Merge pull request #4111 from nextcloud/enh/noid/add-caddy-ip

allow to add nextcloud-aio-caddy ip-address to trusted proxies automatically
nextcloud · Jan 25, 2024 · 35e62f2 · 35e62f2
2 parents 488a77e + 1c8e467
commit 35e62f2
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/manual-install/update-yaml.sh b/manual-install/update-yaml.sh
@@ -40,6 +40,7 @@ sed -i 's|- ip_binding: |- |' containers.yml
 sed -i '/AIO_TOKEN/d' containers.yml
 sed -i '/AIO_URL/d' containers.yml
 sed -i '/DOCKER_SOCKET_PROXY_ENABLED/d' containers.yml
+sed -i '/ADDITIONAL_TRUSTED_PROXY/d' containers.yml
 
 TCP="$(grep -oP '[%A-Z0-9_]+/tcp' containers.yml | sort -u)"
 mapfile -t TCP <<< "$TCP"

diff --git a/php/containers.json b/php/containers.json
@@ -213,6 +213,7 @@
         "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%",
         "APACHE_PORT=%APACHE_PORT%",
         "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
+        "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%",
         "THIS_IS_AIO=true"
       ],
       "stop_grace_period": 600,

diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php
@@ -406,6 +406,13 @@ public function CreateContainer(Container $container) : void {
                 // Allow to get local ip-address of database container which allows to talk to it even in host mode (the container that requires this needs to be started first then)
                 } elseif ($out[1] === 'AIO_DATABASE_HOST') {
                     $replacements[1] = gethostbyname('nextcloud-aio-database');
+                // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
+                } elseif ($out[1] === 'CADDY_IP_ADDRESS') {
+                    $replacements[1] = '';
+                    $communityContainers = $this->configurationManager->GetEnabledCommunityContainers();
+                    if (in_array('caddy', $communityContainers, true)) {
+                        $replacements[1] = gethostbyname('nextcloud-aio-caddy');
+                    }
                 } else {
                     $secret = $this->configurationManager->GetSecret($out[1]);
                     if ($secret === "") {