Merge pull request #3 from szaimen/enh/noid/fix-details

szaimen · Oct 4, 2023 · b009cf8 · b009cf8
2 parents 7f6eb43 + 3f241ba
commit b009cf8
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 32 deletions.
diff --git a/Caddyfile b/Caddyfile
@@ -2,10 +2,33 @@
     auto_https disable_redirects
 
     storage file_system {
-        root /data
+        root /data/caddy
     }
 
     log {
         level ERROR
     }
 }
+
+(GEOFILTER) {
+    @geofilter {
+        not maxmind_geolocation {
+            db_path "/data/GeoLite2-Country.mmdb"
+            allow_countries $ALLOW_CONTRIES
+        }
+        not remote_ip private_ranges
+    }
+    respond @geofilter 403
+}
+
+https://{$NC_DOMAIN}:443 {
+    # import GEOFILTER
+    reverse_proxy nextcloud-aio-apache:{$APACHE_PORT}
+
+    # TLS options
+    tls {
+        issuer acme {
+            disable_http_challenge
+        }
+    }
+}
diff --git a/Dockerfile b/Dockerfile
@@ -25,15 +25,15 @@ RUN set -ex; \
     adduser -u 33 -D -S -G www-data www-data; \
     apk del shadow; \
     apk add --no-cache tzdata bash bind-tools netcat-openbsd util-linux-misc; \
-    mkdir /data; \
+    mkdir -p /data/caddy; \
     chown 33:33 -R /data; \
     chmod 770 -R /data
 
 VOLUME /data
 
 COPY --from=go /go/caddy /usr/local/bin/caddy
 COPY --chmod=775 start.sh /start.sh
-COPY --chmod=664 Caddyfile /Caddyfile
+COPY --chown=33:33 Caddyfile /Caddyfile
 
 USER www-data
 ENTRYPOINT [ "/start.sh" ]
diff --git a/start.sh b/start.sh
@@ -29,35 +29,6 @@ if [ -f "/nextcloud/admin/files/nextcloud-aio-caddy/GeoLite2-Country.mmdb" ]; th
     FILE_THERE=1
 fi
 
-if [ "$FILTER_SET" = 1 ] && [ "$FILE_THERE" = 1 ]; then
-    cat << CADDY >> /Caddyfile
-(GEOFILTER) {
-    @geofilter {
-        not maxmind_geolocation {
-            db_path "/data/GeoLite2-Country.mmdb"
-            allow_countries $ALLOW_CONTRIES
-        }
-        not remote_ip private_ranges
-    }
-    respond @geofilter 403
-}
-CADDY
-fi
-
-cat << CADDY >> /Caddyfile
-https://{\$NC_DOMAIN}:443 {
-    # import GEOFILTER
-    reverse_proxy nextcloud-aio-apache:{\$APACHE_PORT}
-
-    # TLS options
-    tls {
-        issuer acme {
-            disable_http_challenge
-        }
-    }
-}
-CADDY
-
 if [ -n "$(dig A +short nextcloud-aio-vaultwarden)" ]; then
     cat << CADDY >> /Caddyfile
 https://bw.{\$NC_DOMAIN}:443 {