Skip to content

Commit 906fcb8

Browse files
aptalcathelamer
authored andcommitted
update nginx site conf due to CVE
1 parent e0be2f5 commit 906fcb8

3 files changed

Lines changed: 13 additions & 6 deletions

File tree

README.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -127,9 +127,11 @@ In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as bel
127127
 
128128
## Application Setup
129129

130-
Access the webui at `<your-ip>:443`, for more information check out [Nextcloud](https://nextcloud.com/).
130+
Access the webui at `https://<your-ip>:443`, for more information check out [Nextcloud](https://nextcloud.com/).
131131

132-
If you are updating our container along with the in app updater and you are not customizing our default nginx configuration you will need to remove the file:
132+
In order to update nextcloud version, first make sure you are using the latest docker image, and then perform the in app gui update. Docker image update and recreation of container alone won't update nextcloud version.
133+
134+
If you are not customizing our default nginx configuration you will need to remove the file:
133135
```
134136
/config/nginx/site-confs/default
135137
```
@@ -201,6 +203,7 @@ Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64
201203

202204
## Versions
203205

206+
* **24.10.19:** - Nginx default site config updated due to CVE-2019-11043 (existing users should delete `/config/nginx/site-confs/default` and restart the container).
204207
* **14.07.19:** - Download nextcloud during build time.
205208
* **28.06.19:** - Rebasing to alpine 3.10.
206209
* **23.03.19:** - Switching to new Base images, shift to arm32v7 tag.

readme-vars.yml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -48,16 +48,19 @@ optional_block_1: false
4848
# application setup block
4949
app_setup_block_enabled: true
5050
app_setup_block: |
51-
Access the webui at `<your-ip>:443`, for more information check out [Nextcloud]({{ project_url }}).
51+
Access the webui at `https://<your-ip>:443`, for more information check out [Nextcloud]({{ project_url }}).
5252
53-
If you are updating our container along with the in app updater and you are not customizing our default nginx configuration you will need to remove the file:
53+
In order to update nextcloud version, first make sure you are using the latest docker image, and then perform the in app gui update. Docker image update and recreation of container alone won't update nextcloud version.
54+
55+
If you are not customizing our default nginx configuration you will need to remove the file:
5456
```
5557
/config/nginx/site-confs/default
5658
```
5759
Then restart the container to replace it with the latest one.
5860
5961
# changelog
6062
changelogs:
63+
- { date: "24.10.19:", desc: "Nginx default site config updated due to CVE-2019-11043 (existing users should delete `/config/nginx/site-confs/default` and restart the container)." }
6164
- { date: "14.07.19:", desc: "Download nextcloud during build time." }
6265
- { date: "28.06.19:", desc: "Rebasing to alpine 3.10." }
6366
- { date: "23.03.19:", desc: "Switching to new Base images, shift to arm32v7 tag." }

root/defaults/default

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ server {
55
listen 80;
66
listen [::]:80;
77
server_name _;
8-
return 301 https://$server_name$request_uri;
8+
return 301 https://$host$request_uri;
99
}
1010
server {
1111
listen 443 ssl http2;
@@ -41,7 +41,7 @@ server {
4141
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
4242
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
4343
location / {
44-
rewrite ^ /index.php$request_uri;
44+
rewrite ^ /index.php;
4545
}
4646
location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
4747
deny all;
@@ -51,6 +51,7 @@ server {
5151
}
5252
location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|ocm-provider\/.+)\.php(?:$|\/) {
5353
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
54+
try_files $fastcgi_script_name =404;
5455
include /etc/nginx/fastcgi_params;
5556
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
5657
fastcgi_param PATH_INFO $fastcgi_path_info;

0 commit comments

Comments
 (0)