ncp-web: adjust ipv6 local restrictionsv1.13.5

Signed-off-by: nachoparker <nacho@ownyourbits.com>

3 files changed, 60 insertions, 2 deletions

diff --git a/changelog.md b/changelog.md
index b7baac2a..493b736d 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,7 +1,11 @@
 
-[v1.13.3](https://github.com/nextcloud/nextcloudpi/commit/659d768) (2019-06-23) spDYN: remove unused IPV6 argument in spDYN.sh
+[v1.13.5](https://github.com/nextcloud/nextcloudpi/commit/abba511) (2019-06-29) ncp-web: adjust ipv6 local restrictions
 
-[v1.13.2](https://github.com/nextcloud/nextcloudpi/commit/c392529) (2019-06-17) nc-backup: fix exclusion of ncp backups
+[v1.13.4 ](https://github.com/nextcloud/nextcloudpi/commit/ce4477c) (2019-06-29) nc-previews: adjust preview sizes
+
+[v1.13.3](https://github.com/nextcloud/nextcloudpi/commit/0701949) (2019-06-23) spDYN: remove unused IPV6 argument in spDYN.sh
+
+[v1.13.2 ](https://github.com/nextcloud/nextcloudpi/commit/c392529) (2019-06-17) nc-backup: fix exclusion of ncp backups
 
 [v1.13.1 ](https://github.com/nextcloud/nextcloudpi/commit/5de855f) (2019-06-01) ncp-web: avoid quotes in fields
 
diff --git a/ncp.sh b/ncp.sh
index 176e0045..937f76cd 100644
--- a/ncp.sh
+++ b/ncp.sh
@@ -58,6 +58,7 @@ EOF
       Require ip 192.168
       Require ip 172
       Require ip 10
+      Require ip fe80::/10
       Require ip fd00::/8
    </RequireAny>
 
@@ -102,6 +103,8 @@ Listen 4443
       Require ip 192.168
       Require ip 172
       Require ip 10
+      Require ip fe80::/10
+      Require ip fd00::/8
    </RequireAny>
 
    <RequireAny>
diff --git a/update.sh b/update.sh
index 0c299392..2c185a09 100755
--- a/update.sh
+++ b/update.sh
@@ -248,6 +248,57 @@ EOF
     ncc config:system:set jpeg_quality --value 60
   }
 
+  # adjust local IPv6
+  cat > /etc/apache2/sites-available/ncp.conf <<EOF
+Listen 4443
+<VirtualHost _default_:4443>
+  DocumentRoot /var/www/ncp-web
+  SSLEngine on
+  SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
+  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+  # 2 days to avoid very big backups requests to timeout
+  TimeOut 172800
+
+  <IfModule mod_authnz_external.c>
+    DefineExternalAuth pwauth pipe /usr/sbin/pwauth
+  </IfModule>
+
+</VirtualHost>
+<Directory /var/www/ncp-web/>
+
+  AuthType Basic
+  AuthName "ncp-web login"
+  AuthBasicProvider external
+  AuthExternal pwauth
+
+  SetEnvIf Request_URI "^" noauth
+  SetEnvIf Request_URI "^index\.php$" !noauth
+  SetEnvIf Request_URI "^/$" !noauth
+  SetEnvIf Request_URI "^/wizard/index.php$" !noauth
+  SetEnvIf Request_URI "^/wizard/$" !noauth
+
+  <RequireAll>
+
+   <RequireAny>
+      Require host localhost
+      Require local
+      Require ip 192.168
+      Require ip 172
+      Require ip 10
+      Require ip fd00::/8
+      Require ip fe80::/10
+   </RequireAny>
+
+   <RequireAny>
+      Require env noauth
+      Require user ncp
+   </RequireAny>
+
+  </RequireAll>
+
+</Directory>
+EOF
 
   # remove redundant opcache configuration. Leave until update bug is fixed -> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815968
   # Bug #416 reappeared after we moved to php7.2 and debian buster packages. (keep last)