From 4bcfa932248eec562776352ae08bb5ae762da502 Mon Sep 17 00:00:00 2001
From: La sif serveur <david.beniamine@tetras-libre.fr>
Date: Fri, 22 Jul 2022 00:32:09 +0200
Subject: [PATCH] Add remote ip detection for fail2ban

---
 .env.sample                |  3 +++
 docker-compose.yml         |  3 +++
 docker/sympa/Dockerfile    | 14 ++++++++++++++
 docker/sympa/entrypoint.sh |  3 +++
 4 files changed, 23 insertions(+)

diff --git a/.env.sample b/.env.sample
index 67a903a..2afd91e 100644
--- a/.env.sample
+++ b/.env.sample
@@ -16,3 +16,6 @@ MY_NETWORKS=localhost 127.0.0.0/8 10.42.0.0/16
 ROOT_ALIAS=admin@FQDN
 MY_DESTINATION=postfix.FQDN
 REMOTES=postfix
+TRUSTED_HOSTS=sympa postfix
+TRUSTED_PROXY=traefik
+TZ=Europe/Paris
diff --git a/docker-compose.yml b/docker-compose.yml
index 9797765..2252e71 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -26,6 +26,8 @@ services:
       SYMPA_DB_NAME:
       SYMPA_DB_USER:
       SYMPA_DB_PASSWD:
+      TZ:
+      TRUSTED_PROXY:
       REMOTES:
     networks:
       - postfix
@@ -50,6 +52,7 @@ services:
       ROOT_ALIAS:
       MY_DESTINATION:
       TRUSTED_HOSTS:
+      TZ:
 
 
   pgsql:
diff --git a/docker/sympa/Dockerfile b/docker/sympa/Dockerfile
index a628337..d379f75 100644
--- a/docker/sympa/Dockerfile
+++ b/docker/sympa/Dockerfile
@@ -4,12 +4,14 @@ ENV DEBIAN_FRONTEND noninteractive
 
 RUN apt-get -y update && apt-get -y upgrade && apt-get -y install \
 	apache2 \
+    dnsutils \
 	inetutils-syslogd \
 	libapache2-mod-fcgid \
 	libdbd-pg-perl \
 	libfcgi-perl \
 	libnet-ldap-perl \
 	libio-socket-ssl-perl \
+    locales \
 	nullmailer \
 	openssh-server \
 	spawn-fcgi \
@@ -29,10 +31,22 @@ COPY default.conf /etc/apache2/sites-available/000-default.conf
 
 RUN a2enmod rewrite substitute alias proxy proxy_fcgi
 
+RUN a2enmod remoteip
+
+RUN echo 'RemoteIPHeader X-Forwarded-For' > /etc/apache2/conf-available/remoteip.conf
+
 COPY supervisord.conf /etc/supervisor/conf.d
 
 COPY run.sh /opt/sympa_run.sh
 
 COPY entrypoint.sh /entrypoint
 
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
+
+ENV LANG en_US.UTF-8  
+
+ENV LANGUAGE en_US:en  
+
+ENV LC_ALL en_US.UTF-8   
+
 ENTRYPOINT /entrypoint
diff --git a/docker/sympa/entrypoint.sh b/docker/sympa/entrypoint.sh
index d086a55..1522fbe 100755
--- a/docker/sympa/entrypoint.sh
+++ b/docker/sympa/entrypoint.sh
@@ -83,6 +83,9 @@ if [ -n "$SYMPA_DOMAIN" ]; then
   echo "$SYMPA_DOMAIN" > /etc/mailname
   echo "$SYMPA_DOMAIN" > /etc/nullmailer/defaultdomain
 fi
+proxy=$(dig +short $TRUSTED_PROXY)
+echo "RemoteIPTrustedProxy $proxy" >> /etc/apache2/conf-available/remoteip.conf
+a2enconf remoteip
 
 mkdir -p /var/log/supervisor/
 # Launch all services
-- 
GitLab