From daaf4b7bea2c98b8ba86d0e881f75e8147696444 Mon Sep 17 00:00:00 2001
From: strawberry <strawberry@puppygock.gay>
Date: Sun, 3 Mar 2024 10:29:24 -0500
Subject: [PATCH] add basic loopback address container checks

Signed-off-by: strawberry <strawberry@puppygock.gay>
---
 src/main.rs | 26 +++++++++++++++++++++++++-
 1 file changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/main.rs b/src/main.rs
index d9fd1682..d92e866e 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -1,5 +1,5 @@
 use std::{
-    fs::Permissions, future::Future, io, net::SocketAddr, os::unix::fs::PermissionsExt,
+    fs::Permissions, future::Future, io, net::SocketAddr, os::unix::fs::PermissionsExt, path::Path,
     sync::atomic, time::Duration,
 };
 
@@ -159,6 +159,30 @@ async fn main() {
 
     /* ad-hoc config validation/checks */
 
+    if config.address.is_loopback() {
+        debug!(
+            "Found loopback listening address {}, running checks if we're in a container.",
+            config.address
+        );
+
+        #[cfg(unix)]
+        if Path::new("/proc/vz").exists() /* Guest */ && !Path::new("/proc/bz").exists()
+        /* Host */
+        {
+            error!("You are detected using OpenVZ with a loopback/localhost listening address of {}. If you are using OpenVZ for containers and you use NAT-based networking to communicate with the host and guest, this will NOT work. Please change this to \"0.0.0.0\". If this is expected, you can ignore.", config.address);
+        }
+
+        #[cfg(unix)]
+        if Path::new("/.dockerenv").exists() {
+            error!("You are detected using Docker with a loopback/localhost listening address of {}. If you are using a reverse proxy on the host and require communication to conduwuit in the Docker container via NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". If this is expected, you can ignore.", config.address);
+        }
+
+        #[cfg(unix)]
+        if Path::new("/run/.containerenv").exists() {
+            error!("You are detected using Podman with a loopback/localhost listening address of {}. If you are using a reverse proxy on the host and require communication to conduwuit in the Podman container via NAT-based networking, this will NOT work. Please change this to \"0.0.0.0\". If this is expected, you can ignore.", config.address);
+        }
+    }
+
     // yeah, unless the user built a debug build hopefully for local testing only
     if config.server_name == "your.server.name" && !cfg!(debug_assertions) {
         error!("You must specify a valid server name for production usage of conduwuit.");