Apache logs wrong IP when behing several local reverse-proxies (remoteip not working) #829
Description
#411 had enabled the remoteip apache module, to make use of X-Forwarded-For HTTP header when applicable.
But it does not work, at least in my case of deploying the docker image wordpress:6.2.1-php8.1-apache on kubernetes (k3s, actually), and accessing it through an Ingress (implemented by Traefik), itself behind another local Apache reverse-proxy.
The logs on stdout use the IP of Traefik pod (10.42.0.208, in my case), instead of the IP of the real user (that should be found in "X-Forwarded-For" header)
I managed to workaround that issue by replacing RemoteIPTrustedProxy by RemoteIPInternalProxy in file /etc/apache2/conf-available/remoteip.conf (injecting it through a ConfigMap):
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 10.0.0.0/8
RemoteIPInternalProxy 192.168.10.0/24
From what I understood, #411 has been inspired by the corresponding Nextcloud implementation... that seems to suffer from the same issue: see nextcloud/docker#1426, nextcloud/docker#1068, nextcloud/helm#164 and https://help.nextcloud.com/t/apache-docker-behind-reverse-proxy/151754
After reading https://httpd.apache.org/docs/2.4/en/mod/mod_remoteip.html#remoteiptrustedproxy and https://httpd.apache.org/docs/2.4/en/mod/mod_remoteip.html#remoteipinternalproxy, it seems to me that the existing remoteip.conf file of this docker image can not work in this case. I suppose Traefik references in X-Forwarded-For the local IP address of the previous reverse-proxy, which is ignored by RemoteIPTrustedProxy