Skip to content

2 new environment variables to control apache configuration #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
JonBendtsen wants to merge 2 commits into
base: main
Choose a base branch
from
Open

2 new environment variables to control apache configuration #47

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
15f25f1
2 new environment variables for controlling Apache
Mar 19, 2025
0bc40d4
describing how to use the 2 new variables
Mar 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -181,6 +181,9 @@ You can use the following variables for a better customization of your docker-co
| **DOLI_CRON_KEY** | | Security key launch cron jobs
| **DOLI_CRON_USER** | | Dolibarr user used for cron jobs
| **DOLI_INSTANCE_UNIQUE_ID** | | Secret ID used as a salt / key for some encryption. By default, it is set randomly when the docker container is created.
| **APACHE_REMOTEIP_CONF** | empty or variable not set | If this variable is set and it is not empty, then the full contents of this variable will be echoed to /etc/apache2/mods-available/remoteip.conf and then a2enmod remoteip will be run
Copy link
Member

@creekorful creekorful Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't need this option.

Instead we should let the user enable the module using APACHE_MODULES env variable and then tweak the load the configuration file like described here.

Copy link
Contributor Author

@JonBendtsen JonBendtsen Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we don't need this option.

Instead we should let the user enable the module using APACHE_MODULES env variable and then tweak the load the configuration file like described here.

I disagree. Even if people can do it the other way, this way is neater and easier for most people, and more and more people run stuff in containers, more and more will run it inside Kubernetes where it will be behind a proxy - or even outside Dolibarr they are more likely to run a proxy into multiple different containers - dolibarr being one of them.

Therefore there is a need for this apache container as easily as possible will log the real IP address which is connected to Dolibarr.

With remoteip it is not enough to enable the module, you also actually have to configure which header is used to store the real IP address in, and that should be as easy as possible Having an environment variable for that is much better than mounting a file at the right location. AND it also enables the module, so you get 2 for 1.

| **APACHE_MODULES** | empty or variable not set | If this variable is set and not empty, then all the apache modules in this variable will be installed using a2enmod. Apache module names should be separated by a single space character.
Copy link
Member

@creekorful creekorful Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can rename this to APACHE_ENABLED_MODULES.

And add APACHE_DISABLED_MODULES for a list of module we want to disable.

Copy link
Contributor Author

@JonBendtsen JonBendtsen Mar 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking more about it, I expect to have more people use the remoteIP than adding or removing other modules. And if we recommend that people disable certain modules by default, why not just permanently disable those modules (see my other PR's).



Some environment variables are compatible with docker secrets behaviour, just add the `_FILE` suffix to var name and point the value file to read.
Environment variables that are compatible with docker secrets:
Expand Down Expand Up @@ -267,6 +270,8 @@ read-only: Yes, mount it read only with :ro

#### Running your dolibarr behind a proxy?

This section describes the old method, consider using the environment variable APACHE_REMOTEIP_CONF which is less work.

If you want Dolibarr or the logs from the dolibarr container to reveal the original IP address and not just the proxy's IP address you should create 2 text files:

*remoteip.load*
Expand Down
9 changes: 9 additions & 0 deletions docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,15 @@ if [[ ${DOLI_CRON} -eq 1 ]]; then
exit 0
fi

if [[ "" != "${APACHE_REMOTEIP_CONF}" ]]; then
echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/mods-available/remoteip.conf
a2enmod remoteip
fi

for A2MOD in ${APACHE_MODULES}; do
a2enmod ${A2MOD}
done

if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
Expand Down
9 changes: 9 additions & 0 deletions images/15.0.3-php7.4/docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,15 @@ if [[ ${DOLI_CRON} -eq 1 ]]; then
exit 0
fi

if [[ "" != "${APACHE_REMOTEIP_CONF}" ]]; then
echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/mods-available/remoteip.conf
a2enmod remoteip
fi

for A2MOD in ${APACHE_MODULES}; do
a2enmod ${A2MOD}
done

if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
Expand Down
9 changes: 9 additions & 0 deletions images/16.0.5-php8.1/docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,15 @@ if [[ ${DOLI_CRON} -eq 1 ]]; then
exit 0
fi

if [[ "" != "${APACHE_REMOTEIP_CONF}" ]]; then
echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/mods-available/remoteip.conf
a2enmod remoteip
fi

for A2MOD in ${APACHE_MODULES}; do
a2enmod ${A2MOD}
done

if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
Expand Down
9 changes: 9 additions & 0 deletions images/17.0.4-php8.1/docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,15 @@ if [[ ${DOLI_CRON} -eq 1 ]]; then
exit 0
fi

if [[ "" != "${APACHE_REMOTEIP_CONF}" ]]; then
echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/mods-available/remoteip.conf
a2enmod remoteip
fi

for A2MOD in ${APACHE_MODULES}; do
a2enmod ${A2MOD}
done

if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
Expand Down
9 changes: 9 additions & 0 deletions images/18.0.6-php8.1/docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,15 @@ if [[ ${DOLI_CRON} -eq 1 ]]; then
exit 0
fi

if [[ "" != "${APACHE_REMOTEIP_CONF}" ]]; then
echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/mods-available/remoteip.conf
a2enmod remoteip
fi

for A2MOD in ${APACHE_MODULES}; do
a2enmod ${A2MOD}
done

if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
Expand Down
9 changes: 9 additions & 0 deletions images/19.0.4-php8.2/docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,15 @@ if [[ ${DOLI_CRON} -eq 1 ]]; then
exit 0
fi

if [[ "" != "${APACHE_REMOTEIP_CONF}" ]]; then
echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/mods-available/remoteip.conf
a2enmod remoteip
fi

for A2MOD in ${APACHE_MODULES}; do
a2enmod ${A2MOD}
done

if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
Expand Down
9 changes: 9 additions & 0 deletions images/20.0.4-php8.2/docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,15 @@ if [[ ${DOLI_CRON} -eq 1 ]]; then
exit 0
fi

if [[ "" != "${APACHE_REMOTEIP_CONF}" ]]; then
echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/mods-available/remoteip.conf
a2enmod remoteip
fi

for A2MOD in ${APACHE_MODULES}; do
a2enmod ${A2MOD}
done

if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
Expand Down
9 changes: 9 additions & 0 deletions images/21.0.0-php8.2/docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,15 @@ if [[ ${DOLI_CRON} -eq 1 ]]; then
exit 0
fi

if [[ "" != "${APACHE_REMOTEIP_CONF}" ]]; then
echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/mods-available/remoteip.conf
a2enmod remoteip
fi

for A2MOD in ${APACHE_MODULES}; do
a2enmod ${A2MOD}
done

if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
Expand Down
9 changes: 9 additions & 0 deletions images/develop/docker-run.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,6 +480,15 @@ if [[ ${DOLI_CRON} -eq 1 ]]; then
exit 0
fi

if [[ "" != "${APACHE_REMOTEIP_CONF}" ]]; then
echo "RemoteIPHeader X-Forwarded-For" > /etc/apache2/mods-available/remoteip.conf
a2enmod remoteip
fi
Comment on lines +483 to +486
Copy link
Contributor

@williamdes williamdes Sep 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay that's maybe why It never worked out of the box for me
having X-Client-IP as an optional value for this line would be cool

Copy link
Contributor Author

@JonBendtsen JonBendtsen Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@williamdes what never worked out of the box for you?

Copy link
Contributor

@williamdes williamdes Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry I confused my containers, it is nextcloud that has some remoteip stuff configured via ENV and it does not work

But https://github.com/Dolibarr/dolibarr-docker?tab=readme-ov-file#running-your-dolibarr-behind-a-proxy
Works fine, but the header name should be an option.

Copy link
Contributor Author

@JonBendtsen JonBendtsen Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@williamdes you can put any header name in the file that you mount into this location

Copy link
Contributor

@williamdes williamdes Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

After this PR only if it checks that the file does not exist yet

Copy link
Contributor Author

@JonBendtsen JonBendtsen Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@williamdes don't worry, I don't think this PR will get in, I felt that the consensus was against it

Copy link
Contributor

@williamdes williamdes Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see..
Maybe check nextcloud?
I did not have the time to investigate why my docker logs have not got the remote ip


for A2MOD in ${APACHE_MODULES}; do
a2enmod ${A2MOD}
done

if [ "${1#-}" != "$1" ]; then
set -- apache2-foreground "$@"
fi
Expand Down