Disable rewrite ip for apache image

kesselb · kesselb · commit 8f268a8dc4d2 · 2020-04-06T21:04:54.000+02:00
Signed-off-by: Daniel Kesselberg &lt;mail@danielkesselberg.de&gt;
diff --git a/.config/reverse_proxy.config.php b/.config/reverse_proxy.config.php
@@ -0,0 +1,11 @@
+<?php
+
+$trustedProxies = getenv('TRUSTED_PROXIES');
+
+if ($trustedProxies) {
+  $trustedProxies = array_filter(array_map('trim', explode(' ', $trustedProxies)));
+} else {
+  $trustedProxies = null;
+}
+
+$CONFIG['trusted_proxies'] = $trustedProxies;
diff --git a/README.md b/README.md
@@ -158,6 +158,14 @@ To use an external SMTP server, you have to provide the connection details. To c
 
 Check the [Nextcloud documentation](https://docs.nextcloud.com/server/15/admin_manual/configuration_server/email_configuration.html) for other values to configure SMTP.
 
+## Using the apache image behind a reverse proxy and auto configure server host and protocol
+
+The apache image will replace the remote addr (ip address visible to Nextcloud) with the ip address from `X-Real-IP` if the request is coming from a proxy in 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16 by default. If you want Nextcloud to pick up the server host (`HTTP_X_FORWARDED_HOST`), protocol (`HTTP_X_FORWARDED_PROTO`) and client ip (`HTTP_X_FORWARDED_FOR`) from a trusted proxy disable rewrite ip and the reverse proxies ip address to `TRUSTED_PROXIES`.
+
+- `APACHE_DISABLE_REWRITE_IP` (not set by default): Set to 1 to disable rewrite ip.
+
+- `TRUSTED_PROXIES` (empty by default): A space-separated list of trusted proxies. CIDR notation is supported for IPv4.
+
 # Running this image with docker-compose
 The easiest way to get a fully featured and functional setup is using a `docker-compose` file. There are too many different possibilities to setup your system, so here are only some examples of what you have to look for.
 
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
@@ -43,6 +43,12 @@ file_env() {
     unset "$fileVar"
 }
 
+if expr "$1" : "apache" 1>/dev/null; then
+    if [ -n "${APACHE_DISABLE_REWRITE_IP+x}" ]; then
+        a2disconf remoteip
+    fi
+fi
+
 if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UPDATE:-0}" -eq 1 ]; then
     if [ -n "${REDIS_HOST+x}" ]; then
 
