Browse Source

fix: [nextcloud] remove management of trusted domain to allow usage without proxy

Trusted domain functionality is to avoid host poisining attacks, but
when using web-proxy, it is useless. And when not using proxy it's not
open to internet.
upd
Valentin Lab 1 year ago
parent
commit
bf9437bc02
  1. 1
      nextcloud/hooks/init
  2. 26
      nextcloud/hooks/web_proxy-relation-joined

1
nextcloud/hooks/init

@ -65,6 +65,7 @@ $MASTER_BASE_SERVICE_NAME:
NEXTCLOUD_ADMIN_USER: $admin_user
NEXTCLOUD_ADMIN_PASSWORD: $admin_password
NEXTCLOUD_DATA_DIR: /var/lib/nextcloud/data
NEXTCLOUD_TRUSTED_DOMAINS: '\*'
"
## ensuring data directories are accessible by nextcloud

26
nextcloud/hooks/web_proxy-relation-joined

@ -6,17 +6,6 @@ DOMAIN=$(relation-get domain) || exit 1
URL="$(relation-get url)" || exit 1
PROTO="${URL%%://*}"
if ! trusted_domains="$(
compose -q --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" \
config:system:get trusted_domains)"; then
err "Couldn't get 'trusted_domains'. Here's the ouput:"
echo "$trusted_domains" | prefix " | " >&2
echo "If the code of nextcloud is already there (command occ is found), but " >&2
echo "the database is not yet created, this situation will arise." >&2
exit 1
fi
occ_opts=(
## necessary as nextcloud do not detect correctly those, and behind
## a proxy, it will generate a lot of URL that are not detected
@ -25,9 +14,12 @@ occ_opts=(
config:system:set overwritehost --value="$DOMAIN" \;
config:system:set overwriteprotocol --value="$PROTO"
)
if ! [[ $'\n'"$trusted_domains"$'\n' == *$'\n'"$MASTER_BASE_SERVICE_NAME"$'\n'* ]]; then
trusted_index=$(echo "$trusted_domains" | wc -l)
debug "Adding $MASTER_TARGET_SERVICE_NAME to ${WHITE}trusted_domains${NORMAL}."
occ_opts+=( \; config:system:set trusted_domains "$trusted_index" --value="$MASTER_BASE_SERVICE_NAME")
fi
compose --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" "${occ_opts[@]}"
compose --no-relations --no-init occ "$MASTER_BASE_SERVICE_NAME" "${occ_opts[@]}" || {
err "Failure to execute these ${WHITE}occ${NORMAL} commands:"
echo " ${WHITE}$(printf ' %q' "${occ_opts[@]}")${NORMAL}" |
sed -r "s/\\;/$'n'/g" | prefix " ${DARKGRAY}>${NORMAL} " >&2
echo " "
echo " If the code of nextcloud is already there (command occ is found), but " >&2
echo " the database is not yet created, this situation will arise." >&2
exit 1
}
Loading…
Cancel
Save