From 3f241bac09b9d490e19a42ea68f10d1bbc7781cf Mon Sep 17 00:00:00 2001
From: Simon L <szaimen@e.mail.de>
Date: Wed, 4 Oct 2023 14:23:32 +0200
Subject: [PATCH] fix some details

Signed-off-by: Simon L <szaimen@e.mail.de>
---
 Caddyfile  | 25 ++++++++++++++++++++++++-
 Dockerfile |  4 ++--
 start.sh   | 29 -----------------------------
 3 files changed, 26 insertions(+), 32 deletions(-)

diff --git a/Caddyfile b/Caddyfile
index 9e6f0ae..23f8c1e 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -2,10 +2,33 @@
     auto_https disable_redirects
 
     storage file_system {
-        root /data
+        root /data/caddy
     }
 
     log {
         level ERROR
     }
 }
+
+(GEOFILTER) {
+    @geofilter {
+        not maxmind_geolocation {
+            db_path "/data/GeoLite2-Country.mmdb"
+            allow_countries $ALLOW_CONTRIES
+        }
+        not remote_ip private_ranges
+    }
+    respond @geofilter 403
+}
+
+https://{$NC_DOMAIN}:443 {
+    # import GEOFILTER
+    reverse_proxy nextcloud-aio-apache:{$APACHE_PORT}
+
+    # TLS options
+    tls {
+        issuer acme {
+            disable_http_challenge
+        }
+    }
+}
diff --git a/Dockerfile b/Dockerfile
index 6fa41c7..a3ee38c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -25,7 +25,7 @@ RUN set -ex; \
     adduser -u 33 -D -S -G www-data www-data; \
     apk del shadow; \
     apk add --no-cache tzdata bash bind-tools netcat-openbsd util-linux-misc; \
-    mkdir /data; \
+    mkdir -p /data/caddy; \
     chown 33:33 -R /data; \
     chmod 770 -R /data
 
@@ -33,7 +33,7 @@ VOLUME /data
 
 COPY --from=go /go/caddy /usr/local/bin/caddy
 COPY --chmod=775 start.sh /start.sh
-COPY --chmod=664 Caddyfile /Caddyfile
+COPY --chown=33:33 Caddyfile /Caddyfile
 
 USER www-data
 ENTRYPOINT [ "/start.sh" ]
diff --git a/start.sh b/start.sh
index 8692530..942829d 100644
--- a/start.sh
+++ b/start.sh
@@ -29,35 +29,6 @@ if [ -f "/nextcloud/admin/files/nextcloud-aio-caddy/GeoLite2-Country.mmdb" ]; th
     FILE_THERE=1
 fi
 
-if [ "$FILTER_SET" = 1 ] && [ "$FILE_THERE" = 1 ]; then
-    cat << CADDY >> /Caddyfile
-(GEOFILTER) {
-    @geofilter {
-        not maxmind_geolocation {
-            db_path "/data/GeoLite2-Country.mmdb"
-            allow_countries $ALLOW_CONTRIES
-        }
-        not remote_ip private_ranges
-    }
-    respond @geofilter 403
-}
-CADDY
-fi
-
-cat << CADDY >> /Caddyfile
-https://{\$NC_DOMAIN}:443 {
-    # import GEOFILTER
-    reverse_proxy nextcloud-aio-apache:{\$APACHE_PORT}
-
-    # TLS options
-    tls {
-        issuer acme {
-            disable_http_challenge
-        }
-    }
-}
-CADDY
-
 if [ -n "$(dig A +short nextcloud-aio-vaultwarden)" ]; then
     cat << CADDY >> /Caddyfile
 https://bw.{\$NC_DOMAIN}:443 {