mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-03-27 02:32:49 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
2cb4f2e23352f6f3bd85ea790085380984ddb613
FreshRSS/Docker/entrypoint.sh
Alexandre Alapetite e7689459f2 Rework trusted proxies (#5549) 
* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226

New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy

New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.

Current working setups should not observe any significant change.

* Minor whitespace

* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357

* Minor readme
2023-07-30 12:59:18 +02:00

80 lines
2.5 KiB
Bash
Executable File
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#!/bin/sh
ln -snf "/usr/share/zoneinfo/$TZ" /etc/localtime
echo "$TZ" >/etc/timezone
find /etc/php*/ -type f -name php.ini -exec sed -r -i "\\#^;?date.timezone#s#^.*#date.timezone = $TZ#" {} \;
find /etc/php*/ -type f -name php.ini -exec sed -r -i "\\#^;?post_max_size#s#^.*#post_max_size = 32M#" {} \;
find /etc/php*/ -type f -name php.ini -exec sed -r -i "\\#^;?upload_max_filesize#s#^.*#upload_max_filesize = 32M#" {} \;
if [ -n "$LISTEN" ]; then
find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "\\#^Listen#s#^.*#Listen $LISTEN#" {} \;
fi
if [ -n "$TRUSTED_PROXY" ]; then
if [ "$TRUSTED_PROXY" -eq 0 ]; then
# Disable RemoteIPHeader and RemoteIPTrustedProxy
find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "/^\s*RemoteIP.*$/s/^/#/" {} \;
else
# Custom list for RemoteIPTrustedProxy
find /etc/apache2/ -type f -name FreshRSS.Apache.conf -exec sed -r -i "\\#^\s*RemoteIPTrustedProxy#s#^.*#\tRemoteIPTrustedProxy $TRUSTED_PROXY#" {} \;
fi
fi
if [ -n "$OIDC_ENABLED" ] && [ "$OIDC_ENABLED" -ne 0 ]; then
a2enmod -q auth_openidc
fi
if [ -n "$CRON_MIN" ]; then
(
echo "export TZ=$TZ"
echo "export COPY_LOG_TO_SYSLOG=$COPY_LOG_TO_SYSLOG"
echo "export COPY_SYSLOG_TO_STDERR=$COPY_SYSLOG_TO_STDERR"
echo "export FRESHRSS_ENV=$FRESHRSS_ENV"
echo "export DATA_PATH=$DATA_PATH"
) >/var/www/FreshRSS/Docker/env.txt
sed </etc/crontab.freshrss.default \
-r "s#^[^ ]+ #$CRON_MIN #" | crontab -
fi
./cli/access-permissions.sh
php -f ./cli/prepare.php >/dev/null
if [ -n "$FRESHRSS_INSTALL" ]; then
# shellcheck disable=SC2046
php -f ./cli/do-install.php -- \
$(echo "$FRESHRSS_INSTALL" | sed -r 's/[\r\n]+/\n/g' | paste -s -)
EXITCODE=$?
if [ $EXITCODE -eq 3 ]; then
echo ' FreshRSS already installed; no change performed.'
elif [ $EXITCODE -eq 0 ]; then
echo '✅ FreshRSS successfully installed.'
else
echo '❌ FreshRSS error during installation!'
exit $EXITCODE
fi
fi
if [ -n "$FRESHRSS_USER" ]; then
# shellcheck disable=SC2046
php -f ./cli/create-user.php -- \
$(echo "$FRESHRSS_USER" | sed -r 's/[\r\n]+/\n/g' | paste -s -)
EXITCODE=$?
if [ $EXITCODE -eq 3 ]; then
echo ' FreshRSS user already exists; no change performed.'
elif [ $EXITCODE -eq 0 ]; then
echo '✅ FreshRSS user successfully created.'
./cli/list-users.php | xargs -n1 ./cli/actualize-user.php --user
else
echo '❌ FreshRSS error during the creation of a user!'
exit $EXITCODE
fi
fi
./cli/access-permissions.sh
exec "$@"
Reference in New Issue View Git Blame Copy Permalink