docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon phpmyadmin

Enabled remoteip mod for Apache

Open melle2 opened this issue 1 year ago • 5 comments

I've enabled the remoiteip mod for Apache during build time. The reason is that now the remote ip address is posted to the log file if phpmyadmin is running behind a proxy - with the correct proxy configuration. This can then be used i.e. with fail2ban to track and block IP addresses executing bruteforce attacks grafik

melle2 avatar Feb 03 '24 11:02 melle2

Can you update https://github.com/phpmyadmin/docker/blob/master/Dockerfile-debian.template

And run ./update.sh

williamdes avatar Feb 03 '24 11:02 williamdes

Sorry, I should have read the comment on the top of the Apache Dockerfile :grimacing:

melle2 avatar Feb 03 '24 12:02 melle2

OK, after reviewing the changes, this solution does not work with that approach. PHP-FPM doesn't use Apache. Hence. this would not work with PHP-FPM build and ultimatley fail.

melle2 avatar Feb 03 '24 12:02 melle2

What could be done here https://github.com/phpmyadmin/docker/blob/272944cc5a10f7740acacbe2a35c2c1f6d9a98c7/update.sh#L49 is something like

if [ "$variant" == "fpm" ]; then
	cat "$template" | sed -e "/a2enmod remoteip; \\\/d" >> $variant/Dockerfile
else
	cat "$template" >> "$variant/Dockerfile"
fi

But this feels more like a hack than a solution :neutral_face:

@williamdes what do you think?

melle2 avatar Feb 03 '24 13:02 melle2

See https://github.com/phpmyadmin/docker/blob/272944cc5a10f7740acacbe2a35c2c1f6d9a98c7/update.sh#L66C15-L66C46

You can add the line in the block, or add a new block with comments and it will be removed

williamdes avatar Feb 05 '24 09:02 williamdes