From 603ce7cca0cd9eba105879b44a06492af390ff97 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@e.mail.de>
Date: Thu, 28 Apr 2022 21:57:19 +0200
Subject: [PATCH] don't allow access from nextcloud-aio-nextcloud

Signed-off-by: szaimen <szaimen@e.mail.de>
---
 Containers/mastercontainer/start.sh | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/Containers/mastercontainer/start.sh b/Containers/mastercontainer/start.sh
index c514f149..bb319010 100755
--- a/Containers/mastercontainer/start.sh
+++ b/Containers/mastercontainer/start.sh
@@ -130,6 +130,20 @@ chown www-data:www-data -R /mnt/docker-aio-config/session/
 chown www-data:www-data -R /mnt/docker-aio-config/caddy/
 chown root:root -R /mnt/docker-aio-config/certs/
 
+# Don't allow access to the AIO interface directly from the Nextcloud container
+# Probably more cosmetic than anything but at least an attempt
+if ! grep -q '# nextcloud-aio-block' /etc/apache2/apache2.conf; then
+    cat << APACHE_CONF >> /etc/apache2/apache2.conf
+# nextcloud-aio-block-start
+<Location />
+order allow,deny
+deny from nextcloud-aio-nextcloud.nextcloud-aio
+allow from all
+</Location>
+# nextcloud-aio-block-end
+APACHE_CONF
+fi
+
 # Adjust certs
 GENERATED_CERTS="/mnt/docker-aio-config/certs"
 TMP_CERTS="/etc/apache2/certs"