Rework trusted proxies (#5549)

* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226

New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy

New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.

Current working setups should not observe any significant change.

* Minor whitespace

* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357

* Minor readme

2 files changed, 4 insertions, 1 deletions

diff --git a/Docker/freshrss/docker-compose-proxy.yml b/Docker/freshrss/docker-compose-proxy.yml
index 980e45e67..9b4846bce 100644
--- a/Docker/freshrss/docker-compose-proxy.yml
+++ b/Docker/freshrss/docker-compose-proxy.yml
@@ -7,7 +7,7 @@ volumes:
 services:
 
   traefik:
-    image: traefik:2.6
+    image: traefik:2.10
     container_name: traefik
     restart: unless-stopped
     logging:
@@ -42,6 +42,8 @@ services:
       - traefik.enable=false
 
   freshrss:
+    environment:
+      TRUSTED_PROXY: 172.16.0.1/12
     labels:
       - traefik.enable=true
       - traefik.http.middlewares.freshrssM1.compress=true
diff --git a/Docker/freshrss/docker-compose.yml b/Docker/freshrss/docker-compose.yml
index b8956bca5..7eb23fe9c 100644
--- a/Docker/freshrss/docker-compose.yml
+++ b/Docker/freshrss/docker-compose.yml
@@ -25,3 +25,4 @@ services:
     environment:
       TZ: Europe/Paris
       CRON_MIN: '3,33'
+      TRUSTED_PROXY: 172.16.0.1/12 192.168.0.1/16