From 88e190683b1fab5cd20ebabf876db7e58fd5fef9 Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Sat, 13 Jan 2024 16:29:28 +0100
Subject: [PATCH] trust the nextcloud-aio gateway

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Caddyfile | 4 ++++
 start.sh  | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/Caddyfile b/Caddyfile
index fad5f13..3078104 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -5,6 +5,10 @@
         root /data/caddy
     }
 
+    servers {
+        trusted_proxies placeholder
+    }
+
     log {
         level ERROR
     }
diff --git a/start.sh b/start.sh
index 27e684b..e32696d 100644
--- a/start.sh
+++ b/start.sh
@@ -16,6 +16,13 @@ while ! [ -f /nextcloud/admin/files/nextcloud-aio-caddy/allowed-countries.txt ];
     sleep 5
 done
 
+# Get ipv4-address of caddy
+IPv4_ADDRESS="$(dig nextcloud-aio-caddy A +short +search | head -1)"
+# Bring it in CIDR notation
+# shellcheck disable=SC2001
+IPv4_ADDRESS="$(echo "$IPv4_ADDRESS" | sed 's|[0-9]\+$|1/32|')"
+sed -i "s|trusted_proxies.*|trusted_proxies static $IPv4_ADDRESS|" /Caddyfile
+
 ALLOW_CONTRIES="$(head -n 1 /nextcloud/admin/files/nextcloud-aio-caddy/allowed-countries.txt)"
 if echo "$ALLOW_CONTRIES" | grep -q '^[A-Z ]\+$'; then
     FILTER_SET=1