.0/fpm-alpine/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/16.0/fpm/config/reverse_proxy.config.php b/16.0/fpm/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/16.0/fpm/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/17.0/apache/config/reverse_proxy.config.php b/17.0/apache/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/17.0/apache/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/17.0/fpm-alpine/config/reverse_proxy.config.php b/17.0/fpm-alpine/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/17.0/fpm-alpine/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/17.0/fpm/config/reverse_proxy.config.php b/17.0/fpm/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/17.0/fpm/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/18.0/apache/config/reverse_proxy.config.php b/18.0/apache/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/18.0/apache/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/18.0/fpm-alpine/config/reverse_proxy.config.php b/18.0/fpm-alpine/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/18.0/fpm-alpine/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/18.0/fpm/config/reverse_proxy.config.php b/18.0/fpm/config/reverse_proxy.config.php new file mode 100644 index 00000000..26a8bff3 --- /dev/null +++ b/18.0/fpm/config/reverse_proxy.config.php @@ -0,0 +1,11 @@ +/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then diff --git a/README.md b/README.md index 69ab22d9..c7fda8a6 100644 --- a/README.md +++ b/README.md @@ -158,6 +158,14 @@ To use an external SMTP server, you have to provide the connection details. To c Check the [Nextcloud documentation](https://docs.nextcloud.com/server/15/admin_manual/configuration_server/email_configuration.html) for other values to configure SMTP. +## Using the apache image behind a reverse proxy and auto configure server host and protocol + +The apache image will replace the remote addr (ip address visible to Nextcloud) with the ip address from `X-Real-IP` if the request is coming from a proxy in 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client ip (`HTTP_X_FORWARDED_FOR`) from a trusted proxy disable rewrite ip and the reverse proxies ip address to `TRUSTED_PROXIES`. + +- `APACHE_DISABLE_REWRITE_IP` (not set by default): Set to 1 to disable rewrite ip. + +- `TRUSTED_PROXIES` (empty by default): A space-separated list of trusted proxies. CIDR notation is supported for IPv4. + # Running this image with docker-compose The easiest way to get a fully featured and functional setup is using a `docker-compose` file. There are too many different possibilities to setup your system, so here are only some examples of what you have to look for. diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh index 2510743e..07b44d61 100755 --- a/docker-entrypoint.sh +++ b/docker-entrypoint.sh @@ -43,6 +43,12 @@ file_env() { unset "$fileVar" } +if expr "$1" : "apache" 1>/dev/null; then + if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then + a2disconf remoteip + fi +fi + if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then if [ -n "${REDIS_HOST+x}" ]; then