From b65a56d1909f953d462aed4366beed2cc8c8713f Mon Sep 17 00:00:00 2001 From: Simon L Date: Fri, 29 Sep 2023 22:24:00 +0200 Subject: [PATCH] community-containers - add caddy Signed-off-by: Simon L --- .github/workflows/json-validator.yml | 8 +++-- community-containers/caddy/caddy.json | 51 +++++++++++++++++++++++++++ community-containers/caddy/readme.md | 14 ++++++++ php/containers-schema.json | 2 +- 4 files changed, 71 insertions(+), 4 deletions(-) create mode 100644 community-containers/caddy/caddy.json create mode 100644 community-containers/caddy/readme.md diff --git a/.github/workflows/json-validator.yml b/.github/workflows/json-validator.yml index 4a3967f9a7be..90cd5653270a 100644 --- a/.github/workflows/json-validator.yml +++ b/.github/workflows/json-validator.yml @@ -22,12 +22,14 @@ jobs: sudo apt-get update sudo apt-get install python3-pip -y --no-install-recommends sudo pip3 install json-spec - json validate --schema-file=php/containers-schema.json --document-file=php/containers.json + if ! json validate --schema-file=php/containers-schema.json --document-file=php/containers.json; then + exit 1 + fi JSON_FILES="$(find ./community-containers -name '*.json')" mapfile -t JSON_FILES <<< "$JSON_FILES" for file in "${JSON_FILES[@]}"; do - json validate --schema-file=php/containers-schema.json --document-file="$file" | tee -a ./json-validator.log + json validate --schema-file=php/containers-schema.json --document-file="$file" 2>&1 | tee -a ./json-validator.log done - if grep "Exception: document does not validate with schema." ./json-validator.log; then + if grep -q "document does not validate with schema." ./json-validator.log; then exit 1 fi diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json new file mode 100644 index 000000000000..91fceafba696 --- /dev/null +++ b/community-containers/caddy/caddy.json @@ -0,0 +1,51 @@ +{ + "aio_services_v1": [ + { + "container_name": "nextcloud-aio-caddy", + "display_name": "Caddy with geoblocking", + "image": "szaimen/aio-caddy", + "image_tag": "v1", + "internal_port": "443", + "restart": "unless-stopped", + "ports": [ + { + "ip_binding": "", + "port_number": "443", + "protocol": "tcp" + }, + { + "ip_binding": "", + "port_number": "443", + "protocol": "udp" + } + ], + "environment": [ + "TZ=%TIMEZONE%", + "NC_DOMAIN=%NC_DOMAIN%", + "APACHE_PORT=%APACHE_PORT%" + ], + "volumes": [ + { + "source": "nextcloud_aio_caddy", + "destination": "/data", + "writeable": true + }, + { + "source": "%NEXTCLOUD_DATADIR%", + "destination": "/nextcloud", + "writeable": false + } + ], + "aio_variables": [ + "apache_ip_binding=127.0.0.1", + "apache_port=11000" + ], + "nextcloud_exec_commands": [ + "mkdir '/mnt/ncdata/admin/files/nextcloud-aio-caddy'", + "touch '/mnt/ncdata/admin/files/nextcloud-aio-caddy/allowed-countries.txt'", + "echo 'Scanning nextcloud-aio-caddy folder for admin user...'", + "php /var/www/html/occ files:scan --path='/admin/files/nextcloud-aio-caddy'" + ] + } + ] +} diff --git a/community-containers/caddy/readme.md b/community-containers/caddy/readme.md new file mode 100644 index 000000000000..f1717624cd96 --- /dev/null +++ b/community-containers/caddy/readme.md @@ -0,0 +1,14 @@ +## Caddy with geoblocking +This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. + +### Notes +- Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO. +- Make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden. +- After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active! +- See https://github.com/nextcloud/all-in-one/tree/main/community-containers how to add it to the AIO stack + +### Repository +https://github.com/szaimen/aio-caddy + +### Maintainer +https://github.com/szaimen diff --git a/php/containers-schema.json b/php/containers-schema.json index 96789207580c..afb11b8f5cae 100644 --- a/php/containers-schema.json +++ b/php/containers-schema.json @@ -122,7 +122,7 @@ "type": "array", "items": { "type": "string", - "pattern": "^(php /var/www/html/occ .*|echo .*)$" + "pattern": "^(php /var/www/html/occ .*|echo .*|touch .*|mkdir .*)$" } }, "profiles": {