external/iiab
1
0
Fork 0
mirror of https://github.com/iiab/iiab.git synced 2025-03-09 15:40:17 +00:00
Code Issues Releases Wiki Activity

Cull nextcloud_allow_public_ips

Browse source
This commit is contained in:
root 2020-02-16 01:16:23 -05:00
parent 6081df7168
commit 2d31a56ff6
3 changed files with 17 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
roles/nextcloud/tasks/install.yml
View file

@ -68,7 +68,7 @@
template: template:
src: nextcloud.conf.j2 src: nextcloud.conf.j2
dest: "/etc/{{ apache_conf_dir }}/nextcloud.conf" # apache2/sites-available on debuntu dest: "/etc/{{ apache_conf_dir }}/nextcloud.conf" # apache2/sites-available on debuntu
when: apache_installed | bool when: apache_install | bool
# RECORD Nextcloud AS INSTALLED # RECORD Nextcloud AS INSTALLED

20
roles/nextcloud/templates/nextcloud.conf.j2
View file

@ -16,17 +16,17 @@ Alias {{ nextcloud_url }} {{ nextcloud_prefix }}/nextcloud
# 2019-09-04 commenting out towards future removal # 2019-09-04 commenting out towards future removal
#Require host localhost #Require host localhost
{% if nextcloud_allow_public_ips %} #{% if CONDITION %} {# where CONDITION was nextcloud_allow_public_ips #}
# PERMIT ACCESS FROM ALL IPv4 ADDRESSES: # # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
Require all granted Require all granted
# PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY: # # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
#Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10 # #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
{% else %} #{% else %}
# PERMIT ACCESS FROM ALL IPv4 ADDRESSES: # # PERMIT ACCESS FROM ALL IPv4 ADDRESSES:
#Require all granted # #Require all granted
# PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY: # # PERMIT ACCESS FROM THESE IPv4 ADDRESS RANGES ONLY:
Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10 # Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} 192.168 10
{% endif %} #{% endif %}
{# Reminder that {{ lan_ip }}/{{ lan_netmask }} is 172.18.96.1/255.255.224.0 #} {# Reminder that {{ lan_ip }}/{{ lan_netmask }} is 172.18.96.1/255.255.224.0 #}
# AVOID THIS LINE AS IT OVERLY RESTRICTS SCHOOLS W/ 192.168.1.x, 10.x.y.z: # AVOID THIS LINE AS IT OVERLY RESTRICTS SCHOOLS W/ 192.168.1.x, 10.x.y.z:
#Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0 #Require ip 127.0.0.1 {{ lan_ip }}/{{ lan_netmask }} {{ nextcloud_required_ip }} {{ openvpn_server_virtual_ip }}/255.255.255.0

7
roles/www_back_end/tasks/main.yml
View file

@ -9,9 +9,14 @@
- include_tasks: php-stem.yml - include_tasks: php-stem.yml
- name: Install php-fpm (FastCGI Process Manager) if nextcloud_install or pbx_install
package:
name: php-fpm
when: nextcloud_install or pbx_install
# COMPARE apache_allow_sudo @ roles/www_front_end/tasks/main.yml # COMPARE apache_allow_sudo @ roles/www_front_end/tasks/main.yml
# For schools that use WordPress/Nextcloud/Moodle intensively. iiab/iiab#1147 # For schools that use WordPress/Nextcloud/Moodle intensively.
# WARNING: Enabling this might cause excess use of RAM/disk or other resources! # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
- name: Enact high limits in /etc/php/{{ php_version }}/fpm/php.ini if using WordPress/Nextcloud/Moodle intensively - name: Enact high limits in /etc/php/{{ php_version }}/fpm/php.ini if using WordPress/Nextcloud/Moodle intensively
lineinfile: lineinfile: