From 900a05c2c04e114dec5fdfd37fae06cacc5591be Mon Sep 17 00:00:00 2001 From: chillymattster <106633144+chillymattster@users.noreply.github.com> Date: Fri, 14 Nov 2025 15:38:21 +0100 Subject: [PATCH] avoid enforcing visible default port at the end of urls --- config/opencloud/csp.yaml | 12 ++++++------ docker-compose.yml | 2 +- weboffice/collabora.yml | 16 ++++++++-------- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/config/opencloud/csp.yaml b/config/opencloud/csp.yaml index e8b9757..7709473 100644 --- a/config/opencloud/csp.yaml +++ b/config/opencloud/csp.yaml @@ -4,10 +4,10 @@ directives: connect-src: - '''self''' - 'blob:' - - 'https://${COMPANION_DOMAIN|companion.opencloud.test}:${TRAEFIK_EXTERNAL_PORT|443}/' - - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}:${TRAEFIK_EXTERNAL_PORT|443}/' + - 'https://${COMPANION_DOMAIN|companion.opencloud.test}${TRAEFIK_EXTERNAL_PORT}/' + - 'wss://${COMPANION_DOMAIN|companion.opencloud.test}${TRAEFIK_EXTERNAL_PORT}/' - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/' - - 'https://${IDP_DOMAIN|keycloak.opencloud.test}:${TRAEFIK_EXTERNAL_PORT|443}/' + - 'https://${IDP_DOMAIN|keycloak.opencloud.test}${TRAEFIK_EXTERNAL_PORT}/' - 'https://update.opencloud.eu/' default-src: - '''none''' @@ -20,7 +20,7 @@ directives: - 'blob:' - 'https://embed.diagrams.net/' # In contrary to bash and docker the default is given after the | character - - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}:${TRAEFIK_EXTERNAL_PORT|443}/' + - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}${TRAEFIK_EXTERNAL_PORT}/' # This is needed for the external-sites web extension when embedding sites - 'https://docs.opencloud.eu' img-src: @@ -30,7 +30,7 @@ directives: - 'https://raw.githubusercontent.com/opencloud-eu/awesome-apps/' - 'https://tile.openstreetmap.org/' # In contrary to bash and docker the default is given after the | character - - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}:${TRAEFIK_EXTERNAL_PORT|443}/' + - 'https://${COLLABORA_DOMAIN|collabora.opencloud.test}${TRAEFIK_EXTERNAL_PORT}/' manifest-src: - '''self''' media-src: @@ -41,7 +41,7 @@ directives: script-src: - '''self''' - '''unsafe-inline''' - - 'https://${IDP_DOMAIN|keycloak.opencloud.test}:${TRAEFIK_EXTERNAL_PORT|443}/' + - 'https://${IDP_DOMAIN|keycloak.opencloud.test}${TRAEFIK_EXTERNAL_PORT}/' style-src: - '''self''' - '''unsafe-inline''' diff --git a/docker-compose.yml b/docker-compose.yml index 62546e3..aa00fd2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,7 +15,7 @@ services: environment: # enable services that are not started automatically OC_ADD_RUN_SERVICES: ${START_ADDITIONAL_SERVICES} - OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}:${TRAEFIK_PORT_HTTPS:-443} + OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} OC_LOG_LEVEL: ${LOG_LEVEL:-info} OC_LOG_COLOR: "${LOG_PRETTY:-false}" OC_LOG_PRETTY: "${LOG_PRETTY:-false}" diff --git a/weboffice/collabora.yml b/weboffice/collabora.yml index 58ff93f..d623860 100644 --- a/weboffice/collabora.yml +++ b/weboffice/collabora.yml @@ -5,7 +5,7 @@ services: environment: # this is needed for setting the correct CSP header COLLABORA_DOMAIN: ${COLLABORA_DOMAIN:-collabora.opencloud.test} - TRAEFIK_EXTERNAL_PORT: ${TRAEFIK_PORT_HTTPS:-443} + TRAEFIK_EXTERNAL_PORT: ${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} # expose nats and the reva gateway for the collaboration service NATS_NATS_HOST: 0.0.0.0 GATEWAY_GRPC_ADDR: 0.0.0.0:9142 @@ -30,15 +30,15 @@ services: COLLABORATION_HTTP_ADDR: 0.0.0.0:9300 MICRO_REGISTRY: "nats-js-kv" MICRO_REGISTRY_ADDRESS: "opencloud:9233" - COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}:${TRAEFIK_PORT_HTTPS:-443} + COLLABORATION_WOPI_SRC: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} COLLABORATION_APP_NAME: "CollaboraOnline" COLLABORATION_APP_PRODUCT: "Collabora" - COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}:${TRAEFIK_PORT_HTTPS:-443} - COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}:${TRAEFIK_PORT_HTTPS:-443}/favicon.ico + COLLABORATION_APP_ADDR: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} + COLLABORATION_APP_ICON: https://${COLLABORA_DOMAIN:-collabora.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-}/favicon.ico COLLABORATION_APP_INSECURE: "${INSECURE:-true}" COLLABORATION_CS3API_DATAGATEWAY_INSECURE: "${INSECURE:-true}" COLLABORATION_LOG_LEVEL: ${LOG_LEVEL:-info} - OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}:${TRAEFIK_PORT_HTTPS:-443} + OC_URL: https://${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} volumes: # configure the .env file to use own paths instead of docker internal volumes - ${OC_CONFIG_DIR:-opencloud-config}:/etc/opencloud @@ -52,15 +52,15 @@ services: networks: opencloud-net: environment: - aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}:${TRAEFIK_PORT_HTTPS:-443} + aliasgroup1: https://${WOPISERVER_DOMAIN:-wopiserver.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} DONT_GEN_SSL_CERT: "YES" extra_params: | --o:ssl.enable=${COLLABORA_SSL_ENABLE:-true} \ --o:ssl.ssl_verification=${COLLABORA_SSL_VERIFICATION:-true} \ --o:ssl.termination=true \ --o:welcome.enable=false \ - --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test}:${TRAEFIK_PORT_HTTPS:-443} \ - --o:net.lok_allow.host[14]=${OC_DOMAIN-cloud.opencloud.test}:${TRAEFIK_PORT_HTTPS:-443} \ + --o:net.frame_ancestors=${OC_DOMAIN:-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} \ + --o:net.lok_allow.host[14]=${OC_DOMAIN-cloud.opencloud.test}${TRAEFIK_PORT_HTTPS:+:}${TRAEFIK_PORT_HTTPS:-} \ --o:home_mode.enable=${COLLABORA_HOME_MODE:-false} username: ${COLLABORA_ADMIN_USER:-admin} password: ${COLLABORA_ADMIN_PASSWORD:-admin}