replace apache with a second caddy #7006
Conversation
szaimen
left a comment
szaimen
left a comment
There was a problem hiding this comment.
Hey, thanks for working on this! I have an initial comment below. Will look more into detail into this next week.
Zoey2936
force-pushed
the
replace-apache-with-caddy
branch
2 times, most recently
from
59e4a6c to
0664ec8
Compare
| # Don't allow access to the AIO interface from the Nextcloud container | ||
| # Probably more cosmetic than anything but at least an attempt | ||
| if ! grep -q '# nextcloud-aio-block' /etc/apache2/httpd.conf; then | ||
| cat << APACHE_CONF >> /etc/apache2/httpd.conf | ||
| # nextcloud-aio-block-start | ||
| <Location /> | ||
| order allow,deny | ||
| deny from nextcloud-aio-nextcloud.nextcloud-aio | ||
| allow from all | ||
| </Location> | ||
| # nextcloud-aio-block-end | ||
| APACHE_CONF | ||
| fi |
There was a problem hiding this comment.
can we do something comparable with caddy?
There was a problem hiding this comment.
we could resolve the ip for example with dig and block the ip(s) we get
There was a problem hiding this comment.
we could resolve the ip for example with
digand block the ip(s) we get
I fear this is not going to work as the ip-addresses of the nextcloud-aio-nextcloud container might change or might not exist when the mastercontainer starts. Is there any other way to do this?
There was a problem hiding this comment.
Looks like there is a caddy plugin that could do this: https://github.com/muety/caddy-remote-host
There was a problem hiding this comment.
Is it worth recompiling caddy for this? also the last commit is 4 years ago, so is it still compatible with latest caddy?
| sed -i 's|;listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1|' /usr/local/etc/php-fpm.d/www.conf; \ | ||
| grep -q 'listen =' /usr/local/etc/php-fpm.d/www.conf; \ | ||
| sed -i 's|listen =.*|;listen = /run/php.sock # handled in zz-docker.conf|' /usr/local/etc/php-fpm.d/www.conf; \ | ||
| grep -q 'listen =' /usr/local/etc/php-fpm.d/zz-docker.conf; \ |
There was a problem hiding this comment.
| grep -q 'listen =' /usr/local/etc/php-fpm.d/zz-docker.conf; \ | |
| grep -q '^listen =' /usr/local/etc/php-fpm.d/zz-docker.conf; \ |
There was a problem hiding this comment.
only for the zz-docker.conf?
There was a problem hiding this comment.
I'd say so, yes. Or we comment listen in zz-docker and add listen to the www-conf which might be better
There was a problem hiding this comment.
currently it is set twice:
/var/www/html # grep -r /usr/local/etc/ -e "listen\s="
/usr/local/etc/php-fpm.d/www.conf.default:listen = 127.0.0.1:9000
/usr/local/etc/php-fpm.d/www.conf.default:;pm.status_listen = 127.0.0.1:9001
/usr/local/etc/php-fpm.d/www.conf:listen = 127.0.0.1:9000
/usr/local/etc/php-fpm.d/www.conf:;pm.status_listen = 127.0.0.1:9001
/usr/local/etc/php-fpm.d/zz-docker.conf:listen = 9000
There was a problem hiding this comment.
in zz-docker.conf and www.conf, files ending with .default are ignored by fpm
There was a problem hiding this comment.
hm... lets maybe only set it in www.conf and comment it in zz-docker.conf
There was a problem hiding this comment.
can you adjust this please/create a suggestion?
Signed-off-by: Zoey <zoey@z0ey.de>
szaimen
force-pushed
the
replace-apache-with-caddy
branch
from
0664ec8 to
bf02678
Compare
|
@Zoey2936 please also update Thanks in advance! :) |
Signed-off-by: Zoey <zoey@z0ey.de>
should be done |
Signed-off-by: Zoey <zoey@z0ey.de>
Signed-off-by: Zoey <zoey@z0ey.de>
|
Is the only advantage that the mastercontainer is a bit smaller? 🤔 |
|
Hey @Zoey2936, my plan is to release AIO v12 beta tomorrow. Unfortunately I don't have enough time for this PR until then. So will need to postpone this. Sorry for that! |
Signed-off-by: Zoey zoey@z0ey.de
see #6998