YunoHost-Apps/reverseproxy_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/reverseproxy_ynh.git synced 2024-09-03 20:16:23 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix unix domain socket check... regex MUST NOT be quoted

Browse source
This commit is contained in:
selfhoster1312 2024-08-05 17:31:52 +02:00 committed by selfhoster1312
parent db31ed62bd
commit 78952a2db0
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
scripts/_common.sh
View file

@ -3,9 +3,13 @@
# - plaintext http is only allowed to localhost (to avoid leaking credentials on the network) # - plaintext http is only allowed to localhost (to avoid leaking credentials on the network)
# - http(s) destination is webroot, no additional component allowed (eg. http://localhost:1234/test is invalid) # - http(s) destination is webroot, no additional component allowed (eg. http://localhost:1234/test is invalid)
rp_validate_proxy_path() { rp_validate_proxy_path() {
if [[ ! $proxy_path =~ '^unix:/' ]]; then if [[ "$proxy_path" == unix:/* ]]; then
# Final nginx config is http://unix:/path/to.socket
proxy_path="http://$proxy_path"
elif [[ ! "$proxy_path" == http://unix:/* ]]; then
# Not unix domain socket... check URL is localhost
url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$' url_regex='^(http://(127\.[0-9]+\.[0-9]+\.[0-9]+|localhost)|https://.*)(:[0-9]+)?(/.*)?$'
[[ ! $proxy_path =~ $url_regex ]] && ynh_die \ [[ ! "$proxy_path" =~ $url_regex ]] && ynh_die \
"For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $proxy_path" 1 "For secure reason, you can't use an unencrypted http remote destination couple with ssowat for your reverse proxy: $proxy_path" 1
fi fi