nextcloud · szaimen · Aug 17, 2023 · Jul 14, 2024 · Jul 14, 2024 · Jul 14, 2024
diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
diff --git a/Containers/apache/Dockerfile b/Containers/apache/Dockerfile
@@ -5,10 +5,10 @@ FROM httpd:2.4.61-alpine3.20
 
 COPY --from=caddy /usr/bin/caddy /usr/bin/caddy
 
-COPY --chown=33:33 Caddyfile /Caddyfile
 COPY --chmod=664 nextcloud.conf /usr/local/apache2/conf/nextcloud.conf
 COPY --chmod=664 supervisord.conf /supervisord.conf
 COPY --chmod=775 start.sh /start.sh
+COPY --chmod=775 caddyfile.sh /caddyfile.sh
 COPY --chmod=775 healthcheck.sh /healthcheck.sh
 
 VOLUME /mnt/data

diff --git a/Containers/apache/caddyfile.sh b/Containers/apache/caddyfile.sh
@@ -0,0 +1,80 @@
+#!/bin/bash
+
+
+function loop {
+ readarray -t sorted < <(echo "$3" | tr "$2" '\n' | sort -r)
+ for i in "${sorted[@]}"; do
+ "template_loop_$1" "$i"
+ done
+
+}
+
+function template_loop_route {
+ IFS=',' read -ra array <<< "$1"
+ TARGET="${array[0]}"
+ ROUTE="${array[1]}"
+ if [ "${array[2]}" == "1" ]; then
+ URI_STRIP_PREFIX="uri strip_prefix $ROUTE"
+ fi
+
+ cat << CADDY
+
+ route $ROUTE/* {
+ $URI_STRIP_PREFIX
+ reverse_proxy $TARGET
+ }
+CADDY
+}
+
+if [ -n "$APACHE_PORT" ] && [ "$APACHE_PORT" != "443" ]; then
+ TRUSTED_PROXIES="trusted_proxies static private_ranges"
+ AUTO_HTTPS="auto_https off"
+ TARGET="http://:$APACHE_PORT"
+else
+ IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1 | sed 's|[0-9]\+$|0/16|')"
+ TRUSTED_PROXIES="trusted_proxies static $IPv4_ADDRESS"
+ AUTO_HTTPS="auto_https disable_redirects"
+ TARGET="https://$NC_DOMAIN:443"
+fi
+
+if [ -n "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
+ ADDITIONAL_TARGET="https://$ADDITIONAL_TRUSTED_DOMAIN:443"
+fi
+
+cat << CADDY
+{
+ $AUTO_HTTPS
+
+ storage file_system {
+ root /mnt/data/caddy
+ }
+
+ servers {
+ $TRUSTED_PROXIES
+ }
+
+ log {
+ level ERROR
+ }
+}
+
+$ADDITIONAL_TARGET
+$TARGET {
+ header -Server
+ header -X-Powered-By
+$(loop route ';' "$CADDY_ROUTES")
+ route {
+ header Strict-Transport-Security max-age=31536000;
+ reverse_proxy localhost:8000
+ }
+ redir /.well-known/carddav /remote.php/dav/ 301
+ redir /.well-known/caldav /remote.php/dav/ 301
+
+ tls {
+ issuer acme {
+ disable_http_challenge
+ }
+ }
+}
+
+CADDY
diff --git a/Containers/apache/start.sh b/Containers/apache/start.sh
@@ -17,46 +17,7 @@ while ! nc -z "$NEXTCLOUD_HOST" 9000; do
  sleep 5
 done
 
-# Get ipv4-address of Apache
-# shellcheck disable=SC2153
-IPv4_ADDRESS="$(dig "$APACHE_HOST" A +short +search | head -1)"
-# Bring it in CIDR notation
-# shellcheck disable=SC2001
-IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|0/16|')"
-
-if [ -z "$APACHE_PORT" ]; then
- export APACHE_PORT="443"
-fi
-
-# Change variables in case of reverse proxies
-if [ "$APACHE_PORT" != '443' ]; then
- export PROTOCOL="http"
- export NC_DOMAIN=""
-else
- export PROTOCOL="https"
-fi
-
-# Change the auto_https in case of reverse proxies
-if [ "$APACHE_PORT" != '443' ]; then
- CADDYFILE="$(sed 's|auto_https.*|auto_https off|' /Caddyfile)"
-else
- CADDYFILE="$(sed 's|auto_https.*|auto_https disable_redirects|' /Caddyfile)"
-fi
-echo "$CADDYFILE" > /tmp/Caddyfile
-
-# Change the trusted_proxies in case of reverse proxies
-if [ "$APACHE_PORT" != '443' ]; then
- CADDYFILE="$(sed 's|# trusted_proxies placeholder|trusted_proxies static private_ranges|' /tmp/Caddyfile)"
-else
- CADDYFILE="$(sed "s|# trusted_proxies placeholder|trusted_proxies static $IPv4_ADDRESS|" /tmp/Caddyfile)"
-fi
-echo "$CADDYFILE" > /tmp/Caddyfile
-
-# Remove additional domain if not given
-if [ -z "$ADDITIONAL_TRUSTED_DOMAIN" ]; then
- CADDYFILE="$(sed '/ADDITIONAL_TRUSTED_DOMAIN/d' /tmp/Caddyfile)"
-fi
-echo "$CADDYFILE" > /tmp/Caddyfile
+bash caddyfile.sh > /tmp/Caddyfile
 
 # Fix the Caddyfile format
 caddy fmt --overwrite /tmp/Caddyfile

diff --git a/manual-install/latest.yml b/manual-install/latest.yml
@@ -25,14 +25,11 @@ services:
  - NC_DOMAIN=${NC_DOMAIN}
  - NEXTCLOUD_HOST=nextcloud-aio-nextcloud
  - APACHE_HOST=nextcloud-aio-apache
- - COLLABORA_HOST=nextcloud-aio-collabora
- - TALK_HOST=nextcloud-aio-talk
  - APACHE_PORT=${APACHE_PORT}
- - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
  - TZ=${TIMEZONE}
  - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
  - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
- - NOTIFY_PUSH_HOST=nextcloud-aio-notify-push
+ - CADDY_ROUTE=nextcloud-aio-collabora:9980,/browser,0;nextcloud-aio-collabora:9980,/hosting,0;nextcloud-aio-collabora:9980,/cool,0;nextcloud-aio-notify-push:7867,/push,1;nextcloud-aio-talk:8081,/standalone-signaling,1
  volumes:
  - nextcloud_aio_nextcloud:/var/www/html:ro
  - nextcloud_aio_apache:/mnt/data:rw

diff --git a/php/containers-schema.json b/php/containers-schema.json
@@ -170,6 +170,27 @@
  "pattern": "^/[a-z/_0-9-:]+$"
  }
  },
+ "caddy_routes": {
+ "type": "array",
+ "items": {
+ "type": "object",
+ "additionalProperties": false,
+ "minProperties": 3,
+ "properties": {
+ "route": {
+ "type": "string",
+ "pattern": "^(/[a-z-]+)*$"
+ },
+ "target_port": {
+ "type": "string",
+ "pattern": "^[0-9]{1,5}$"
+ },
+ "uri_strip_prefix": {
+ "type": "boolean"
+ }
+ }
+ }
+ },
  "volumes": {
  "type": "array",
  "items": {
@@ -195,4 +216,4 @@
  }
  }
  }
-}
+}
diff --git a/php/containers.json b/php/containers.json
@@ -30,14 +30,11 @@
  "NC_DOMAIN=%NC_DOMAIN%",
  "NEXTCLOUD_HOST=nextcloud-aio-nextcloud",
  "APACHE_HOST=nextcloud-aio-apache",
- "COLLABORA_HOST=nextcloud-aio-collabora",
- "TALK_HOST=nextcloud-aio-talk",
  "APACHE_PORT=%APACHE_PORT%",
- "ONLYOFFICE_HOST=nextcloud-aio-onlyoffice",
  "TZ=%TIMEZONE%",
  "APACHE_MAX_SIZE=%APACHE_MAX_SIZE%",
  "APACHE_MAX_TIME=%NEXTCLOUD_MAX_TIME%",
- "NOTIFY_PUSH_HOST=nextcloud-aio-notify-push"
+ "CADDY_ROUTES=%CADDY_ROUTES%"
  ],
  "volumes": [
  {
@@ -251,6 +248,13 @@
  "7867"
  ],
  "internal_port": "7867",
+ "caddy_routes": [
+ {
+ "route": "/push",
+ "target_port": "7867",
+ "uri_strip_prefix": true
+ }
+ ],
  "secrets": [
  "REDIS_PASSWORD",
  "DATABASE_PASSWORD"
@@ -327,6 +331,23 @@
  "9980"
  ],
  "internal_port": "9980",
+ "caddy_routes": [
+ {
+ "route": "/browser",
+ "target_port": "9980",
+ "uri_strip_prefix": false
+ },
+ {
+ "route": "/hosting",
+ "target_port": "9980",
+ "uri_strip_prefix": false
+ },
+ {
+ "route": "/cool",
+ "target_port": "9980",
+ "uri_strip_prefix": false
+ }
+ ],
  "environment": [
  "aliasgroup1=https://%NC_DOMAIN%:443",
  "extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:mount_jail_tree=false --o:logging.level=warning --o:home_mode.enable=true %COLLABORA_SECCOMP_POLICY% --o:remote_font_config.url=https://%NC_DOMAIN%/apps/richdocuments/settings/fonts.json",
@@ -376,6 +397,13 @@
  "8081"
  ],
  "internal_port": "%TALK_PORT%",
+ "caddy_routes": [
+ {
+ "route": "/standalone-signaling",
+ "target_port": "8081",
+ "uri_strip_prefix": true
+ }
+ ],
  "environment": [
  "NC_DOMAIN=%NC_DOMAIN%",
  "TALK_HOST=nextcloud-aio-talk",

diff --git a/php/src/Container/Container.php b/php/src/Container/Container.php
@@ -15,6 +15,7 @@ class Container {
  private int $maxShutdownTime;
  private ContainerPorts $ports;
  private string $internalPorts;
+ private ContainerCaddyRoutes $caddyRoutes;
  private ContainerVolumes $volumes;
  private ContainerEnvironmentVariables $containerEnvironmentVariables;
  /** @var string[] */
@@ -46,6 +47,7 @@ public function __construct(
  int $maxShutdownTime,
  ContainerPorts $ports,
  string $internalPorts,
+ ContainerCaddyRoutes $caddyRoutes,
  ContainerVolumes $volumes,
  ContainerEnvironmentVariables $containerEnvironmentVariables,
  array $dependsOn,
@@ -71,6 +73,7 @@ public function __construct(
  $this->maxShutdownTime = $maxShutdownTime;
  $this->ports = $ports;
  $this->internalPorts = $internalPorts;
+ $this->caddyRoutes = $caddyRoutes;
  $this->volumes = $volumes;
  $this->containerEnvironmentVariables = $containerEnvironmentVariables;
  $this->dependsOn = $dependsOn;
@@ -158,6 +161,10 @@ public function GetInternalPort() : string {
  return $this->internalPorts;
  }
 
+ public function GetCaddyRoutes() : ContainerCaddyRoutes {
+ return $this->caddyRoutes;
+ }
+
  public function GetVolumes() : ContainerVolumes {
  return $this->volumes;
  }

diff --git a/php/src/Container/ContainerCaddyRoute.php b/php/src/Container/ContainerCaddyRoute.php
@@ -0,0 +1,24 @@
+<?php
+
+
+namespace AIO\Container;
+
+class ContainerCaddyRoute {
+ public string $route;
+ public string $target;
+ public bool $uriStripPrefix;
+
+ public function __construct(
+ string $route,
+ string $target,
+ string $uriStripPrefix
+ ) {
+ $this->route = $route;
+ $this->target = $target;
+ $this->uriStripPrefix = $uriStripPrefix === "true";
+ }
+
+ public function GetFormatedEnv() : string {
+ return $this->target.",".$this->route.",".$this->uriStripPrefix?"1":"0";
+ }
+}