Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fear: Forcefully bind apps to 127.0.0.1 if NGINX installed #960

Draft
wants to merge 5 commits into
base: develop
Choose a base branch
from
Draft

Fear: Forcefully bind apps to 127.0.0.1 if NGINX installed #960

wants to merge 5 commits into from

Conversation

brettpetch
Copy link
Member

@brettpetch brettpetch commented Feb 26, 2023
edited

Description

Fixes issues:

Rel: qbittorrent/qBittorrent#18618

Proposed Changes:

  • If nginx installed, force bind address to localhost (or 127.0.0.1)
  • Add bindEnforce to swizdb (Can be set to True/False)
  • Add documentation about bindEnforce to Docs
  • If bindEnforce is set to False, do not override bind address in any case

Change Categories

  • Bug fix
  • CVE Mitigation

Checklist

  • Branch was made off the develop branch and the PR is targetting the develop branch
  • Docs have been made OR are not necessary
    • PR link:
  • Changes to panel have been made OR are not necessary
    • PR link:
  • Code is formatted (See more)
  • Code conforms to project structure (See more)
  • Shellcheck isn't screaming (See more)
  • Prints to terminal are handled (See more)
  • I have commented my code, particularly in hard-to-understand areas
  • Testing was done
    • Tests created or no new tests necessary
    • Tests executed

Test scenarios

Architectures

amd64 armhf arm64 Unspecified
Jammy
Focal
Bionic
Bullseye
Buster
Stretch
Raspbian ⚫️ ⚫️ ⚫️

✅❎ Passed

🛠🛠 TODO

❌❌ Currently failing

@brettpetch brettpetch changed the base branch from master to develop February 26, 2023 23:12
@github-actions
Copy link

sh-checker report

shellcheck output 
No errors or shellcheck is disabled

The files above have some shellcheck issues

shfmt output 
--- scripts/update/qbittorrent.sh.orig
+++ scripts/update/qbittorrent.sh
@@ -1,60 +1,60 @@
 #!/bin/bash
 #shellcheck source=sources/functions/utils
 . /etc/swizzin/sources/functions/utils
 users=($(_get_user_list))
 
 if [[ -f /install/.qbittorrent.lock ]]; then
     #Check systemd service for updates
     type=simple
     if [[ $(systemctl --version | awk 'NR==1 {print $2}') -ge 240 ]]; then
         unittype=exec
     fi
     if ! grep -q Type=$unittype /etc/systemd/system/qbittorrent@.service; then
         sed -i "s/Type=.*/Type=$unittype/g" /etc/systemd/system/qbittorrent@.service
         reloadsys=true
     fi
     if grep -q "qbittorrent-nox -d" /etc/systemd/system/qbittorrent@.service; then
         sed -i 's|/usr/bin/qbittorrent-nox -d|/usr/bin/qbittorrent-nox|g' /etc/systemd/system/qbittorrent@.service
         reloadsys=true
     fi
     if [[ $reloadsys == true ]]; then
         systemctl daemon-reload
         echo_info "qBittorrent systemd services have been updated. Please restart qBittorrent services at your convenience."
     fi
     #End systemd service updates
     #Check for proxy_cookie_path in nginx to prevent writing cookies to /
     if [[ -f /install/.nginx.lock ]]; then
         if ! grep -q proxy_cookie_path /etc/nginx/apps/qbittorrent.conf; then
             sed -r 's|(rewrite .*)|\1\n    proxy_cookie_path / "/qbittorrent/; Secure";|g' -i /etc/nginx/apps/qbittorrent.conf
             systemctl reload nginx
         fi
         if [ -z "$SWIZDB_BIND_ENFORCE" ]; then
             if ! SWIZDB_BIND_ENFORCE="$(swizdb get qbittorrent/bindEnforce)"; then
                 SWIZDB_BIND_ENFORCE=True
                 swizdb set "qbittorrent/bindEnforce" "$SWIZDB_BIND_ENFORCE"
             fi
         else
             echo_info "Setting qbittorrent/bindEnforce = $SWIZDB_BIND_ENFORCE"
             swizdb set "qbittorrent/bindEnforce" "$SWIZDB_BIND_ENFORCE"
         fi
         if $(swizdb get qbittorrent/bindEnforce); then
             for user in ${users[@]}; do
                 if ! grep -q "WebUI\\\Address=127.0.0.1" /home/${user}/.config/qBittorrent/qBittorrent.conf; then
                     wasActive=$(systemctl is-active qbittorrent@${user})
                     echo_log_only "Active: ${wasActive}"
                     if [[ $wasActive == "active" ]]; then
                         echo_log_only "Stopping qBittorrent for ${user}"
                         systemctl stop -q "qbittorrent@${user}"
                     fi
                     sed -i 's|WebUI\\\Address*|WebUI\\\Address=127.0.0.1|g' /home/${user}/.config/qBittorrent/qBittorrent.conf
                     systemctl start "qbittorrent@${user}"
                     if [[ $wasActive == "active" ]]; then
                         echo_log_only "Activating qBittorrent for ${user}"
                         systemctl start "qbittorrent@${user}" -q
                     fi
                 fi
             done
         fi
-    fi          
+    fi
 fi

The files above have some formatting problems, you can use shfmt -w to fix them

To get the full details about this job

@github-actions
Copy link

sh-checker report

shellcheck output 
No errors or shellcheck is disabled

The files above have some shellcheck issues

shfmt output 
No errors or shfmt is disabled

The files above have some formatting problems, you can use shfmt -w to fix them

To get the full details about this job

@brettpetch brettpetch changed the title fix: qBittorrent to localhost if NGINX installed Fear: Forcefully bind apps to 127.0.0.1 if NGINX installed Apr 22, 2023
@github-actions github-actions bot added the has conflicts This PR has conflicts against master label Sep 16, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
has conflicts This PR has conflicts against master
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@brettpetch