From 6886844d32d355a65c3c4943288adfccb3eeb067 Mon Sep 17 00:00:00 2001 From: Simon L Date: Wed, 27 Sep 2023 21:27:24 +0200 Subject: [PATCH] adjust limiting the php-fpm port to specific containers again Signed-off-by: Simon L --- Containers/docker-socket-proxy/healthcheck.sh | 2 +- Containers/nextcloud/start.sh | 11 ++--------- Containers/nextcloud/supervisord.conf | 9 +++++++++ Containers/notify-push/healthcheck.sh | 2 +- Containers/notify-push/start.sh | 2 +- php/containers.json | 3 ++- 6 files changed, 16 insertions(+), 13 deletions(-) diff --git a/Containers/docker-socket-proxy/healthcheck.sh b/Containers/docker-socket-proxy/healthcheck.sh index d5bc089ae437..28edfdfc00f2 100644 --- a/Containers/docker-socket-proxy/healthcheck.sh +++ b/Containers/docker-socket-proxy/healthcheck.sh @@ -1,4 +1,4 @@ #!/bin/bash -nc -z "$NEXTCLOUD_HOST" 9000 || exit 0 +nc -z "$NEXTCLOUD_HOST" 9001 || exit 0 nc -z localhost 2375 || exit 1 diff --git a/Containers/nextcloud/start.sh b/Containers/nextcloud/start.sh index 91a1c4502574..9aada4f4d3b5 100644 --- a/Containers/nextcloud/start.sh +++ b/Containers/nextcloud/start.sh @@ -25,21 +25,14 @@ if [ -f "/var/www/html/config/config.php" ]; then fi fi -set -x +# TODO: need to wait for apache to spawn? IPv4_ADDRESS_APACHE="$(dig nextcloud-aio-apache A +short | grep '^[0-9.]\+$' | sort | head -n1)" IPv6_ADDRESS_APACHE="$(dig nextcloud-aio-apache AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)" IPv4_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer A +short | grep '^[0-9.]\+$' | sort | head -n1)" IPv6_ADDRESS_MASTERCONTAINER="$(dig nextcloud-aio-mastercontainer AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)" -IPv4_ADDRESS_NOTIFY_PUSH="$(dig nextcloud-aio-notify-push A +short | grep '^[0-9.]\+$' | sort | head -n1)" -IPv6_ADDRESS_NOTIFY_PUSH="$(dig nextcloud-aio-notify-push AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)" -IPv4_ADDRESS_DSP="$(dig nextcloud-aio-docker-socket-proxy A +short | grep '^[0-9.]\+$' | sort | head -n1)" -IPv6_ADDRESS_DSP="$(dig nextcloud-aio-docker-socket-proxy AAAA +short | grep '^[0-9a-f:]\+$' | sort | head -n1)" -set +x sed -i "s|^;listen.allowed_clients|listen.allowed_clients|" /usr/local/etc/php-fpm.d/www.conf -sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER,$IPv4_ADDRESS_NOTIFY_PUSH,$IPv6_ADDRESS_NOTIFY_PUSH,$IPv4_ADDRESS_DSP,$IPv6_ADDRESS_DSP|" /usr/local/etc/php-fpm.d/www.conf -sed -i "/^listen.allowed_clients/s/,,/,/g" /usr/local/etc/php-fpm.d/www.conf -sed -i "/^listen.allowed_clients/s/,$//" /usr/local/etc/php-fpm.d/www.conf +sed -i "s|listen.allowed_clients.*|listen.allowed_clients = 127.0.0.1,::1,$IPv4_ADDRESS_APACHE,$IPv6_ADDRESS_APACHE,$IPv4_ADDRESS_MASTERCONTAINER,$IPv6_ADDRESS_MASTERCONTAINER|" /usr/local/etc/php-fpm.d/www.conf grep listen.allowed_clients /usr/local/etc/php-fpm.d/www.conf # Trust additional Cacerts, if the user provided $TRUSTED_CACERTS_DIR diff --git a/Containers/nextcloud/supervisord.conf b/Containers/nextcloud/supervisord.conf index 45a6b074ef09..184074af8aa9 100644 --- a/Containers/nextcloud/supervisord.conf +++ b/Containers/nextcloud/supervisord.conf @@ -32,3 +32,12 @@ stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 command=/run-exec-commands.sh user=www-data + +# This is a hack but no better solution is there +[program:is-nextcloud-online] +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 +command=nc -lk 9001 +user=www-data diff --git a/Containers/notify-push/healthcheck.sh b/Containers/notify-push/healthcheck.sh index 8dce437ec8a6..cc0819747b8a 100644 --- a/Containers/notify-push/healthcheck.sh +++ b/Containers/notify-push/healthcheck.sh @@ -1,6 +1,6 @@ #!/bin/bash -if ! nc -z "$NEXTCLOUD_HOST" 9000; then +if ! nc -z "$NEXTCLOUD_HOST" 9001; then exit 0 fi diff --git a/Containers/notify-push/start.sh b/Containers/notify-push/start.sh index f02544f71ade..d730c7fd9138 100644 --- a/Containers/notify-push/start.sh +++ b/Containers/notify-push/start.sh @@ -12,7 +12,7 @@ elif [ -z "$REDIS_HOST" ]; then fi # Only start container if nextcloud is accessible -while ! nc -z "$NEXTCLOUD_HOST" 9000; do +while ! nc -z "$NEXTCLOUD_HOST" 9001; do echo "Waiting for Nextcloud to start..." sleep 5 done diff --git a/php/containers.json b/php/containers.json index 75e6f830ab59..50cd91eb7af2 100644 --- a/php/containers.json +++ b/php/containers.json @@ -130,7 +130,8 @@ "image": "nextcloud/aio-nextcloud", "init": true, "expose": [ - "9000" + "9000", + "9001" ], "internal_port": "9000", "secrets": [