Apache: enabled & configured mod_remoteip

This module makes it possible to do access control & logging based on
client's real IP address, rather than the internal IP address of HaProxy.

docker/4_run/Dockerfile

@@ -38,8 +38,9 @@ ENV USE_X_SENDFILE True
 EXPOSE 80
 EXPOSE 5000
 
+ADD apache/remoteip.conf /etc/apache2/mods-available/
 ADD apache/wsgi-py36.* /etc/apache2/mods-available/
-RUN a2enmod rewrite && a2enmod wsgi-py36
+RUN a2enmod remoteip & a2enmod rewrite && a2enmod wsgi-py36
 
 ADD apache/apache2.conf /etc/apache2/apache2.conf
 ADD apache/000-default.conf /etc/apache2/sites-available/000-default.conf

docker/4_run/apache/apache2.conf

@@ -133,9 +133,9 @@ AccessFileName .htaccess
 # Note that the use of %{X-Forwarded-For}i instead of %h is not recommended.
 # Use mod_remoteip instead.
 #
-LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
-LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
-LogFormat "%h %l %u %t \"%r\" %>s %O" common
+LogFormat "%v:%p %a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined
+LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%a %l %u %t \"%r\" %>s %O" common
 LogFormat "%{Referer}i -> %U" referer
 LogFormat "%{User-agent}i" agent
 

docker/4_run/apache/remoteip.conf

@@ -0,0 +1,2 @@
+RemoteIPHeader X-Forwarded-For                                                                                                                                                                                                                            │···
+RemoteIPInternalProxy 172.16.0.0/12                                                                                                                                                                                                                       │···