From f1d543465743dc33e43843ee342fe3e760f736dd Mon Sep 17 00:00:00 2001
From: Monviech <79600909+Monviech@users.noreply.github.com>
Date: Thu, 27 Jun 2024 15:18:21 +0200
Subject: [PATCH] www/caddy: Fix IPv6 address + Port combination in Caddyfile
template (#4054)
* Fix IPv6 in handlers. IPv6 will be detected and put into square brackets. Additionally removed that IP addresses are valid in the frontend domain, since that would break some template sections like dyndns and certificate generation, so it is unsupported in the scope of the GUI.
* www/caddy: Remove IP address in domains from help text too.
* www/caddy: Explicitely set IpAllowed to N since the default is Y.
---
.../controllers/OPNsense/Caddy/forms/dialogReverseProxy.xml | 2 +-
.../src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml | 4 ++--
.../src/opnsense/service/templates/OPNsense/Caddy/Caddyfile | 6 ++++--
3 files changed, 7 insertions(+), 5 deletions(-)
diff --git a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dialogReverseProxy.xml b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dialogReverseProxy.xml
index ba4670d52..9b43eb076 100644
--- a/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dialogReverseProxy.xml
+++ b/www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dialogReverseProxy.xml
@@ -10,7 +10,7 @@
textexample.com
-
+ reverse.FromPort
diff --git a/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml b/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml
index eab9054cd..a8bc042c8 100644
--- a/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml
+++ b/www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml
@@ -135,8 +135,8 @@
Y
- Please enter a valid 'from' domain or IP address.
- Y
+ Please enter a valid 'from' domain.
+ NYYN
diff --git a/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile b/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile
index e9a5496aa..670984981 100644
--- a/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile
+++ b/www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile
@@ -350,9 +350,11 @@
rewrite * {{ handle.ToPath }}{uri}
{% endif %}
reverse_proxy {% for domain in handle.ToDomain.split(',') %}
+ {# Check if the domain is IPv6 and wrap in square brackets if necessary #}
+ {% set is_ipv6 = (':' in domain and domain.count(':') >= 2) %}
{# For each domain/IP, append the port if it's specified, followed by a space #}
- {{- domain -}}{% if handle.ToPort %}:{{ handle.ToPort }}{% endif %}{% if not loop.last %} {% endif %}
- {% endfor %}{
+ {{- '[' if is_ipv6 else '' -}}{{ domain }}{{ ']' if is_ipv6 else '' -}}{% if handle.ToPort %}:{{ handle.ToPort }}{% endif %}{% if not loop.last %} {% endif %}
+ {% endfor %} {
{{ header_manipulation(handle) }}
{% if handle.PassiveHealthFailDuration|default("") %}
fail_duration {{ handle.PassiveHealthFailDuration }}s