From b4763addc21f0a644b816ee72cf89edd5098944a Mon Sep 17 00:00:00 2001 From: Llewellyn van der Merwe Date: Fri, 26 Jan 2024 14:00:43 +0200 Subject: [PATCH] Replace RemoteIPTrustedProxy with RemoteIPInternalProxy in remoteip.conf else the internal IP ranges are ingnored by Apache. --- 4.3/php8.1/apache/Dockerfile | 10 +++++----- 4.3/php8.2/apache/Dockerfile | 10 +++++----- 4.4/php8.1/apache/Dockerfile | 10 +++++----- 4.4/php8.2/apache/Dockerfile | 10 +++++----- 5.0/php8.1/apache/Dockerfile | 10 +++++----- 5.0/php8.2/apache/Dockerfile | 10 +++++----- Dockerfile.template | 10 +++++----- 7 files changed, 35 insertions(+), 35 deletions(-) diff --git a/4.3/php8.1/apache/Dockerfile b/4.3/php8.1/apache/Dockerfile index 38d0f42..f0f9036 100644 --- a/4.3/php8.1/apache/Dockerfile +++ b/4.3/php8.1/apache/Dockerfile @@ -137,11 +137,11 @@ RUN set -eux; \ { \ echo 'RemoteIPHeader X-Forwarded-For'; \ # these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker - echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ - echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ - echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ - echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ - echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 10.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 172.16.0.0/12'; \ + echo 'RemoteIPInternalProxy 192.168.0.0/16'; \ + echo 'RemoteIPInternalProxy 169.254.0.0/16'; \ + echo 'RemoteIPInternalProxy 127.0.0.0/8'; \ } > /etc/apache2/conf-available/remoteip.conf; \ a2enconf remoteip; \ # (replace all instances of "%h" with "%a" in LogFormat) diff --git a/4.3/php8.2/apache/Dockerfile b/4.3/php8.2/apache/Dockerfile index 1d32e01..9a24b27 100644 --- a/4.3/php8.2/apache/Dockerfile +++ b/4.3/php8.2/apache/Dockerfile @@ -137,11 +137,11 @@ RUN set -eux; \ { \ echo 'RemoteIPHeader X-Forwarded-For'; \ # these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker - echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ - echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ - echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ - echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ - echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 10.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 172.16.0.0/12'; \ + echo 'RemoteIPInternalProxy 192.168.0.0/16'; \ + echo 'RemoteIPInternalProxy 169.254.0.0/16'; \ + echo 'RemoteIPInternalProxy 127.0.0.0/8'; \ } > /etc/apache2/conf-available/remoteip.conf; \ a2enconf remoteip; \ # (replace all instances of "%h" with "%a" in LogFormat) diff --git a/4.4/php8.1/apache/Dockerfile b/4.4/php8.1/apache/Dockerfile index 17c06b0..6d7895a 100644 --- a/4.4/php8.1/apache/Dockerfile +++ b/4.4/php8.1/apache/Dockerfile @@ -137,11 +137,11 @@ RUN set -eux; \ { \ echo 'RemoteIPHeader X-Forwarded-For'; \ # these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker - echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ - echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ - echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ - echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ - echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 10.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 172.16.0.0/12'; \ + echo 'RemoteIPInternalProxy 192.168.0.0/16'; \ + echo 'RemoteIPInternalProxy 169.254.0.0/16'; \ + echo 'RemoteIPInternalProxy 127.0.0.0/8'; \ } > /etc/apache2/conf-available/remoteip.conf; \ a2enconf remoteip; \ # (replace all instances of "%h" with "%a" in LogFormat) diff --git a/4.4/php8.2/apache/Dockerfile b/4.4/php8.2/apache/Dockerfile index 266ba39..4a67d31 100644 --- a/4.4/php8.2/apache/Dockerfile +++ b/4.4/php8.2/apache/Dockerfile @@ -137,11 +137,11 @@ RUN set -eux; \ { \ echo 'RemoteIPHeader X-Forwarded-For'; \ # these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker - echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ - echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ - echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ - echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ - echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 10.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 172.16.0.0/12'; \ + echo 'RemoteIPInternalProxy 192.168.0.0/16'; \ + echo 'RemoteIPInternalProxy 169.254.0.0/16'; \ + echo 'RemoteIPInternalProxy 127.0.0.0/8'; \ } > /etc/apache2/conf-available/remoteip.conf; \ a2enconf remoteip; \ # (replace all instances of "%h" with "%a" in LogFormat) diff --git a/5.0/php8.1/apache/Dockerfile b/5.0/php8.1/apache/Dockerfile index c3df4d3..020ae43 100644 --- a/5.0/php8.1/apache/Dockerfile +++ b/5.0/php8.1/apache/Dockerfile @@ -139,11 +139,11 @@ RUN set -eux; \ { \ echo 'RemoteIPHeader X-Forwarded-For'; \ # these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker - echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ - echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ - echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ - echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ - echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 10.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 172.16.0.0/12'; \ + echo 'RemoteIPInternalProxy 192.168.0.0/16'; \ + echo 'RemoteIPInternalProxy 169.254.0.0/16'; \ + echo 'RemoteIPInternalProxy 127.0.0.0/8'; \ } > /etc/apache2/conf-available/remoteip.conf; \ a2enconf remoteip; \ # (replace all instances of "%h" with "%a" in LogFormat) diff --git a/5.0/php8.2/apache/Dockerfile b/5.0/php8.2/apache/Dockerfile index 8c9b59f..4d99763 100644 --- a/5.0/php8.2/apache/Dockerfile +++ b/5.0/php8.2/apache/Dockerfile @@ -139,11 +139,11 @@ RUN set -eux; \ { \ echo 'RemoteIPHeader X-Forwarded-For'; \ # these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker - echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ - echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ - echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ - echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ - echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 10.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 172.16.0.0/12'; \ + echo 'RemoteIPInternalProxy 192.168.0.0/16'; \ + echo 'RemoteIPInternalProxy 169.254.0.0/16'; \ + echo 'RemoteIPInternalProxy 127.0.0.0/8'; \ } > /etc/apache2/conf-available/remoteip.conf; \ a2enconf remoteip; \ # (replace all instances of "%h" with "%a" in LogFormat) diff --git a/Dockerfile.template b/Dockerfile.template index b58d851..f6299c3 100644 --- a/Dockerfile.template +++ b/Dockerfile.template @@ -207,11 +207,11 @@ RUN set -eux; \ { \ echo 'RemoteIPHeader X-Forwarded-For'; \ # these IP ranges are reserved for "private" use and should thus *usually* be safe inside Docker - echo 'RemoteIPTrustedProxy 10.0.0.0/8'; \ - echo 'RemoteIPTrustedProxy 172.16.0.0/12'; \ - echo 'RemoteIPTrustedProxy 192.168.0.0/16'; \ - echo 'RemoteIPTrustedProxy 169.254.0.0/16'; \ - echo 'RemoteIPTrustedProxy 127.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 10.0.0.0/8'; \ + echo 'RemoteIPInternalProxy 172.16.0.0/12'; \ + echo 'RemoteIPInternalProxy 192.168.0.0/16'; \ + echo 'RemoteIPInternalProxy 169.254.0.0/16'; \ + echo 'RemoteIPInternalProxy 127.0.0.0/8'; \ } > /etc/apache2/conf-available/remoteip.conf; \ a2enconf remoteip; \ # (replace all instances of "%h" with "%a" in LogFormat)