Merge pull request #7 from szaimen/enh/noid/vaultwarden-admin

allow to block vaultwarden admin interface
szaimen · Jul 12, 2024 · ba0652d · ba0652d
2 parents 7026386 + 06145fb
commit ba0652d
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 1 deletion.
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
@@ -6,7 +6,7 @@ on:
       tagName:
         description: "Tag name"
         required: true
-        default: 'v1'
+        default: 'v2'
 
 jobs:
   push_to_registry:

diff --git a/start.sh b/start.sh
@@ -33,13 +33,32 @@ if [ -f "/nextcloud/admin/files/nextcloud-aio-caddy/GeoLite2-Country.mmdb" ]; th
     cp /nextcloud/admin/files/nextcloud-aio-caddy/GeoLite2-Country.mmdb /data/
     FILE_THERE=1
 fi
+if [ -f "/nextcloud/admin/files/nextcloud-aio-caddy/block-vaultwarden-admin" ]; then
+    VAULTWARDEN_BLOCK=1
+fi
 
 if [ -n "$(dig A +short nextcloud-aio-vaultwarden)" ] && ! grep -q nextcloud-aio-vaultwarden /Caddyfile; then
     cat << CADDY >> /Caddyfile
 https://bw.{\$NC_DOMAIN}:443 {
     # import GEOFILTER
+CADDY
+
+    if [ "$VAULTWARDEN_BLOCK" = 1 ]; then
+        cat << CADDY >> /Caddyfile
+    @blacklisted {
+        not {
+            path /admin*
+        }
+    }
+    reverse_proxy @blacklisted nextcloud-aio-vaultwarden:8812
+CADDY
+    else
+        cat << CADDY >> /Caddyfile
     reverse_proxy nextcloud-aio-vaultwarden:8812
+CADDY
+    fi
 
+    cat << CADDY >> /Caddyfile
     # TLS options
     tls {
         issuer acme {