diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh index f215f6c6a8c..f4121c92415 100644 --- a/Containers/mastercontainer/start.sh +++ b/Containers/mastercontainer/start.sh @@ -180,7 +180,7 @@ It is set to '$APACHE_PORT'." fi fi if [ -n "$APACHE_IP_BINDING" ]; then - if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$\|^[0-9a-f:]\+$'; then + if ! echo "$APACHE_IP_BINDING" | grep -q '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$\|^[0-9a-f:]\+$\|^@INTERNAL$'; then print_red "You provided an ip-address for the apache container's ip-binding but it was not a valid ip-address. It is set to '$APACHE_IP_BINDING'." exit 1 diff --git a/community-containers/caddy/caddy.json b/community-containers/caddy/caddy.json index 561c521902c..2bd68e3a5e8 100644 --- a/community-containers/caddy/caddy.json +++ b/community-containers/caddy/caddy.json @@ -38,7 +38,7 @@ } ], "aio_variables": [ - "apache_ip_binding=127.0.0.1", + "apache_ip_binding=@INTERNAL", "apache_port=11000" ], "nextcloud_exec_commands": [ diff --git a/php/containers.json b/php/containers.json index ffead0d82f4..1bf3bfd9a9d 100644 --- a/php/containers.json +++ b/php/containers.json @@ -221,7 +221,6 @@ "DOCKER_SOCKET_PROXY_ENABLED=%DOCKER_SOCKET_PROXY_ENABLED%", "REMOVE_DISABLED_APPS=%REMOVE_DISABLED_APPS%", "APACHE_PORT=%APACHE_PORT%", - "APACHE_IP_BINDING=%APACHE_IP_BINDING%", "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%", "THIS_IS_AIO=true", "IMAGINARY_SECRET=%IMAGINARY_SECRET%" diff --git a/php/src/Docker/DockerActionManager.php b/php/src/Docker/DockerActionManager.php index d36ad4afb96..8b2e8a3e848 100644 --- a/php/src/Docker/DockerActionManager.php +++ b/php/src/Docker/DockerActionManager.php @@ -137,7 +137,7 @@ public function GetContainerStartingState(Container $container) : IContainerStat } elseif($internalPort === '%TALK_PORT%') { $internalPort = $this->configurationManager->GetTalkPort(); } - + if ($internalPort !== "" && $internalPort !== 'host') { $connection = @fsockopen($containerName, (int)$internalPort, $errno, $errstr, 0.2); if ($connection) { @@ -295,8 +295,6 @@ public function CreateContainer(Container $container) : void { $replacements[1] = $this->configurationManager->GetSelectedRestoreTime(); } elseif ($out[1] === 'APACHE_PORT') { $replacements[1] = $this->configurationManager->GetApachePort(); - } elseif ($out[1] === 'APACHE_IP_BINDING') { - $replacements[1] = $this->configurationManager->GetApacheIPBinding(); } elseif ($out[1] === 'TALK_PORT') { $replacements[1] = $this->configurationManager->GetTalkPort(); } elseif ($out[1] === 'NEXTCLOUD_MOUNT') { @@ -438,7 +436,7 @@ public function CreateContainer(Container $container) : void { $requestBody['HostConfig']['RestartPolicy']['Name'] = $container->GetRestartPolicy(); $requestBody['HostConfig']['ReadonlyRootfs'] = $container->GetReadOnlySetting(); - + $exposedPorts = []; if ($container->GetInternalPort() !== 'host') { foreach($container->GetPorts()->GetPorts() as $value) { @@ -478,6 +476,10 @@ public function CreateContainer(Container $container) : void { $ipBinding = $value->ipBinding; if ($ipBinding === '%APACHE_IP_BINDING%') { $ipBinding = $this->configurationManager->GetApacheIPBinding(); + // Do not expose if AIO is in internal network mode + if ($ipBinding === '@INTERNAL') { + continue; + } } $portWithProtocol = $port . '/' . $protocol; $requestBody['HostConfig']['PortBindings'][$portWithProtocol] = [ @@ -708,7 +710,7 @@ private function GetRepoDigestsOfContainer(string $containerName) : ?array { if (!isset($imageOutput['RepoDigests'])) { error_log('RepoDigests is not set of container ' . $containerName); return null; - } + } if (!is_array($imageOutput['RepoDigests'])) { error_log('RepoDigests of ' . $containerName . ' is not an array which is not allowed!');