Set reverse proxy in .env and update dipas to 4.0.11

.env

@@ -6,4 +6,7 @@ DB_PORT=5432
 DRUPAL_ADMIN_USER=dipasadmin
 DRUPAL_ADMIN_PASS=adminpassword
 DRUPAL_SITE_NAME=DIPAS
-DRUPAL_SITE_DOMAIN=mydomain.com
+DRUPAL_SITE_DOMAIN=mydomain.com
+
+REVERSE_PROXY_ENABLED='true'
+REVERSE_PROXY_ADDRESSES='127.0.0.1'

config/drupal/drupal.reverse-proxy-settings.php

@@ -0,0 +1,106 @@
+<?php
+/**
+ * Reverse Proxy Configuration:
+ *
+ * Reverse proxy servers are often used to enhance the performance
+ * of heavily visited sites and may also provide other site caching,
+ * security, or encryption benefits. In an environment where Drupal
+ * is behind a reverse proxy, the real IP address of the client should
+ * be determined such that the correct client IP address is available
+ * to Drupal's logging, statistics, and access management systems. In
+ * the most simple scenario, the proxy server will add an
+ * X-Forwarded-For header to the request that contains the client IP
+ * address. However, HTTP headers are vulnerable to spoofing, where a
+ * malicious client could bypass restrictions by setting the
+ * X-Forwarded-For header directly. Therefore, Drupal's proxy
+ * configuration requires the IP addresses of all remote proxies to be
+ * specified in $settings['reverse_proxy_addresses'] to work correctly.
+ *
+ * Enable this setting to get Drupal to determine the client IP from
+ * the X-Forwarded-For header (or $settings['reverse_proxy_header'] if set).
+ * If you are unsure about this setting, do not have a reverse proxy,
+ * or Drupal operates in a shared hosting environment, this setting
+ * should remain commented out.
+ *
+ * In order for this setting to be used you must specify every possible
+ * reverse proxy IP address in $settings['reverse_proxy_addresses'].
+ * If a complete list of reverse proxies is not available in your
+ * environment (for example, if you use a CDN) you may set the
+ * $_SERVER['REMOTE_ADDR'] variable directly in settings.php.
+ * Be aware, however, that it is likely that this would allow IP
+ * address spoofing unless more advanced precautions are taken.
+ *
+ * This file is auto-generated from environment variables at container startup.
+ * Set the following environment variables to configure:
+ *   - REVERSE_PROXY_ENABLED: TRUE or FALSE (default: FALSE)
+ *   - REVERSE_PROXY_ADDRESSES: Required if reverse proxy is enabled. Comma-separated IP addresses in quotes (e.g.: '192.168.1.1', '10.0.0.1')
+ *   - REVERSE_PROXY_HEADER: Custom header name for client IP (default: empty, uses X-Forwarded-For)
+ *   - REVERSE_PROXY_PROTO_HEADER: Custom header name for protocol (default: empty, uses X-Forwarded-Proto)
+ *   - REVERSE_PROXY_HOST_HEADER: Custom header name for host (default: empty, uses X-Forwarded-Host)
+ *   - REVERSE_PROXY_PORT_HEADER: Custom header name for port (default: empty, uses X-Forwarded-Port)
+ *   - REVERSE_PROXY_FORWARDED_HEADER: Custom header name for Forwarded header (default: empty, uses FORWARDED)
+ */
+$reverse_proxy_enabled = getenv('REVERSE_PROXY_ENABLED');
+$settings['reverse_proxy'] = ($reverse_proxy_enabled === 'TRUE' || $reverse_proxy_enabled === 'true' || $reverse_proxy_enabled === '1');
+
+/**
+ * Specify every reverse proxy IP address in your environment.
+ * This setting is required if $settings['reverse_proxy'] is TRUE.
+ */
+if ($settings['reverse_proxy']) {
+  $reverse_proxy_addresses = getenv('REVERSE_PROXY_ADDRESSES');
+  if (empty($reverse_proxy_addresses)) {
+    throw new \RuntimeException('REVERSE_PROXY_ADDRESSES is required when reverse_proxy is enabled.');
+  }
+  // Parse comma-separated IP addresses, handling quotes
+  $addresses = array_map('trim', explode(',', $reverse_proxy_addresses));
+  $addresses = array_map(function($addr) {
+    return trim($addr, " \t\n\r\0\x0B'\"");
+  }, $addresses);
+  $settings['reverse_proxy_addresses'] = array_filter($addresses);
+}
+
+/**
+ * Set this value if your proxy server sends the client IP in a header
+ * other than X-Forwarded-For.
+ */
+$reverse_proxy_header = getenv('REVERSE_PROXY_HEADER');
+if (!empty($reverse_proxy_header)) {
+  $settings['reverse_proxy_header'] = $reverse_proxy_header;
+}
+
+/**
+ * Set this value if your proxy server sends the client protocol in a header
+ * other than X-Forwarded-Proto.
+ */
+$reverse_proxy_proto_header = getenv('REVERSE_PROXY_PROTO_HEADER');
+if (!empty($reverse_proxy_proto_header)) {
+  $settings['reverse_proxy_proto_header'] = $reverse_proxy_proto_header;
+}
+
+/**
+ * Set this value if your proxy server sends the client protocol in a header
+ * other than X-Forwarded-Host.
+ */
+$reverse_proxy_host_header = getenv('REVERSE_PROXY_HOST_HEADER');
+if (!empty($reverse_proxy_host_header)) {
+  $settings['reverse_proxy_host_header'] = $reverse_proxy_host_header;
+}
+
+/**
+ * Set this value if your proxy server sends the client protocol in a header
+ * other than X-Forwarded-Port.
+ */
+$reverse_proxy_port_header = getenv('REVERSE_PROXY_PORT_HEADER');
+if (!empty($reverse_proxy_port_header)) {
+  $settings['reverse_proxy_port_header'] = $reverse_proxy_port_header;
+}
+
+/**
+ * Set this value if your proxy server sends the client protocol in a header
+ * other than Forwarded.
+ */
+$reverse_proxy_forwarded_header = getenv('REVERSE_PROXY_FORWARDED_HEADER');
+if (!empty($reverse_proxy_forwarded_header)) {
+  $settings['reverse_proxy_forwarded_header'] = $reverse_proxy_forwarded_header;
+}

config/drupal/settings.php

@@ -323,74 +323,6 @@
 # $settings['http_client_config']['proxy']['https'] = 'http://proxy_user:proxy_pass@example.com:8080';
 # $settings['http_client_config']['proxy']['no'] = ['127.0.0.1', 'localhost'];
 
-/**
- * Reverse Proxy Configuration:
- *
- * Reverse proxy servers are often used to enhance the performance
- * of heavily visited sites and may also provide other site caching,
- * security, or encryption benefits. In an environment where Drupal
- * is behind a reverse proxy, the real IP address of the client should
- * be determined such that the correct client IP address is available
- * to Drupal's logging, statistics, and access management systems. In
- * the most simple scenario, the proxy server will add an
- * X-Forwarded-For header to the request that contains the client IP
- * address. However, HTTP headers are vulnerable to spoofing, where a
- * malicious client could bypass restrictions by setting the
- * X-Forwarded-For header directly. Therefore, Drupal's proxy
- * configuration requires the IP addresses of all remote proxies to be
- * specified in $settings['reverse_proxy_addresses'] to work correctly.
- *
- * Enable this setting to get Drupal to determine the client IP from
- * the X-Forwarded-For header (or $settings['reverse_proxy_header'] if set).
- * If you are unsure about this setting, do not have a reverse proxy,
- * or Drupal operates in a shared hosting environment, this setting
- * should remain commented out.
- *
- * In order for this setting to be used you must specify every possible
- * reverse proxy IP address in $settings['reverse_proxy_addresses'].
- * If a complete list of reverse proxies is not available in your
- * environment (for example, if you use a CDN) you may set the
- * $_SERVER['REMOTE_ADDR'] variable directly in settings.php.
- * Be aware, however, that it is likely that this would allow IP
- * address spoofing unless more advanced precautions are taken.
- */
-# $settings['reverse_proxy'] = TRUE;
-
-/**
- * Specify every reverse proxy IP address in your environment.
- * This setting is required if $settings['reverse_proxy'] is TRUE.
- */
-# $settings['reverse_proxy_addresses'] = ['a.b.c.d', ...];
-
-/**
- * Set this value if your proxy server sends the client IP in a header
- * other than X-Forwarded-For.
- */
-# $settings['reverse_proxy_header'] = 'X_CLUSTER_CLIENT_IP';
-
-/**
- * Set this value if your proxy server sends the client protocol in a header
- * other than X-Forwarded-Proto.
- */
-# $settings['reverse_proxy_proto_header'] = 'X_FORWARDED_PROTO';
-
-/**
- * Set this value if your proxy server sends the client protocol in a header
- * other than X-Forwarded-Host.
- */
-# $settings['reverse_proxy_host_header'] = 'X_FORWARDED_HOST';
-
-/**
- * Set this value if your proxy server sends the client protocol in a header
- * other than X-Forwarded-Port.
- */
-# $settings['reverse_proxy_port_header'] = 'X_FORWARDED_PORT';
-
-/**
- * Set this value if your proxy server sends the client protocol in a header
- * other than Forwarded.
- */
-# $settings['reverse_proxy_forwarded_header'] = 'FORWARDED';
 
 /**
  * Page caching:
@@ -775,7 +707,10 @@
 $settings['hash_salt'] = require_once("$config_path/drupal.salt.inc.php");
 #$databases = require_once("$config_path/drupal.database-settings.php");
 
-#include "$config_path/drupal.reverse-proxy-settings.php";
+// Include reverse proxy settings if the file exists
+if (file_exists("$config_path/drupal.reverse-proxy-settings.php")) {
+  include "$config_path/drupal.reverse-proxy-settings.php";
+}
 
 // Configuration settings for the local environment indicator.
 $config['environment_indicator.indicator']['name'] = 'LIVE';

docker-compose.yml

@@ -23,6 +23,8 @@ services:
       DRUPAL_ADMIN_PASS: ${DRUPAL_ADMIN_PASS}
       DRUPAL_SITE_NAME: ${DRUPAL_SITE_NAME}
       DRUPAL_SITE_DOMAIN: ${DRUPAL_SITE_DOMAIN}
+      REVERSE_PROXY_ENABLED: ${REVERSE_PROXY_ENABLED}
+      REVERSE_PROXY_ADDRESSES: ${REVERSE_PROXY_ADDRESSES}
     volumes:
       - drupal-data:/var/www/html/dipas/htdocs/drupal/sites/default/files
     networks:

dockerfile

@@ -20,13 +20,14 @@ RUN echo "zend_extension=opcache.so" > /usr/local/etc/php/conf.d/docker-php-ext-
     && echo "opcache.enable_cli=1" >> /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini
 
 # Copy and extract project files
-RUN wget -O /var/www/html/dipas.zip https://bitbucket.org/geowerkstatt-hamburg/dipas/downloads/dipas-os-3.3.2.zip \
+RUN wget -O /var/www/html/dipas.zip https://bitbucket.org/geowerkstatt-hamburg/dipas/downloads/dipas-os-4.0.11.zip \
     && unzip /var/www/html/dipas.zip -d /var/www/html/dipas/ \
     && rm -rf /var/www/html/dipas.zip
 
 # Copy configuration files
 COPY ./config/drupal/settings.php /var/www/html/dipas/htdocs/drupal/sites/default/settings.php
 COPY ./config/drupal/drupal.services.yml /var/www/html/dipas/config/drupal.services.yml
+COPY ./config/drupal/drupal.reverse-proxy-settings.php /var/www/html/dipas/config/drupal.reverse-proxy-settings.php
 
 # Copy and set entrypoint script
 COPY ./entrypoint.sh /entrypoint.sh

entrypoint.sh

@@ -32,6 +32,7 @@ if [ -f "$MARKER" ]; then
         && chmod 444 /var/www/html/dipas/htdocs/drupal/.htaccess \
         && chmod 644 /var/www/html/dipas/htdocs/drupal/sites/default/settings.php \
         && chmod 644 /var/www/html/dipas/config/drupal.services.yml \
+        && chmod 644 /var/www/html/dipas/config/drupal.reverse-proxy-settings.php \
         && chmod -R 755 /var/www/html/dipas/htdocs/drupal/sites/default/files
 
     echo "DIPAS setup is ready!"
@@ -58,6 +59,7 @@ if PGPASSWORD="${DB_PASSWORD}" psql -h "${DB_HOST}" -U "${DB_USER}" -d "${DB_NAM
         && chmod 444 /var/www/html/dipas/htdocs/drupal/.htaccess \
         && chmod 644 /var/www/html/dipas/htdocs/drupal/sites/default/settings.php \
         && chmod 644 /var/www/html/dipas/config/drupal.services.yml \
+        && chmod 644 /var/www/html/dipas/config/drupal.reverse-proxy-settings.php \
         && chmod -R 755 /var/www/html/dipas/htdocs/drupal/sites/default/files
 
     # Marker setzen, damit künftige Starts die DB gar nicht mehr anfassen
@@ -82,6 +84,7 @@ else
         && chmod 444 /var/www/html/dipas/htdocs/drupal/.htaccess \
         && chmod 644 /var/www/html/dipas/htdocs/drupal/sites/default/settings.php \
         && chmod 644 /var/www/html/dipas/config/drupal.services.yml \
+        && chmod 644 /var/www/html/dipas/config/drupal.reverse-proxy-settings.php \
         && chmod -R 755 /var/www/html/dipas/htdocs/drupal/sites/default/files
 
     # Run Drush installation and other necessary commands
@@ -90,6 +93,9 @@ else
     --account-name=${DRUPAL_ADMIN_USER} --account-pass=${DRUPAL_ADMIN_PASS} \
     --site-name='${DRUPAL_SITE_NAME}' --yes --existing-config"
 
+    # Enable locale module before importing translations
+    su www-data -s /bin/bash -c "vendor/bin/drush pm-enable locale -y"
+
     # Import translation files
     su www-data -s /bin/bash -c "vendor/bin/drush locale:import de /var/www/html/dipas/config/de.po --type=not-customized"
     su www-data -s /bin/bash -c "vendor/bin/drush locale:import de /var/www/html/dipas/htdocs/drupal/modules/custom/dipas_stories/files/translations/dipas_stories.de.po --type=not-customized"