From 68bc176b00a21d4c2fed3dc5515a2b929c0d4ce8 Mon Sep 17 00:00:00 2001 From: downtownallday Date: Thu, 22 Sep 2022 11:07:34 -0400 Subject: [PATCH] Don't add firewall rules for the remote nextcloud if it's not accessible --- setup/mods.available/remote-nextcloud.sh | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/setup/mods.available/remote-nextcloud.sh b/setup/mods.available/remote-nextcloud.sh index b8eace51..0634851e 100755 --- a/setup/mods.available/remote-nextcloud.sh +++ b/setup/mods.available/remote-nextcloud.sh @@ -180,8 +180,10 @@ remote_nextcloud_handler() { NC_HOST_SRC_IP="$ans" if [ -z "$NC_HOST_SRC_IP" ]; then + echo "" echo "Using Nextcloud ${new_url}" else + echo "" echo "Using Nextcloud ${new_url} (but, the source ip of ldap queries will come from $NC_HOST_SRC_IP)" fi @@ -220,10 +222,15 @@ remote_nextcloud_handler() { from_ips=( $NC_HOST_SRC_IP ) else from_ips=( - $(getent ahostsv4 "$NC_HOST" | head -1 | awk '{print $1}') - $(getent ahostsv6 "$NC_HOST" | head -1 | awk '{print $1}') + $(getent ahostsv4 "$NC_HOST" | head -1 | awk '{print $1}'; exit 0) + $(getent ahostsv6 "$NC_HOST" | head -1 | awk '{print $1}'; exit 0) ) + if [ ${#from_ips[*]} -eq 0 ]; then + echo "" + echo "Warning: $NC_HOST could not be resolved to an IP address, so no firewall rules were added to allow $NC_HOST to query our LDAP server. You may have to add ufw rules manually to allow the remote nextcloud to query ldaps port 636/tcp." + fi fi + for ip in "${from_ips[@]}"; do hide_output ufw allow proto tcp from "$ip" to any port ldaps comment "remote_nextcloud" done