From 4bcfa932248eec562776352ae08bb5ae762da502 Mon Sep 17 00:00:00 2001 From: La sif serveur <david.beniamine@tetras-libre.fr> Date: Fri, 22 Jul 2022 00:32:09 +0200 Subject: [PATCH] Add remote ip detection for fail2ban --- .env.sample | 3 +++ docker-compose.yml | 3 +++ docker/sympa/Dockerfile | 14 ++++++++++++++ docker/sympa/entrypoint.sh | 3 +++ 4 files changed, 23 insertions(+) diff --git a/.env.sample b/.env.sample index 67a903a..2afd91e 100644 --- a/.env.sample +++ b/.env.sample @@ -16,3 +16,6 @@ MY_NETWORKS=localhost 127.0.0.0/8 10.42.0.0/16 ROOT_ALIAS=admin@FQDN MY_DESTINATION=postfix.FQDN REMOTES=postfix +TRUSTED_HOSTS=sympa postfix +TRUSTED_PROXY=traefik +TZ=Europe/Paris diff --git a/docker-compose.yml b/docker-compose.yml index 9797765..2252e71 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -26,6 +26,8 @@ services: SYMPA_DB_NAME: SYMPA_DB_USER: SYMPA_DB_PASSWD: + TZ: + TRUSTED_PROXY: REMOTES: networks: - postfix @@ -50,6 +52,7 @@ services: ROOT_ALIAS: MY_DESTINATION: TRUSTED_HOSTS: + TZ: pgsql: diff --git a/docker/sympa/Dockerfile b/docker/sympa/Dockerfile index a628337..d379f75 100644 --- a/docker/sympa/Dockerfile +++ b/docker/sympa/Dockerfile @@ -4,12 +4,14 @@ ENV DEBIAN_FRONTEND noninteractive RUN apt-get -y update && apt-get -y upgrade && apt-get -y install \ apache2 \ + dnsutils \ inetutils-syslogd \ libapache2-mod-fcgid \ libdbd-pg-perl \ libfcgi-perl \ libnet-ldap-perl \ libio-socket-ssl-perl \ + locales \ nullmailer \ openssh-server \ spawn-fcgi \ @@ -29,10 +31,22 @@ COPY default.conf /etc/apache2/sites-available/000-default.conf RUN a2enmod rewrite substitute alias proxy proxy_fcgi +RUN a2enmod remoteip + +RUN echo 'RemoteIPHeader X-Forwarded-For' > /etc/apache2/conf-available/remoteip.conf + COPY supervisord.conf /etc/supervisor/conf.d COPY run.sh /opt/sympa_run.sh COPY entrypoint.sh /entrypoint +RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen + +ENV LANG en_US.UTF-8 + +ENV LANGUAGE en_US:en + +ENV LC_ALL en_US.UTF-8 + ENTRYPOINT /entrypoint diff --git a/docker/sympa/entrypoint.sh b/docker/sympa/entrypoint.sh index d086a55..1522fbe 100755 --- a/docker/sympa/entrypoint.sh +++ b/docker/sympa/entrypoint.sh @@ -83,6 +83,9 @@ if [ -n "$SYMPA_DOMAIN" ]; then echo "$SYMPA_DOMAIN" > /etc/mailname echo "$SYMPA_DOMAIN" > /etc/nullmailer/defaultdomain fi +proxy=$(dig +short $TRUSTED_PROXY) +echo "RemoteIPTrustedProxy $proxy" >> /etc/apache2/conf-available/remoteip.conf +a2enconf remoteip mkdir -p /var/log/supervisor/ # Launch all services -- GitLab