Miss remoteip module

[avbor]

Hi.
Despite the fact that this container is “It is meant to be used with a reverse proxy” there is no Apache remoteip module loaded in the container =)

root@ce7cfe0fab73:/var/www/html# a2query -m
filter (enabled by maintainer script)
alias (enabled by maintainer script)
authz_core (enabled by maintainer script)
status (enabled by maintainer script)
deflate (enabled by maintainer script)
authz_host (enabled by maintainer script)
dir (enabled by maintainer script)
mime (enabled by maintainer script)
setenvif (enabled by maintainer script)
autoindex (enabled by maintainer script)
env (enabled by maintainer script)
negotiation (enabled by maintainer script)
access_compat (enabled by maintainer script)
authz_user (enabled by maintainer script)
reqtimeout (enabled by maintainer script)
authn_core (enabled by maintainer script)
auth_basic (enabled by maintainer script)
authn_file (enabled by maintainer script)
rewrite (enabled by site administrator)
xsendfile (enabled by maintainer script)
php (enabled by site administrator)
mpm_prefork (enabled by site administrator)

It would be great to enable it by default.

(
something like:
a2enmod remoteip
echo "RemoteIPInternalProxy 172.16.0.0/12" >> /etc/apache2/conf-enabled/remoteip.conf
echo "RemoteIPHeader X-Forwarded-For" >> /etc/apache2/conf-enabled/remoteip.conf

or pass RemoteIPInternalProxy and RemoteIPHeader from env
)

[splitbrain]

Adding this wouldn't be too difficult I guess, but I wonder why you need it. DokuWiki already recognizes the proxy headers and properly uses the origin IP when logging etc. So what's the rationale behind this request?

[avbor]

You can start with the logs of the container, in the current form there is no real ip address of the client, only docker subnets:

172.30.2.133:80 172.30.0.144 - - [05/Dec/2024:10:36:57 +0000] "GET /_media/wiki:dokuwiki.svg HTTP/1.1" 200 9911 "https://xxx/go/start" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36"

In addition I use the yourip plugin, which also doesn't work without this module.

[vitoyucepi]

Hi there.

I've discovered that enabling apache's remote ip module breaks the is_ssl function https://github.com/dokuwiki/dokuwiki/blob/c156c07d063ffc66b39b54522388ed6dba835456/inc/init.php#L548-L554.
Apache sets $_SERVER['REMOTE_ADDR'] to the client's remote address, overwriting the reverse proxy address.

Also, is it X-Forwarded-For or X-Real-IP?

[splitbrain]

fuck. so far for the testing by @avbor. gonna have a look later. Will probably revert.

[splitbrain]

Reverted in 52a48fd

If someone can come up with a good solution to the issue, PR would be welcome.

[vitoyucepi]

I set FORWARDING_PROXY to 0.0.0.0 to emulate the old behavior.
The ideal solution is to remove all reverse proxy related staff from the php part. Unless it's possible to run dokuwiki without php-fpm or mod_php, e.g. frankenphp or a native web server.

[splitbrain]

The ideal solution is to remove all reverse proxy related staff from the php part.

That is certainly not the ideal solution.