diff --git a/towncrier/newsfragments/2360.bugfix b/towncrier/newsfragments/2360.bugfix new file mode 100644 index 00000000..41720908 --- /dev/null +++ b/towncrier/newsfragments/2360.bugfix @@ -0,0 +1 @@ +roundcube: log actual client ip by using apache2 remoteip diff --git a/webmails/roundcube/Dockerfile b/webmails/roundcube/Dockerfile index 3fbe0794..916cd0e5 100644 --- a/webmails/roundcube/Dockerfile +++ b/webmails/roundcube/Dockerfile @@ -21,6 +21,7 @@ RUN set -eu \ && pip3 install socrate \ && echo date.timezone=UTC > /usr/local/etc/php/conf.d/timezone.ini \ && echo "ServerSignature Off\nServerName roundcube" >> /etc/apache2/apache2.conf \ + && sed -i 's,LogFormat "%h \(.*\) combined,Logformat "%a \1 combined,' /etc/apache2/apache2.conf \ && sed -i 's,CustomLog.*combined$,\0 "'"expr=!(%{HTTP_USER_AGENT}=='health'\&\&(-R '127.0.0.1/8' || -R '::1'))"'",' /etc/apache2/sites-available/000-default.conf \ \ && mark="$(apt-mark showmanual)" \ @@ -56,7 +57,7 @@ RUN set -eu \ && chown -R root:root . \ && chown www-data:www-data logs temp \ && chmod -R a+rX . \ - && a2enmod rewrite deflate expires headers \ + && a2enmod rewrite deflate expires headers remoteip \ && echo date.timezone=${TZ} > /usr/local/etc/php/conf.d/timezone.ini \ && rm -rf plugins/{autologon,example_addressbook,http_authentication,krb_authentication,new_user_identity,password,redundant_attachments,squirrelmail_usercopy,userinfo,virtuser_file,virtuser_query} @@ -65,6 +66,7 @@ RUN set -eu \ COPY mailu.php /var/www/html/plugins/mailu/mailu.php COPY php.ini / COPY config.inc.php / +COPY remoteip.conf / COPY start.py / COPY config.inc.carddav.php /var/www/html/plugins/carddav/config.inc.php diff --git a/webmails/roundcube/remoteip.conf b/webmails/roundcube/remoteip.conf new file mode 100644 index 00000000..52895749 --- /dev/null +++ b/webmails/roundcube/remoteip.conf @@ -0,0 +1,2 @@ +RemoteIPHeader X-Forwarded-For +RemoteIPTrustedProxy {{ FRONT_ADDRESS }} diff --git a/webmails/roundcube/start.py b/webmails/roundcube/start.py index 2c66bf19..18196979 100755 --- a/webmails/roundcube/start.py +++ b/webmails/roundcube/start.py @@ -72,6 +72,10 @@ conf.jinja("/config.inc.php", context, "/var/www/html/config/config.inc.php") # create dirs os.system("mkdir -p /data/gpg") +# configure apache2 +conf.jinja("/remoteip.conf", context, "/etc/apache2/conf-available/remoteip.conf") +os.system("a2enconf remoteip") + print("Initializing database") try: result = subprocess.check_output(["/var/www/html/bin/initdb.sh", "--dir", "/var/www/html/SQL"],