diff options
author | nachoparker <nacho@ownyourbits.com> | 2019-06-30 00:15:46 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2019-06-30 00:16:06 +0300 |
commit | fbdab43b96f7ad92935c0ea01f7c9c2ecfb7e712 (patch) | |
tree | b9d9540c159db27f6c87d51cfdd19ea7b914d392 | |
parent | ce4477c8a4c101b416ebb2711b3c22a42ffc0051 (diff) |
ncp-web: adjust ipv6 local restrictionsv1.13.5
Signed-off-by: nachoparker <nacho@ownyourbits.com>
-rw-r--r-- | changelog.md | 8 | ||||
-rw-r--r-- | ncp.sh | 3 | ||||
-rwxr-xr-x | update.sh | 51 |
3 files changed, 60 insertions, 2 deletions
diff --git a/changelog.md b/changelog.md index b7baac2a..493b736d 100644 --- a/changelog.md +++ b/changelog.md @@ -1,7 +1,11 @@ -[v1.13.3](https://github.com/nextcloud/nextcloudpi/commit/659d768) (2019-06-23) spDYN: remove unused IPV6 argument in spDYN.sh +[v1.13.5](https://github.com/nextcloud/nextcloudpi/commit/abba511) (2019-06-29) ncp-web: adjust ipv6 local restrictions -[v1.13.2](https://github.com/nextcloud/nextcloudpi/commit/c392529) (2019-06-17) nc-backup: fix exclusion of ncp backups +[v1.13.4 ](https://github.com/nextcloud/nextcloudpi/commit/ce4477c) (2019-06-29) nc-previews: adjust preview sizes + +[v1.13.3](https://github.com/nextcloud/nextcloudpi/commit/0701949) (2019-06-23) spDYN: remove unused IPV6 argument in spDYN.sh + +[v1.13.2 ](https://github.com/nextcloud/nextcloudpi/commit/c392529) (2019-06-17) nc-backup: fix exclusion of ncp backups [v1.13.1 ](https://github.com/nextcloud/nextcloudpi/commit/5de855f) (2019-06-01) ncp-web: avoid quotes in fields @@ -58,6 +58,7 @@ EOF Require ip 192.168 Require ip 172 Require ip 10 + Require ip fe80::/10 Require ip fd00::/8 </RequireAny> @@ -102,6 +103,8 @@ Listen 4443 Require ip 192.168 Require ip 172 Require ip 10 + Require ip fe80::/10 + Require ip fd00::/8 </RequireAny> <RequireAny> @@ -248,6 +248,57 @@ EOF ncc config:system:set jpeg_quality --value 60 } + # adjust local IPv6 + cat > /etc/apache2/sites-available/ncp.conf <<EOF +Listen 4443 +<VirtualHost _default_:4443> + DocumentRoot /var/www/ncp-web + SSLEngine on + SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem + SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key + + # 2 days to avoid very big backups requests to timeout + TimeOut 172800 + + <IfModule mod_authnz_external.c> + DefineExternalAuth pwauth pipe /usr/sbin/pwauth + </IfModule> + +</VirtualHost> +<Directory /var/www/ncp-web/> + + AuthType Basic + AuthName "ncp-web login" + AuthBasicProvider external + AuthExternal pwauth + + SetEnvIf Request_URI "^" noauth + SetEnvIf Request_URI "^index\.php$" !noauth + SetEnvIf Request_URI "^/$" !noauth + SetEnvIf Request_URI "^/wizard/index.php$" !noauth + SetEnvIf Request_URI "^/wizard/$" !noauth + + <RequireAll> + + <RequireAny> + Require host localhost + Require local + Require ip 192.168 + Require ip 172 + Require ip 10 + Require ip fd00::/8 + Require ip fe80::/10 + </RequireAny> + + <RequireAny> + Require env noauth + Require user ncp + </RequireAny> + + </RequireAll> + +</Directory> +EOF # remove redundant opcache configuration. Leave until update bug is fixed -> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815968 # Bug #416 reappeared after we moved to php7.2 and debian buster packages. (keep last) |