Skip to content
Snippets Groups Projects
Commit 4bcfa932 authored by David Beniamine's avatar David Beniamine
Browse files

Add remote ip detection for fail2ban

parent a236a767
No related branches found
No related tags found
No related merge requests found
......@@ -16,3 +16,6 @@ MY_NETWORKS=localhost 127.0.0.0/8 10.42.0.0/16
ROOT_ALIAS=admin@FQDN
MY_DESTINATION=postfix.FQDN
REMOTES=postfix
TRUSTED_HOSTS=sympa postfix
TRUSTED_PROXY=traefik
TZ=Europe/Paris
......@@ -26,6 +26,8 @@ services:
SYMPA_DB_NAME:
SYMPA_DB_USER:
SYMPA_DB_PASSWD:
TZ:
TRUSTED_PROXY:
REMOTES:
networks:
- postfix
......@@ -50,6 +52,7 @@ services:
ROOT_ALIAS:
MY_DESTINATION:
TRUSTED_HOSTS:
TZ:
pgsql:
......
......@@ -4,12 +4,14 @@ ENV DEBIAN_FRONTEND noninteractive
RUN apt-get -y update && apt-get -y upgrade && apt-get -y install \
apache2 \
dnsutils \
inetutils-syslogd \
libapache2-mod-fcgid \
libdbd-pg-perl \
libfcgi-perl \
libnet-ldap-perl \
libio-socket-ssl-perl \
locales \
nullmailer \
openssh-server \
spawn-fcgi \
......@@ -29,10 +31,22 @@ COPY default.conf /etc/apache2/sites-available/000-default.conf
RUN a2enmod rewrite substitute alias proxy proxy_fcgi
RUN a2enmod remoteip
RUN echo 'RemoteIPHeader X-Forwarded-For' > /etc/apache2/conf-available/remoteip.conf
COPY supervisord.conf /etc/supervisor/conf.d
COPY run.sh /opt/sympa_run.sh
COPY entrypoint.sh /entrypoint
RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
ENV LANG en_US.UTF-8
ENV LANGUAGE en_US:en
ENV LC_ALL en_US.UTF-8
ENTRYPOINT /entrypoint
......@@ -83,6 +83,9 @@ if [ -n "$SYMPA_DOMAIN" ]; then
echo "$SYMPA_DOMAIN" > /etc/mailname
echo "$SYMPA_DOMAIN" > /etc/nullmailer/defaultdomain
fi
proxy=$(dig +short $TRUSTED_PROXY)
echo "RemoteIPTrustedProxy $proxy" >> /etc/apache2/conf-available/remoteip.conf
a2enconf remoteip
mkdir -p /var/log/supervisor/
# Launch all services
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment