Don't add firewall rules for the remote nextcloud if it's not accessible

2025-04-05 00:27:25 +00:00 · 2022-09-22 11:07:34 -04:00 · 2022-09-22 11:07:34 -04:00 · 68bc176b00
commit 68bc176b00
parent 912b78bb47
1 changed files with 9 additions and 2 deletions
--- a/setup/mods.available/remote-nextcloud.sh
+++ b/setup/mods.available/remote-nextcloud.sh
@ -180,8 +180,10 @@ remote_nextcloud_handler() {
        NC_HOST_SRC_IP="$ans"

        if [ -z "$NC_HOST_SRC_IP" ]; then
+            echo ""
            echo "Using Nextcloud ${new_url}"
        else
+            echo ""
            echo "Using Nextcloud ${new_url} (but, the source ip of ldap queries will come from $NC_HOST_SRC_IP)"
        fi

@ -220,10 +222,15 @@ remote_nextcloud_handler() {
            from_ips=( $NC_HOST_SRC_IP )
        else
            from_ips=(
-                $(getent ahostsv4 "$NC_HOST" | head -1 | awk '{print $1}')
-                $(getent ahostsv6 "$NC_HOST" | head -1 | awk '{print $1}')
+                $(getent ahostsv4 "$NC_HOST" | head -1 | awk '{print $1}'; exit 0)
+                $(getent ahostsv6 "$NC_HOST" | head -1 | awk '{print $1}'; exit 0)
            )
+            if [ ${#from_ips[*]} -eq 0 ]; then
+                echo ""
+                echo "Warning: $NC_HOST could not be resolved to an IP address, so no firewall rules were added to allow $NC_HOST to query our LDAP server. You may have to add ufw rules manually to allow the remote nextcloud to query ldaps port 636/tcp."
+            fi
        fi
+            
        for ip in "${from_ips[@]}"; do
            hide_output ufw allow proto tcp from "$ip" to any port ldaps comment "remote_nextcloud"
        done