Enabled remoteip mod for Apache

[melle2]

I've enabled the remoiteip mod for Apache during build time. The reason is that now the remote ip address is posted to the log file if phpmyadmin is running behind a proxy - with the correct proxy configuration. This can then be used i.e. with fail2ban to track and block IP addresses executing bruteforce attacks

[williamdes]

Can you update https://github.com/phpmyadmin/docker/blob/master/Dockerfile-debian.template

And run ./update.sh

[melle2]

Sorry, I should have read the comment on the top of the Apache Dockerfile :grimacing:

[melle2]

OK, after reviewing the changes, this solution does not work with that approach. PHP-FPM doesn't use Apache. Hence. this would not work with PHP-FPM build and ultimatley fail.

[melle2]

What could be done here https://github.com/phpmyadmin/docker/blob/272944cc5a10f7740acacbe2a35c2c1f6d9a98c7/update.sh#L49 is something like

if [ "$variant" == "fpm" ]; then
    cat "$template" | sed -e "/a2enmod remoteip; \\\/d" >> $variant/Dockerfile
else
    cat "$template" >> "$variant/Dockerfile"
fi

But this feels more like a hack than a solution :neutral_face:

@williamdes what do you think?

[williamdes]

See https://github.com/phpmyadmin/docker/blob/272944cc5a10f7740acacbe2a35c2c1f6d9a98c7/update.sh#L66C15-L66C46

You can add the line in the block, or add a new block with comments and it will be removed