Add remote ip detection for fail2ban

.env.sample

@@ -16,3 +16,6 @@ MY_NETWORKS=localhost 127.0.0.0/8 10.42.0.0/16
 ROOT_ALIAS=admin@FQDN
 MY_DESTINATION=postfix.FQDN
 REMOTES=postfix
+TRUSTED_HOSTS=sympa postfix
+TRUSTED_PROXY=traefik
+TZ=Europe/Paris

docker-compose.yml

@@ -26,6 +26,8 @@ services:
       SYMPA_DB_NAME:
       SYMPA_DB_USER:
       SYMPA_DB_PASSWD:
+      TZ:
+      TRUSTED_PROXY:
       REMOTES:
     networks:
       - postfix
@@ -50,6 +52,7 @@ services:
       ROOT_ALIAS:
       MY_DESTINATION:
       TRUSTED_HOSTS:
+      TZ:
 
 
   pgsql:

docker/sympa/Dockerfile

@@ -4,12 +4,14 @@ ENV DEBIAN_FRONTEND noninteractive
 
 RUN apt-get -y update && apt-get -y upgrade && apt-get -y install \
 	apache2 \
+    dnsutils \
 	inetutils-syslogd \
 	libapache2-mod-fcgid \
 	libdbd-pg-perl \
 	libfcgi-perl \
 	libnet-ldap-perl \
 	libio-socket-ssl-perl \
+    locales \
 	nullmailer \
 	openssh-server \
 	spawn-fcgi \
@@ -29,10 +31,22 @@ COPY default.conf /etc/apache2/sites-available/000-default.conf
 
 RUN a2enmod rewrite substitute alias proxy proxy_fcgi
 
+RUN a2enmod remoteip
+
+RUN echo 'RemoteIPHeader X-Forwarded-For' > /etc/apache2/conf-available/remoteip.conf
+
 COPY supervisord.conf /etc/supervisor/conf.d
 
 COPY run.sh /opt/sympa_run.sh
 
 COPY entrypoint.sh /entrypoint
 
+RUN sed -i '/en_US.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
+
+ENV LANG en_US.UTF-8  
+
+ENV LANGUAGE en_US:en  
+
+ENV LC_ALL en_US.UTF-8   
+
 ENTRYPOINT /entrypoint

docker/sympa/entrypoint.sh

@@ -83,6 +83,9 @@ if [ -n "$SYMPA_DOMAIN" ]; then
   echo "$SYMPA_DOMAIN" > /etc/mailname
   echo "$SYMPA_DOMAIN" > /etc/nullmailer/defaultdomain
 fi
+proxy=$(dig +short $TRUSTED_PROXY)
+echo "RemoteIPTrustedProxy $proxy" >> /etc/apache2/conf-available/remoteip.conf
+a2enconf remoteip
 
 mkdir -p /var/log/supervisor/
 # Launch all services