ncp-web: adjust ipv6 local restrictions

Signed-off-by: nachoparker <nacho@ownyourbits.com>
2026-01-10 15:12:01 -03:30 · 2019-06-29 15:15:46 -06:00 · 2019-06-29 15:15:46 -06:00 · fbdab43b96
commit fbdab43b96
parent ce4477c8a4
3 changed files with 60 additions and 2 deletions
--- a/changelog.md
+++ b/changelog.md
@ -1,7 +1,11 @@

-[v1.13.3](https://github.com/nextcloud/nextcloudpi/commit/659d768) (2019-06-23) spDYN: remove unused IPV6 argument in spDYN.sh
+[v1.13.5](https://github.com/nextcloud/nextcloudpi/commit/abba511) (2019-06-29) ncp-web: adjust ipv6 local restrictions

-[v1.13.2](https://github.com/nextcloud/nextcloudpi/commit/c392529) (2019-06-17) nc-backup: fix exclusion of ncp backups
+[v1.13.4 ](https://github.com/nextcloud/nextcloudpi/commit/ce4477c) (2019-06-29) nc-previews: adjust preview sizes
+
+[v1.13.3](https://github.com/nextcloud/nextcloudpi/commit/0701949) (2019-06-23) spDYN: remove unused IPV6 argument in spDYN.sh
+
+[v1.13.2 ](https://github.com/nextcloud/nextcloudpi/commit/c392529) (2019-06-17) nc-backup: fix exclusion of ncp backups

 [v1.13.1 ](https://github.com/nextcloud/nextcloudpi/commit/5de855f) (2019-06-01) ncp-web: avoid quotes in fields

--- a/ncp.sh
+++ b/ncp.sh
@ -58,6 +58,7 @@ EOF
      Require ip 192.168
      Require ip 172
      Require ip 10
+      Require ip fe80::/10
      Require ip fd00::/8
   </RequireAny>

@ -102,6 +103,8 @@ Listen 4443
      Require ip 192.168
      Require ip 172
      Require ip 10
+      Require ip fe80::/10
+      Require ip fd00::/8
   </RequireAny>

   <RequireAny>
--- a/update.sh
+++ b/update.sh
@ -248,6 +248,57 @@ EOF
    ncc config:system:set jpeg_quality --value 60
  }

+  # adjust local IPv6
+  cat > /etc/apache2/sites-available/ncp.conf <<EOF
+Listen 4443
+<VirtualHost _default_:4443>
+  DocumentRoot /var/www/ncp-web
+  SSLEngine on
+  SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
+  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
+
+  # 2 days to avoid very big backups requests to timeout
+  TimeOut 172800
+
+  <IfModule mod_authnz_external.c>
+    DefineExternalAuth pwauth pipe /usr/sbin/pwauth
+  </IfModule>
+
+</VirtualHost>
+<Directory /var/www/ncp-web/>
+
+  AuthType Basic
+  AuthName "ncp-web login"
+  AuthBasicProvider external
+  AuthExternal pwauth
+
+  SetEnvIf Request_URI "^" noauth
+  SetEnvIf Request_URI "^index\.php$" !noauth
+  SetEnvIf Request_URI "^/$" !noauth
+  SetEnvIf Request_URI "^/wizard/index.php$" !noauth
+  SetEnvIf Request_URI "^/wizard/$" !noauth
+
+  <RequireAll>
+
+   <RequireAny>
+      Require host localhost
+      Require local
+      Require ip 192.168
+      Require ip 172
+      Require ip 10
+      Require ip fd00::/8
+      Require ip fe80::/10
+   </RequireAny>
+
+   <RequireAny>
+      Require env noauth
+      Require user ncp
+   </RequireAny>
+
+  </RequireAll>
+
+</Directory>
+EOF

  # remove redundant opcache configuration. Leave until update bug is fixed -> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815968
  # Bug #416 reappeared after we moved to php7.2 and debian buster packages. (keep last)