(feat): Allow any docker network for HTTPS(remote) install type

oleksandr-nc · oleksandr-nc · commit d2829ae310ee · 2025-01-03T15:22:51.000+02:00
Signed-off-by: Oleksander Piskun &lt;oleksandr2088@icloud.com&gt;
diff --git a/.github/workflows/tests-deploy.yml b/.github/workflows/tests-deploy.yml
@@ -295,6 +295,118 @@ jobs:
           path: nextcloud.log
           if-no-files-found: warn
 
+  nc-docker-dsp-https-bridge:
+    runs-on: ubuntu-22.04
+    name: NC In Julius Docker(DSP-HTTPS-BRIDGE) • 🐘8.3
+    env:
+      docker-image: ghcr.io/juliusknorr/nextcloud-dev-php83:master
+
+    steps:
+      - name: Set app env
+        run: echo "APP_NAME=${GITHUB_REPOSITORY##*/}" >> $GITHUB_ENV
+
+      - name: Create certificates
+        run: |
+          mkdir certs
+          openssl req -nodes -new -x509 -subj '/CN=host.docker.internal' -sha256 -keyout certs/privkey.pem -out certs/fullchain.pem -days 365000 > /dev/null 2>&1
+          cat certs/fullchain.pem certs/privkey.pem | tee certs/cert.pem > /dev/null 2>&1
+
+      - name: Create containers
+        run: |
+          docker network create master_bridge
+          docker run -v /var/run/docker.sock:/var/run/docker.sock \
+            -v `pwd`/certs/cert.pem:/certs/cert.pem \
+            -e NC_HAPROXY_PASSWORD="some_secure_password" \
+            -e EX_APPS_NET="ipv4@localhost" \
+            --net host --name nextcloud-appapi-dsp -h nextcloud-appapi-dsp \
+            --privileged -d ghcr.io/nextcloud/nextcloud-appapi-dsp:latest
+          docker run --net=master_bridge --name=nextcloud --rm -d ${{ env.docker-image }}
+          sleep 60s
+          hostname -I
+          docker exec nextcloud-appapi-dsp ip addr show | grep inet | awk '{print $2}' | cut -d/ -f1
+
+      - name: Install AppAPI
+        run: |
+          docker exec -w /var/www/html/apps nextcloud git clone https://github.com/cloud-py-api/${{ env.APP_NAME }}.git
+          docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git fetch origin $GITHUB_REF
+          docker exec -w /var/www/html/apps/${{ env.APP_NAME }} nextcloud git checkout FETCH_HEAD
+          docker exec nextcloud sudo -u www-data php occ app:enable app_api
+          docker cp ./certs/cert.pem nextcloud:/
+          docker exec nextcloud sudo -u www-data php occ security:certificates:import /cert.pem
+          docker exec nextcloud sudo -u www-data php occ app_api:daemon:register \
+            docker_by_port Docker docker-install https host.docker.internal:2375 http://nextcloud.local/index.php \
+            --net=master_bridge --haproxy_password=some_secure_password
+          docker exec nextcloud sudo -u www-data php occ app_api:daemon:list
+          docker exec nextcloud sudo -u www-data php occ app_api:app:register app-skeleton-python docker_by_port \
+            --info-xml https://raw.githubusercontent.com/nextcloud/app-skeleton-python/main/appinfo/info.xml
+          docker exec nextcloud sudo -u www-data php occ app_api:app:enable app-skeleton-python
+
+      - name: Checking if ExApp container can access HTTPS DSP
+        run: |
+          docker exec nc_app_app-skeleton-python apt update
+          docker exec nc_app_app-skeleton-python apt install curl -y
+          docker exec nc_app_app-skeleton-python curl https://host.docker.internal:2375
+
+      - name: Disable ExApp
+        run: |
+          docker exec nextcloud sudo -u www-data php occ app_api:app:disable app-skeleton-python
+
+      - name: Copy NC log to host
+        if: always()
+        run: docker cp nextcloud:/var/www/html/data/nextcloud.log nextcloud.log
+
+      - name: Check logs
+        run: |
+          grep -q 'Hello from app-skeleton-python :)' nextcloud.log || error
+          grep -q 'Bye bye from app-skeleton-python :(' nextcloud.log || error
+
+      - name: Save HaProxy logs
+        if: always()
+        run: docker logs nextcloud-appapi-dsp > haproxy.log 2>&1
+
+      - name: Save container info & logs
+        if: always()
+        run: |
+          docker inspect nc_app_app-skeleton-python | json_pp > container.json
+          docker logs nc_app_app-skeleton-python > container.log 2>&1
+
+      - name: Unregister Skeleton & Daemon
+        run: |
+          docker exec nextcloud sudo -u www-data php occ app_api:app:unregister app-skeleton-python
+          docker exec nextcloud sudo -u www-data php occ app_api:daemon:unregister docker_by_port
+
+      - name: Upload HaProxy logs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: dsp_https_bridge_haproxy.log
+          path: haproxy.log
+          if-no-files-found: warn
+
+      - name: Upload Container info
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: dsp_https_bridge_container.json
+          path: container.json
+          if-no-files-found: warn
+
+      - name: Upload Container logs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: dsp_https_bridge_container.log
+          path: container.log
+          if-no-files-found: warn
+
+      - name: Upload NC logs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: dsp_https_bridge_nextcloud.log
+          path: nextcloud.log
+          if-no-files-found: warn
+
   nc-docker-dsp-https:
     runs-on: ubuntu-22.04
     name: NC In Julius Docker(DSP-HTTPS) • 🐘8.3
diff --git a/lib/DeployActions/DockerActions.php b/lib/DeployActions/DockerActions.php
@@ -82,7 +82,7 @@ public function deployExApp(ExApp $exApp, DaemonConfig $daemonConfig, array $par
 			}
 		}
 		$this->exAppService->setAppDeployProgress($exApp, 96);
-		$result = $this->createContainer($dockerUrl, $imageId, $params['container_params']);
+		$result = $this->createContainer($dockerUrl, $imageId, $daemonConfig, $params['container_params']);
 		if (isset($result['error'])) {
 			return $result['error'];
 		}
@@ -282,7 +282,7 @@ private function buildExtendedImageName2(array $imageParams, DaemonConfig $daemo
 			$imageParams['image_name'] . ':' . $imageParams['image_tag'] . '-' . $daemonConfig->getDeployConfig()['computeDevice']['id'];
 	}
 
-	public function createContainer(string $dockerUrl, string $imageId, array $params = []): array {
+	public function createContainer(string $dockerUrl, string $imageId, DaemonConfig $daemonConfig, array $params = []): array {
 		$createVolumeResult = $this->createVolume($dockerUrl, $this->buildExAppVolumeName($params['name']));
 		if (isset($createVolumeResult['error'])) {
 			return $createVolumeResult;
@@ -301,6 +301,23 @@ public function createContainer(string $dockerUrl, string $imageId, array $param
 			'Env' => $params['env'],
 		];
 
+		// Exposing the ExApp's primary port when the installation type is remote and the network is not a "host"
+		if (($params['net'] !== 'host') && ($daemonConfig->getProtocol() === 'https')) {
+			$exAppMainPort = $params['port'];
+			$containerParams['ExposedPorts'] = [
+				sprintf('%d/tcp', $exAppMainPort) => (object) [],
+				sprintf('%d/udp', $exAppMainPort) => (object) [],
+			];
+			$containerParams['HostConfig']['PortBindings'] = [
+				sprintf('%d/tcp', $exAppMainPort) => [
+					['HostPort' => (string)$exAppMainPort, 'HostIp' => '127.0.0.1']
+				],
+				sprintf('%d/udp', $exAppMainPort) => [
+					['HostPort' => (string)$exAppMainPort, 'HostIp' => '127.0.0.1']
+				],
+			];
+		}
+
 		if (!in_array($params['net'], ['host', 'bridge'])) {
 			$networkingConfig = [
 				'EndpointsConfig' => [
