Re: Bad user remote IP

2023-10-30 Thread Golota S.V. 

Thank you. It was a rule on the router.


29.10.2023 23:34, Nick Couchman пишет:
This likely means that your local gateway is stripping out the headers 
that your proxy or Tomcat expects, so Tomcat is unable to find the 
proper value for this header and pass it on. You need to make sure 
that your local network gateway is not preventing those headers from 
being passed on.


-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Bad user remote IP

2023-10-29 Thread Nick Couchman 
On Fri, Oct 27, 2023 at 8:45 AM Golota S.V. 
wrote:

> Hello! I changed my server.xml file according to the recommendations
> internalProxies="127\.0\.0\.1" external addresses actually began to be
> displayed correctly, but when connecting from the local network, the local
> network gateway address is displayed. Any ideas on how to fix this (I use
> the Docker version)
>
>
> This likely means that your local gateway is stripping out the headers
that your proxy or Tomcat expects, so Tomcat is unable to find the proper
value for this header and pass it on. You need to make sure that your local
network gateway is not preventing those headers from being passed on.

-Nick

>

Re: Bad user remote IP

2023-10-27 Thread Golota S.V. 
Hello! I changed my server.xml file according to the recommendations 
internalProxies="127\.0\.0\.1" external addresses actually began to be 
displayed correctly, but when connecting from the local network, the 
local network gateway address is displayed. Any ideas on how to fix this 
(I use the Docker version)



26.10.2023 16:01, Prakhar Jalan пишет:

Thanks Lorenzo!


*From:* MAURIZI Lorenzo 
*Sent:* Thursday, October 26, 2023 15:52
*To:* user@guacamole.apache.org 
*Subject:* R: Bad user remote IP

Hello,

you should start from official Guacamole documentation about setting 
the Remote IP Valve:


https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve 
<https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve>


taking into account that the

internalProxies

property must be set as a regular expression, as indicated in tomcat 
documentation here:


https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/RemoteIpValve.html

I think that the guacamole documentation should be changed to take 
this information into account, as the shown example seems to be incorrect:


**

because in regular expression, the dot is “any character except 
newline”, while in this case the correct syntax would be


internalProxies="127\.0\.0\.1"

to match the literal dot and the exact 127.0.0.1 IP address

Best regards.

Lorenzo

*Da:*Prakhar Jalan 
*Inviato:* giovedì 26 ottobre 2023 11:56
*A:* user@guacamole.apache.org
*Oggetto:* Re: Bad user remote IP

Hello,

I am facing the same issue. Could you please provide the exact steps 
to log the ACTUAL IP of the user?


Thanks a ton!

Prakhar



*From:*Maciej Konigsman <mailto:maciej.konigsman@eatit.cloud>>

*Sent:* Wednesday, October 25, 2023 18:21
*To:* user@guacamole.apache.org <mailto:user@guacamole.apache.org> 
mailto:user@guacamole.apache.org>>

*Subject:* Re: Bad user remote IP

Thanks for your help.

It works with the following

 internalProxies="127\.\d+\.\d+\.\d+|10\.\d+\.\d+\.\d+"

127... - for nginx running on the same server as Guacamole

10... - AWS private network

On Wed, 25 Oct 2023 at 13:25, Henri Alves de Godoy 
mailto:henri.go...@fca.unicamp.br>> wrote:


Hi all,

the remote ip registration only worked when I put the options
below in server.xml

---

        

        

--

Att,

Henri.

Em qua., 25 de out. de 2023 às 08:16, Nick Couchman
mailto:vn...@apache.org>> escreveu:

On Wed, Oct 25, 2023 at 6:19 AM Maciej Konigsman
mailto:maciej.konigsman@eatit.cloud>> wrote:

Valve config

        

What private subnet applies to your ELB?

ELB is in the same subnet as the EC2 instance where
Guacamole is installed.

Presumably the ELB is not running on the localhost
(127.0.0.1), so I suspect that you need the actual IP
address(es) and/or subnets of the ELB placed into the
"internalProxies" property in this valve.

-Nick


--

Re: Bad user remote IP

2023-10-26 Thread Prakhar Jalan 
Thanks Lorenzo!


From: MAURIZI Lorenzo 
Sent: Thursday, October 26, 2023 15:52
To: user@guacamole.apache.org 
Subject: R: Bad user remote IP


Hello,

you should start from official Guacamole documentation about setting the Remote 
IP Valve:



https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve



taking into account that the



internalProxies



property must be set as a regular expression, as indicated in tomcat 
documentation here:



https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/RemoteIpValve.html



I think that the guacamole documentation should be changed to take this 
information into account, as the shown example seems to be incorrect:





because in regular expression, the dot is “any character except newline”, while 
in this case the correct syntax would be

internalProxies="127\.0\.0\.1"

to match the literal dot and the exact 127.0.0.1 IP address



Best regards.

Lorenzo





Da: Prakhar Jalan 
Inviato: giovedì 26 ottobre 2023 11:56
A: user@guacamole.apache.org
Oggetto: Re: Bad user remote IP



Hello,



I am facing the same issue. Could you please provide the exact steps to log the 
ACTUAL IP of the user?



Thanks a ton!



Prakhar





From: Maciej Konigsman 
mailto:maciej.konigsman@eatit.cloud>>
Sent: Wednesday, October 25, 2023 18:21
To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> 
mailto:user@guacamole.apache.org>>
Subject: Re: Bad user remote IP



Thanks for your help.

It works with the following

 internalProxies="127\.\d+\.\d+\.\d+|10\.\d+\.\d+\.\d+"



127... - for nginx running on the same server as Guacamole

10... - AWS private network



On Wed, 25 Oct 2023 at 13:25, Henri Alves de Godoy 
mailto:henri.go...@fca.unicamp.br>> wrote:

Hi all,

the remote ip registration only worked when I put the options below in 
server.xml



---







--



Att,

Henri.





Em qua., 25 de out. de 2023 às 08:16, Nick Couchman 
mailto:vn...@apache.org>> escreveu:

On Wed, Oct 25, 2023 at 6:19 AM Maciej Konigsman 
mailto:maciej.konigsman@eatit.cloud>> wrote:

Valve config







What private subnet applies to your ELB?

ELB is in the same subnet as the EC2 instance where Guacamole is installed.





Presumably the ELB is not running on the localhost (127.0.0.1), so I suspect 
that you need the actual IP address(es) and/or subnets of the ELB placed into 
the "internalProxies" property in this valve.



-Nick




--

[https://ci3.googleusercontent.com/mail-sig/AIorK4xJTI4fOwTRhNqwzPDuuVtXRma-AtZlVMXEBX8smzlKDm1b6O7MmBLRqUMlR7HmEqRCaiKlXCY]

R: Bad user remote IP

2023-10-26 Thread MAURIZI Lorenzo 
Hello,
you should start from official Guacamole documentation about setting the Remote 
IP Valve:

https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve

taking into account that the

internalProxies

property must be set as a regular expression, as indicated in tomcat 
documentation here:

https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/RemoteIpValve.html

I think that the guacamole documentation should be changed to take this 
information into account, as the shown example seems to be incorrect:



because in regular expression, the dot is “any character except newline”, while 
in this case the correct syntax would be
internalProxies="127\.0\.0\.1"
to match the literal dot and the exact 127.0.0.1 IP address

Best regards.
Lorenzo


Da: Prakhar Jalan 
Inviato: giovedì 26 ottobre 2023 11:56
A: user@guacamole.apache.org
Oggetto: Re: Bad user remote IP

Hello,

I am facing the same issue. Could you please provide the exact steps to log the 
ACTUAL IP of the user?

Thanks a ton!

Prakhar


From: Maciej Konigsman 
mailto:maciej.konigsman@eatit.cloud>>
Sent: Wednesday, October 25, 2023 18:21
To: user@guacamole.apache.org<mailto:user@guacamole.apache.org> 
mailto:user@guacamole.apache.org>>
Subject: Re: Bad user remote IP

Thanks for your help.
It works with the following
 internalProxies="127\.\d+\.\d+\.\d+|10\.\d+\.\d+\.\d+"

127... - for nginx running on the same server as Guacamole
10... - AWS private network

On Wed, 25 Oct 2023 at 13:25, Henri Alves de Godoy 
mailto:henri.go...@fca.unicamp.br>> wrote:
Hi all,

the remote ip registration only worked when I put the options below in 
server.xml

---




--

Att,
Henri.


Em qua., 25 de out. de 2023 às 08:16, Nick Couchman 
mailto:vn...@apache.org>> escreveu:
On Wed, Oct 25, 2023 at 6:19 AM Maciej Konigsman 
mailto:maciej.konigsman@eatit.cloud>> wrote:
Valve config






What private subnet applies to your ELB?

ELB is in the same subnet as the EC2 instance where Guacamole is installed.


Presumably the ELB is not running on the localhost (127.0.0.1), so I suspect 
that you need the actual IP address(es) and/or subnets of the ELB placed into 
the "internalProxies" property in this valve.

-Nick


--
[https://ci3.googleusercontent.com/mail-sig/AIorK4xJTI4fOwTRhNqwzPDuuVtXRma-AtZlVMXEBX8smzlKDm1b6O7MmBLRqUMlR7HmEqRCaiKlXCY]

Re: Bad user remote IP

2023-10-26 Thread Prakhar Jalan 
Hello,

I am facing the same issue. Could you please provide the exact steps to log the 
ACTUAL IP of the user?

Thanks a ton!

Prakhar


From: Maciej Konigsman 
Sent: Wednesday, October 25, 2023 18:21
To: user@guacamole.apache.org 
Subject: Re: Bad user remote IP

Thanks for your help.
It works with the following
 internalProxies="127\.\d+\.\d+\.\d+|10\.\d+\.\d+\.\d+"

127... - for nginx running on the same server as Guacamole
10... - AWS private network

On Wed, 25 Oct 2023 at 13:25, Henri Alves de Godoy 
mailto:henri.go...@fca.unicamp.br>> wrote:
Hi all,

the remote ip registration only worked when I put the options below in 
server.xml

---




--

Att,
Henri.


Em qua., 25 de out. de 2023 às 08:16, Nick Couchman 
mailto:vn...@apache.org>> escreveu:
On Wed, Oct 25, 2023 at 6:19 AM Maciej Konigsman  
wrote:
Valve config





What private subnet applies to your ELB?

ELB is in the same subnet as the EC2 instance where Guacamole is installed.


Presumably the ELB is not running on the localhost (127.0.0.1), so I suspect 
that you need the actual IP address(es) and/or subnets of the ELB placed into 
the "internalProxies" property in this valve.

-Nick


--
[https://ci3.googleusercontent.com/mail-sig/AIorK4xJTI4fOwTRhNqwzPDuuVtXRma-AtZlVMXEBX8smzlKDm1b6O7MmBLRqUMlR7HmEqRCaiKlXCY]

Re: Bad user remote IP

2023-10-25 Thread Maciej Konigsman 
Thanks for your help.
It works with the following
 internalProxies="127\.\d+\.\d+\.\d+|10\.\d+\.\d+\.\d+"

127... - for nginx running on the same server as Guacamole
10... - AWS private network

On Wed, 25 Oct 2023 at 13:25, Henri Alves de Godoy <
henri.go...@fca.unicamp.br> wrote:

> Hi all,
>
> the remote ip registration only worked when I put the options below in
> server.xml
>
> ---
> internalProxies="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"
>remoteIpHeader="x-forwarded-for"
>remoteIpProxiesHeader="x-forwarded-by"
>protocolHeader="x-forwarded-proto" />
>
>  directory="logs"
>prefix="localhost_access_log." suffix=".txt"
>pattern="combined" requestAttributesEnabled="true" />
>
> --
>
> Att,
> Henri.
>
>
> Em qua., 25 de out. de 2023 às 08:16, Nick Couchman 
> escreveu:
>
>> On Wed, Oct 25, 2023 at 6:19 AM Maciej Konigsman
>>  wrote:
>>
>>> Valve config
>>>
>>> >>
>>>internalProxies="127.0.0.1"
>>>
>>>remoteIpHeader="x-forwarded-for"
>>>
>>>remoteIpProxiesHeader="x-forwarded-by"
>>>
>>>protocolHeader="x-forwarded-proto" />
>>>
>>>
>>> What private subnet applies to your ELB?
>>>
>>> ELB is in the same subnet as the EC2 instance where Guacamole is
>>> installed.
>>>
>>>
>> Presumably the ELB is not running on the localhost (127.0.0.1), so I
>> suspect that you need the actual IP address(es) and/or subnets of the ELB
>> placed into the "internalProxies" property in this valve.
>>
>> -Nick
>>
>
>
> --
>
>

Re: Bad user remote IP

2023-10-25 Thread Henri Alves de Godoy 
Hi all,

the remote ip registration only worked when I put the options below in
server.xml

---




--

Att,
Henri.


Em qua., 25 de out. de 2023 às 08:16, Nick Couchman 
escreveu:

> On Wed, Oct 25, 2023 at 6:19 AM Maciej Konigsman
>  wrote:
>
>> Valve config
>>
>> >
>>internalProxies="127.0.0.1"
>>
>>remoteIpHeader="x-forwarded-for"
>>
>>remoteIpProxiesHeader="x-forwarded-by"
>>
>>protocolHeader="x-forwarded-proto" />
>>
>>
>> What private subnet applies to your ELB?
>>
>> ELB is in the same subnet as the EC2 instance where Guacamole is
>> installed.
>>
>>
> Presumably the ELB is not running on the localhost (127.0.0.1), so I
> suspect that you need the actual IP address(es) and/or subnets of the ELB
> placed into the "internalProxies" property in this valve.
>
> -Nick
>


--

Re: Bad user remote IP

2023-10-25 Thread Nick Couchman 
On Wed, Oct 25, 2023 at 6:19 AM Maciej Konigsman
 wrote:

> Valve config
>
> 
>internalProxies="127.0.0.1"
>
>remoteIpHeader="x-forwarded-for"
>
>remoteIpProxiesHeader="x-forwarded-by"
>
>protocolHeader="x-forwarded-proto" />
>
>
> What private subnet applies to your ELB?
>
> ELB is in the same subnet as the EC2 instance where Guacamole is installed.
>
>
Presumably the ELB is not running on the localhost (127.0.0.1), so I
suspect that you need the actual IP address(es) and/or subnets of the ELB
placed into the "internalProxies" property in this valve.

-Nick

Re: Bad user remote IP

2023-10-25 Thread Maciej Konigsman 
Valve config




What private subnet applies to your ELB?

ELB is in the same subnet as the EC2 instance where Guacamole is installed.


On Tue, 24 Oct 2023 at 19:13, Michael Jumper  wrote:

> What does your valve configuration look like in your Tomcat's server.xml?
>
> What private subnet applies to your ELB?
>
> - Mike
>
> On 10/24/2023 5:32 AM, Maciej Konigsman wrote:
> > Hi,
> >
> > I'm having a similar problem but my case is as follows
> > AWS Elastic LB (443) -> EC2 Nginx (443) -> EC2 Guacamole (8080)
> > Guacamole 1.5.3 not containerised.
> >
> > I configured Nginx and Tomcat according to this instruction
> >
> https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve
> <
> https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve
> >
> >
> > However, it shows private IP of the ELB not the remote host.
> > In catalina.out I'm getting:
> > . o.a.g.r.auth.AuthenticationService - User ""
> > successfully authenticated from [, ]
> > It seems that guacamole history picks up the last IP address which is
> > not the one I would expect to be used.
> >
> > Any suggestions?
> >
> > Thanks,
> > Maciek
> >
> >
> > On Mon, 14 Aug 2023 at 15:14, Nick Couchman  > > wrote:
> >
> > On Mon, Aug 14, 2023 at 8:37 AM Martin Vancl  > > wrote:
> >  >
> >  > I'm sorry. That was my mistake.
> >  > Now it's working. Thank you :-)
> >
> > Great, glad you got it sorted. Thanks for posting the solution.
> >
> > -Nick
> >
> > -
> > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> > 
> > For additional commands, e-mail: user-h...@guacamole.apache.org
> > 
> >
>
> -
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
>
>

Re: Bad user remote IP

2023-10-24 Thread Michael Jumper 

What does your valve configuration look like in your Tomcat's server.xml?

What private subnet applies to your ELB?

- Mike

On 10/24/2023 5:32 AM, Maciej Konigsman wrote:

Hi,

I'm having a similar problem but my case is as follows
AWS Elastic LB (443) -> EC2 Nginx (443) -> EC2 Guacamole (8080)
Guacamole 1.5.3 not containerised.

I configured Nginx and Tomcat according to this instruction 
https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve 


However, it shows private IP of the ELB not the remote host.
In catalina.out I'm getting:
. o.a.g.r.auth.AuthenticationService - User "" 
successfully authenticated from [, ]
It seems that guacamole history picks up the last IP address which is 
not the one I would expect to be used.


Any suggestions?

Thanks,
Maciek


On Mon, 14 Aug 2023 at 15:14, Nick Couchman > wrote:


On Mon, Aug 14, 2023 at 8:37 AM Martin Vancl mailto:tux.mar...@gmail.com>> wrote:
 >
 > I'm sorry. That was my mistake.
 > Now it's working. Thank you :-)

Great, glad you got it sorted. Thanks for posting the solution.

-Nick

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org

For additional commands, e-mail: user-h...@guacamole.apache.org




-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Bad user remote IP

2023-10-24 Thread Maciej Konigsman 
Hi,

I'm having a similar problem but my case is as follows
AWS Elastic LB (443) -> EC2 Nginx (443) -> EC2 Guacamole (8080)
Guacamole 1.5.3 not containerised.

I configured Nginx and Tomcat according to this instruction
https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve

However, it shows private IP of the ELB not the remote host.
In catalina.out I'm getting:
. o.a.g.r.auth.AuthenticationService - User "" successfully
authenticated from [, ]
It seems that guacamole history picks up the last IP address which is not
the one I would expect to be used.

Any suggestions?

Thanks,
Maciek


On Mon, 14 Aug 2023 at 15:14, Nick Couchman  wrote:

> On Mon, Aug 14, 2023 at 8:37 AM Martin Vancl  wrote:
> >
> > I'm sorry. That was my mistake.
> > Now it's working. Thank you :-)
>
> Great, glad you got it sorted. Thanks for posting the solution.
>
> -Nick
>
> -
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
>
>

Re: Bad user remote IP

2023-08-14 Thread Nick Couchman 
On Mon, Aug 14, 2023 at 8:37 AM Martin Vancl  wrote:
>
> I'm sorry. That was my mistake.
> Now it's working. Thank you :-)

Great, glad you got it sorted. Thanks for posting the solution.

-Nick

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Bad user remote IP

2023-08-14 Thread Martin Vancl 
I'm sorry. That was my mistake.
Now it's working. Thank you :-)

My nginx proxy:
--
location / {
proxy_pass http://127.0.0.1:8090/guacamole/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
}
--

and part of my docker-compose.yml:

--
image: guacamole/guacamole:1.5.3
ports:
  - "127.0.0.1:8090:8080"
environment:
...
  REMOTE_IP_VALVE_ENABLED: 'true'
  PROXY_IP_HEADER: "X-Real-IP"
  PROXY_PROTOCOL_HEADER: "X-Forward-Proto"
...
--

And RemoteIpValve in now ok:
--
# docker exec -ti guacamole_guac_1 sh -c "cat
/home/guacamole/tomcat/conf/server.xml | grep RemoteIpValve"

--


po 14. 8. 2023 v 13:51 odesílatel Nick Couchman  napsal:

> On Mon, Aug 14, 2023 at 3:18 AM Martin Vancl  wrote:
> >
> > Ok. I'm sorry, my mistake.
> > There is real config: https://pastebin.com/FPhetEie
> > and there is this "empty" line:
> >
> > 
> >
>
> Yes, the "empty" line enables the RemoteIPValve with its default
> values. If you need to adjust values, for example, internalProxies,
> you can use the other Docker variables that I mentioned previously,
> which will have the effect of writing additional values into the line
> in the server.xml file.
>
> In my non-Docker install, where Nginx is running on the same system as
> Tomcat, adding the line above is all that is needed for the correct
> IPs to be passed from Nginx to Tomcat and logged in Guacamole.
>
> -Nick
>
> -
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
>
>

-- 
S pozdravem
Ing. Martin Vancl

e-mail:  tux.mar...@gmail.com
web:  www.vancl-it.cz

Re: Bad user remote IP

2023-08-14 Thread Nick Couchman 
On Mon, Aug 14, 2023 at 3:18 AM Martin Vancl  wrote:
>
> Ok. I'm sorry, my mistake.
> There is real config: https://pastebin.com/FPhetEie
> and there is this "empty" line:
>
> 
>

Yes, the "empty" line enables the RemoteIPValve with its default
values. If you need to adjust values, for example, internalProxies,
you can use the other Docker variables that I mentioned previously,
which will have the effect of writing additional values into the line
in the server.xml file.

In my non-Docker install, where Nginx is running on the same system as
Tomcat, adding the line above is all that is needed for the correct
IPs to be passed from Nginx to Tomcat and logged in Guacamole.

-Nick

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Bad user remote IP

2023-08-14 Thread Martin Vancl 
Ok. I'm sorry, my mistake.
There is real config: https://pastebin.com/FPhetEie
and there is this "empty" line:






po 14. 8. 2023 v 0:11 odesílatel Michael Jumper  napsal:

> The file that you're checking ("/usr/local/tomcat/conf/server.xml") is
> not the server.xml used by the image. It's the server.xml that serves as
> the basis. A separate copy is made during startup, and it's that copy
> that's modified according to the environment variables provided:
>
>
> https://github.com/apache/guacamole-client/blob/bffc5fbdd5e2bb7a777f55c819a1d4d858829cb7/guacamole-docker/bin/start.sh#L1025-L1030
>
> - Mike
>
> On 8/13/2023 11:21 AM, Martin Vancl wrote:
> > My nginx proxy:
> > --
> > location / {
> >  proxy_pass http://127.0.0.1:8090/guacamole/
> > ;
> >  proxy_http_version 1.1;
> >  proxy_set_header Upgrade $http_upgrade;
> >  proxy_set_header Connection 'upgrade';
> >  proxy_set_header Host $host;
> >  proxy_set_header X-Real-IP $remote_addr;
> >  proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
> >  proxy_set_header X-Forward-Proto http;
> >  proxy_set_header X-Nginx-Proxy true;
> >  proxy_buffering off;
> > }
> > --
> >
> > and part of my docker-compose.yml:
> >
> > --
> > image: guacamole/guacamole:1.5.3
> > ports:
> >- "127.0.0.1:8090:8080"
> > environment:
> >GUACD_HOSTNAME: guacd
> >POSTGRES_HOSTNAME: postgres
> >POSTGRES_DATABASE: ${POSTGRES_USER:-guacdb}
> >POSTGRES_USER: ${POSTGRES_USER:-guacdb}
> >POSTGRES_PASSWORD: secretPassword
> >GUACAMOLE_HOME: /guac_extensions
> >REMOTE_IP_VALVE_ENABLED: 'true'
> > volumes:
> >- /opt/guacamole/guac_extensions:/guac_extensions
> > depends_on:
> >- postgres
> >- guacd
> > --
> >
> > But there is no "RemoteIpValve":
> > --
> >   # docker exec -ti guacamole_guac_1 sh -c "cat
> > /usr/local/tomcat/conf/server.xml | grep Valve"
> >   define subcomponents such as "Valves" at this level.
> > so you may not define subcomponents such as "Valves" at this
> level.
> >   > className="org.apache.catalina.authenticator.SingleSignOn" />
> >   > directory="logs"
> > --
> >
> >
> > pá 11. 8. 2023 v 21:53 odesílatel Nick Couchman  > > napsal:
> >
> > On Fri, Aug 11, 2023 at 10:49 AM Martin Vancl  > > wrote:
> >  >
> >  > No. As I wrote:
> >  > > I just updated to version 1.5.3 (from 1.4.0), and the problem
> > is still the same.
> >  > So now I'm using 1.5.3 in docker.
> >  >
> >  > I wrote about version 1.3.0 in the first email three years ago.
> >
> > Ah, okay - sorry to have missed that. I tried this out with the 1.5.3
> > container and adding the "-e REMOTE_IP_VALVE_ENABLED=true" option to
> > the container creation command results in the following line being
> > written to the server.xml file:
> >
> > 
> >
> > Can you confirm that you've created the container with that option
> and
> > you're definitely not seeing that line??
> >
> > There are additional properties that can be used to control the
> > content of this line:
> >
> > PROXY_ALLOWED_IPS_REGEX - The IP regex that should show up as valid
> > proxy addresses to Tomcat.
> > PROXY_IP_HEADER - The HTTP header to use for the remote ip.
> > PROXY_PROTOCOL_HEADER - The HTTP header to use for the protocol.
> > PROXY_BY_HEADER - The HTTP header to use for the IP of the proxy that
> > forwarded the request.
> >
> > -Nick
> >
> > -
> > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> > 
> > For additional commands, e-mail: user-h...@guacamole.apache.org
> > 
> >
> >
> >
> > --
> > S pozdravem
> > Ing. Martin Vancl
> >
> > e-mail: tux.mar...@gmail.com 
> > web: www.vancl-it.cz 
>
> -
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
>
>

-- 
S pozdravem
Ing. Martin Vancl

e-mail:  tux.mar...@gmail.com
web:  www.vancl-it.cz

Re: Bad user remote IP

2023-08-13 Thread Michael Jumper 
The file that you're checking ("/usr/local/tomcat/conf/server.xml") is 
not the server.xml used by the image. It's the server.xml that serves as 
the basis. A separate copy is made during startup, and it's that copy 
that's modified according to the environment variables provided:


https://github.com/apache/guacamole-client/blob/bffc5fbdd5e2bb7a777f55c819a1d4d858829cb7/guacamole-docker/bin/start.sh#L1025-L1030

- Mike

On 8/13/2023 11:21 AM, Martin Vancl wrote:

My nginx proxy:
--
location / {
     proxy_pass http://127.0.0.1:8090/guacamole/ 
;

     proxy_http_version 1.1;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection 'upgrade';
     proxy_set_header Host $host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forward-Proto http;
     proxy_set_header X-Nginx-Proxy true;
     proxy_buffering off;
}
--

and part of my docker-compose.yml:

--
image: guacamole/guacamole:1.5.3
ports:
   - "127.0.0.1:8090:8080"
environment:
   GUACD_HOSTNAME: guacd
   POSTGRES_HOSTNAME: postgres
   POSTGRES_DATABASE: ${POSTGRES_USER:-guacdb}
   POSTGRES_USER: ${POSTGRES_USER:-guacdb}
   POSTGRES_PASSWORD: secretPassword
   GUACAMOLE_HOME: /guac_extensions
   REMOTE_IP_VALVE_ENABLED: 'true'
volumes:
   - /opt/guacamole/guac_extensions:/guac_extensions
depends_on:
   - postgres
   - guacd
--

But there is no "RemoteIpValve":
--
  # docker exec -ti guacamole_guac_1 sh -c "cat 
/usr/local/tomcat/conf/server.xml | grep Valve"

      define subcomponents such as "Valves" at this level.
        so you may not define subcomponents such as "Valves" at this level.
         className="org.apache.catalina.authenticator.SingleSignOn" />
         directory="logs"

--


pá 11. 8. 2023 v 21:53 odesílatel Nick Couchman > napsal:


On Fri, Aug 11, 2023 at 10:49 AM Martin Vancl mailto:tux.mar...@gmail.com>> wrote:
 >
 > No. As I wrote:
 > > I just updated to version 1.5.3 (from 1.4.0), and the problem
is still the same.
 > So now I'm using 1.5.3 in docker.
 >
 > I wrote about version 1.3.0 in the first email three years ago.

Ah, okay - sorry to have missed that. I tried this out with the 1.5.3
container and adding the "-e REMOTE_IP_VALVE_ENABLED=true" option to
the container creation command results in the following line being
written to the server.xml file:



Can you confirm that you've created the container with that option and
you're definitely not seeing that line??

There are additional properties that can be used to control the
content of this line:

PROXY_ALLOWED_IPS_REGEX - The IP regex that should show up as valid
proxy addresses to Tomcat.
PROXY_IP_HEADER - The HTTP header to use for the remote ip.
PROXY_PROTOCOL_HEADER - The HTTP header to use for the protocol.
PROXY_BY_HEADER - The HTTP header to use for the IP of the proxy that
forwarded the request.

-Nick

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org

For additional commands, e-mail: user-h...@guacamole.apache.org




--
S pozdravem
Ing. Martin Vancl

e-mail: tux.mar...@gmail.com 
web: www.vancl-it.cz 


-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Bad user remote IP

2023-08-13 Thread Martin Vancl 
My nginx proxy:
--
location / {
proxy_pass http://127.0.0.1:8090/guacamole/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
}
--

and part of my docker-compose.yml:

--
image: guacamole/guacamole:1.5.3
ports:
  - "127.0.0.1:8090:8080"
environment:
  GUACD_HOSTNAME: guacd
  POSTGRES_HOSTNAME: postgres
  POSTGRES_DATABASE: ${POSTGRES_USER:-guacdb}
  POSTGRES_USER: ${POSTGRES_USER:-guacdb}
  POSTGRES_PASSWORD: secretPassword
  GUACAMOLE_HOME: /guac_extensions
  REMOTE_IP_VALVE_ENABLED: 'true'
volumes:
  - /opt/guacamole/guac_extensions:/guac_extensions
depends_on:
  - postgres
  - guacd
--

But there is no "RemoteIpValve":
--
 # docker exec -ti guacamole_guac_1 sh -c "cat
/usr/local/tomcat/conf/server.xml | grep Valve"
 define subcomponents such as "Valves" at this level.
   so you may not define subcomponents such as "Valves" at this level.

 napsal:

> On Fri, Aug 11, 2023 at 10:49 AM Martin Vancl 
> wrote:
> >
> > No. As I wrote:
> > > I just updated to version 1.5.3 (from 1.4.0), and the problem is still
> the same.
> > So now I'm using 1.5.3 in docker.
> >
> > I wrote about version 1.3.0 in the first email three years ago.
>
> Ah, okay - sorry to have missed that. I tried this out with the 1.5.3
> container and adding the "-e REMOTE_IP_VALVE_ENABLED=true" option to
> the container creation command results in the following line being
> written to the server.xml file:
>
> 
>
> Can you confirm that you've created the container with that option and
> you're definitely not seeing that line??
>
> There are additional properties that can be used to control the
> content of this line:
>
> PROXY_ALLOWED_IPS_REGEX - The IP regex that should show up as valid
> proxy addresses to Tomcat.
> PROXY_IP_HEADER - The HTTP header to use for the remote ip.
> PROXY_PROTOCOL_HEADER - The HTTP header to use for the protocol.
> PROXY_BY_HEADER - The HTTP header to use for the IP of the proxy that
> forwarded the request.
>
> -Nick
>
> -
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
>
>

-- 
S pozdravem
Ing. Martin Vancl

e-mail:  tux.mar...@gmail.com
web:  www.vancl-it.cz

Re: Bad user remote IP

2023-08-11 Thread Nick Couchman 
On Fri, Aug 11, 2023 at 10:49 AM Martin Vancl  wrote:
>
> No. As I wrote:
> > I just updated to version 1.5.3 (from 1.4.0), and the problem is still the 
> > same.
> So now I'm using 1.5.3 in docker.
>
> I wrote about version 1.3.0 in the first email three years ago.

Ah, okay - sorry to have missed that. I tried this out with the 1.5.3
container and adding the "-e REMOTE_IP_VALVE_ENABLED=true" option to
the container creation command results in the following line being
written to the server.xml file:



Can you confirm that you've created the container with that option and
you're definitely not seeing that line??

There are additional properties that can be used to control the
content of this line:

PROXY_ALLOWED_IPS_REGEX - The IP regex that should show up as valid
proxy addresses to Tomcat.
PROXY_IP_HEADER - The HTTP header to use for the remote ip.
PROXY_PROTOCOL_HEADER - The HTTP header to use for the protocol.
PROXY_BY_HEADER - The HTTP header to use for the IP of the proxy that
forwarded the request.

-Nick

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Bad user remote IP

2023-08-11 Thread Martin Vancl 
No. As I wrote:
> I just updated to version 1.5.3 (from 1.4.0), and the problem is still
the same.
So now I'm using 1.5.3 in docker.

I wrote about version 1.3.0 in the first email three years ago.

pá 11. 8. 2023 v 16:45 odesílatel Nick Couchman  napsal:

> On Fri, Aug 11, 2023 at 10:13 AM Martin Vancl 
> wrote:
> >
> > pá 11. 8. 2023 v 15:35 odesílatel Nick Couchman 
> napsal:
> >>
> >> Did you also configure the Remote IP valve, as documented in this
> section of the manual:
> >>
> >>
> https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve
> >>
> >> If you're running in Docker in recent versions (1.5.0 or later), this
> should be something you can set up by adding the
> REMOTE_IP_VALVE_ENABLED=true variable to your Docker container startup for
> guacamole/guacamole. This is required as an addition to changes for your
> particular reverse proxy.
> >>
> >
> > REMOTE_IP_VALVE_ENABLED=true does not work.
> >
> > I didn't change server.xml. I would not like to edit files in the docker
> container manually. It's just a manual hack/hotfix, not a solution.
>
> You said you're using 1.3.0. This option wasn't introduced until
> 1.5.0, so you would need to update to get that working without editing
> server.xml.
>
> -Nick
>
> -
> To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
> For additional commands, e-mail: user-h...@guacamole.apache.org
>
>

-- 
S pozdravem
Ing. Martin Vancl

e-mail:  tux.mar...@gmail.com
web:  www.vancl-it.cz

Re: Bad user remote IP

2023-08-11 Thread Nick Couchman 
On Fri, Aug 11, 2023 at 10:13 AM Martin Vancl  wrote:
>
> pá 11. 8. 2023 v 15:35 odesílatel Nick Couchman  napsal:
>>
>> Did you also configure the Remote IP valve, as documented in this section of 
>> the manual:
>>
>> https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve
>>
>> If you're running in Docker in recent versions (1.5.0 or later), this should 
>> be something you can set up by adding the REMOTE_IP_VALVE_ENABLED=true 
>> variable to your Docker container startup for guacamole/guacamole. This is 
>> required as an addition to changes for your particular reverse proxy.
>>
>
> REMOTE_IP_VALVE_ENABLED=true does not work.
>
> I didn't change server.xml. I would not like to edit files in the docker 
> container manually. It's just a manual hack/hotfix, not a solution.

You said you're using 1.3.0. This option wasn't introduced until
1.5.0, so you would need to update to get that working without editing
server.xml.

-Nick

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Bad user remote IP

2023-08-11 Thread Martin Vancl 
pá 11. 8. 2023 v 15:35 odesílatel Nick Couchman  napsal:

> Did you also configure the Remote IP valve, as documented in this section
> of the manual:
>
>
> https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve
>
> If you're running in Docker in recent versions (1.5.0 or later), this
> should be something you can set up by adding the
> REMOTE_IP_VALVE_ENABLED=true variable to your Docker container startup for
> guacamole/guacamole. This is required as an addition to changes for your
> particular reverse proxy.
>
>
REMOTE_IP_VALVE_ENABLED=true does not work.

I didn't change server.xml. I would not like to edit files in the docker
container manually. It's just a manual hack/hotfix, not a solution.

-- 
S pozdravem
Ing. Martin Vancl

e-mail:  tux.mar...@gmail.com
web:  www.vancl-it.cz

Re: Bad user remote IP

2023-08-11 Thread Nick Couchman 
On Fri, Aug 11, 2023 at 4:21 AM Molina de la Iglesia, Manuel
 wrote:

> Hi, I'm in a similar situation.
>
> I have an external application that the backend communicates with
> Guacamole in order to get the list of reachable remote machines and
> redirect the user to the URL of the selected one (yes, with the token on
> the URL :-( , the problem is the same one, the address that log shows is
> the application address instead of the user address because although the
> user browser opens the remote session, the auth is done by my application
> backend, I tried to add the X_Forwarder_For header on the request but it
> doesn't work.
>
> I'm not a tomcat expert, but I think that should be any setting to force
> the use of X_Forwarded_for provided address, any idea?
>

Did you also configure the Remote IP valve, as documented in this section
of the manual:

https://guacamole.apache.org/doc/gug/reverse-proxy.html#setting-up-the-remote-ip-valve

If you're running in Docker in recent versions (1.5.0 or later), this
should be something you can set up by adding the
REMOTE_IP_VALVE_ENABLED=true variable to your Docker container startup for
guacamole/guacamole. This is required as an addition to changes for your
particular reverse proxy.

-Nick

>

Re: Bad user remote IP

2023-08-11 Thread Molina de la Iglesia, Manuel 
Hi, I'm in a similar situation.

I have an external application that the backend communicates with Guacamole
in order to get the list of reachable remote machines and redirect the user
to the URL of the selected one (yes, with the token on the URL :-( , the
problem is the same one, the address that log shows is the application
address instead of the user address because although the user browser opens
the remote session, the auth is done by my application backend, I tried to
add the X_Forwarder_For header on the request but it doesn't work.

I'm not a tomcat expert, but I think that should be any setting to force
the use of X_Forwarded_for provided address, any idea?

Thanks
Regards

*Manel Molina*

*manuel.molina-de-la-igle...@veolia.com
*

*Dirección de Ciberseguridad*

Ciutat de L’Aigua (D38)

Paseo de la Zona Franca, 48
08038 Barcelona / España

www.veolia.com





El vie, 11 ago 2023 a las 10:08, Martin Vancl ()
escribió:

> Hello,
> I just updated to version 1.5.3 (from 1.4.0), and the problem is still the
> same.
>
> I see the internal Docker IP in the session log :-(
>
> How can I fix this?
>
> The JIRA ticket is closed:
> https://issues.apache.org/jira/browse/GUACAMOLE-1005
> I don't think it's resolved.
>
>
> čt 18. 3. 2021 v 8:37 odesílatel fed  napsal:
>
>> Hi,
>>
>> I had the same problem and In some way I managed to make this work
>> mapping the server.xml file to a local server.xml file after copying the
>> one that is the default in the docker image to the host.
>>
>> So on volumes of guac I have:
>> - ${PWD}/tomcat_conf/server.xml:/usr/local/tomcat/conf/server.xml
>>
>> And this new server.xml is the original one with this section added:
>>
>> >   internalProxies="172.31.0.1"
>>   remoteIpHeader="x-forwarded-for"
>>   remoteIpProxiesHeader="x-forwarded-by"
>>   protocolHeader="x-forwarded-proto" />
>>
>> It's not a good solution because as you see it depends on the host ip and
>> this is written in the file and the subnet can change. So to try to avoid
>> this I created a docker subnet just for guacamole.
>>
>> Bye
>>
>> On Wed, 17 Mar 2021 at 19:05, Nick Couchman  wrote:
>>
>>> On Mon, Mar 15, 2021 at 4:56 AM Martin Vancl 
>>> wrote:
>>>
 Hi,
 I'm using Guacamole 1.3.0 with docker and nginx ssl proxy.
 At page https://rdp.example.net/#/settings/postgresql/history all
 users have the same remote host address "172.18.0.1". It is probably
 from the docker network.
 Is possible to have real user IP address at history page?


>>> You'll need to modify the Tomcat server.xml file within the guacamole
>>> Docker container and set up the RemoteIp Valve:
>>>
>>>
>>> http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
>>>
>>> -Nick
>>>
>>
>
> --
> S pozdravem
> Ing. Martin Vancl
>
> e-mail:  tux.mar...@gmail.com
> web:  www.vancl-it.cz
>

Re: Bad user remote IP

2023-08-11 Thread Martin Vancl 
Hello,
I just updated to version 1.5.3 (from 1.4.0), and the problem is still the
same.

I see the internal Docker IP in the session log :-(

How can I fix this?

The JIRA ticket is closed:
https://issues.apache.org/jira/browse/GUACAMOLE-1005
I don't think it's resolved.


čt 18. 3. 2021 v 8:37 odesílatel fed  napsal:

> Hi,
>
> I had the same problem and In some way I managed to make this work mapping
> the server.xml file to a local server.xml file after copying the one that
> is the default in the docker image to the host.
>
> So on volumes of guac I have:
> - ${PWD}/tomcat_conf/server.xml:/usr/local/tomcat/conf/server.xml
>
> And this new server.xml is the original one with this section added:
>
>internalProxies="172.31.0.1"
>   remoteIpHeader="x-forwarded-for"
>   remoteIpProxiesHeader="x-forwarded-by"
>   protocolHeader="x-forwarded-proto" />
>
> It's not a good solution because as you see it depends on the host ip and
> this is written in the file and the subnet can change. So to try to avoid
> this I created a docker subnet just for guacamole.
>
> Bye
>
> On Wed, 17 Mar 2021 at 19:05, Nick Couchman  wrote:
>
>> On Mon, Mar 15, 2021 at 4:56 AM Martin Vancl 
>> wrote:
>>
>>> Hi,
>>> I'm using Guacamole 1.3.0 with docker and nginx ssl proxy.
>>> At page https://rdp.example.net/#/settings/postgresql/history all
>>> users have the same remote host address "172.18.0.1". It is probably
>>> from the docker network.
>>> Is possible to have real user IP address at history page?
>>>
>>>
>> You'll need to modify the Tomcat server.xml file within the guacamole
>> Docker container and set up the RemoteIp Valve:
>>
>>
>> http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
>>
>> -Nick
>>
>

-- 
S pozdravem
Ing. Martin Vancl

e-mail:  tux.mar...@gmail.com
web:  www.vancl-it.cz

Re: Bad user remote IP

2021-03-18 Thread fed 
Hi,

I had the same problem and In some way I managed to make this work mapping
the server.xml file to a local server.xml file after copying the one that
is the default in the docker image to the host.

So on volumes of guac I have:
- ${PWD}/tomcat_conf/server.xml:/usr/local/tomcat/conf/server.xml

And this new server.xml is the original one with this section added:



It's not a good solution because as you see it depends on the host ip and
this is written in the file and the subnet can change. So to try to avoid
this I created a docker subnet just for guacamole.

Bye

On Wed, 17 Mar 2021 at 19:05, Nick Couchman  wrote:

> On Mon, Mar 15, 2021 at 4:56 AM Martin Vancl  wrote:
>
>> Hi,
>> I'm using Guacamole 1.3.0 with docker and nginx ssl proxy.
>> At page https://rdp.example.net/#/settings/postgresql/history all
>> users have the same remote host address "172.18.0.1". It is probably
>> from the docker network.
>> Is possible to have real user IP address at history page?
>>
>>
> You'll need to modify the Tomcat server.xml file within the guacamole
> Docker container and set up the RemoteIp Valve:
>
>
> http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
>
> -Nick
>

Re: Bad user remote IP

2021-03-17 Thread Nick Couchman 
On Wed, Mar 17, 2021 at 4:50 PM Martin Vancl  wrote:

> Can you guess when 1.4.0 will be released? Between 1.0.0 and 1.1.0 was
> more than one year.
>
>
No, I have no idea at this point - we have not discussed a release date,
yet, and are still actively working several issues that will likely go into
1.4.0.

And, while it's true that there was a year between 1.0.0 and 1.1.0, the
last two releases have been around 6 months. We're trying to get a little
bit better about being able to release a little more frequently, but it all
depends on the issues we're trying to get into the release and how much
time people are able to devote to the project.


> And will this bug be fixed?
>
>
I suspect that this JIRA issue and pull request will end up in the 1.4.0
release.

-Nick

Re: Bad user remote IP

2021-03-17 Thread Martin Vancl 
Can you guess when 1.4.0 will be released? Between 1.0.0 and 1.1.0 was
more than one year.

And will this bug be fixed?

st 17. 3. 2021 v 21:11 odesílatel Nick Couchman  napsal:
>
> On Wed, Mar 17, 2021 at 3:27 PM Martin Vancl  wrote:
>>
>> I found it:
>> https://issues.apache.org/jira/browse/GUACAMOLE-1005
>> https://github.com/apache/guacamole-client/pull/489
>>
>> I hope it will be fixed in the next version. It could be something
>> like 1.3.1, not the next "big version" 1.4.0.
>>
>
> At this point it is looking like 1.4.0 will be the next version - we do not 
> have any plans to release 1.3.1.
>
> -Nick



-- 
S pozdravem
Ing. Martin Vancl

e-mail:  tux.mar...@gmail.com
web:  www.vancl-it.cz

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Bad user remote IP

2021-03-17 Thread Nick Couchman 
On Wed, Mar 17, 2021 at 3:27 PM Martin Vancl  wrote:

> I found it:
> https://issues.apache.org/jira/browse/GUACAMOLE-1005
> https://github.com/apache/guacamole-client/pull/489
>
> I hope it will be fixed in the next version. It could be something
> like 1.3.1, not the next "big version" 1.4.0.
>
>
At this point it is looking like 1.4.0 will be the next version - we do not
have any plans to release 1.3.1.

-Nick

Re: Bad user remote IP

2021-03-17 Thread Martin Vancl 
I found it:
https://issues.apache.org/jira/browse/GUACAMOLE-1005
https://github.com/apache/guacamole-client/pull/489

I hope it will be fixed in the next version. It could be something
like 1.3.1, not the next "big version" 1.4.0.

st 17. 3. 2021 v 19:05 odesílatel Nick Couchman  napsal:
>
> On Mon, Mar 15, 2021 at 4:56 AM Martin Vancl  wrote:
>>
>> Hi,
>> I'm using Guacamole 1.3.0 with docker and nginx ssl proxy.
>> At page https://rdp.example.net/#/settings/postgresql/history all
>> users have the same remote host address "172.18.0.1". It is probably
>> from the docker network.
>> Is possible to have real user IP address at history page?
>>
>
> You'll need to modify the Tomcat server.xml file within the guacamole Docker 
> container and set up the RemoteIp Valve:
>
> http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
>
> -Nick



-- 
S pozdravem
Ing. Martin Vancl

e-mail:  tux.mar...@gmail.com
web:  www.vancl-it.cz

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org

Re: Bad user remote IP

2021-03-17 Thread Nick Couchman 
On Mon, Mar 15, 2021 at 4:56 AM Martin Vancl  wrote:

> Hi,
> I'm using Guacamole 1.3.0 with docker and nginx ssl proxy.
> At page https://rdp.example.net/#/settings/postgresql/history all
> users have the same remote host address "172.18.0.1". It is probably
> from the docker network.
> Is possible to have real user IP address at history page?
>
>
You'll need to modify the Tomcat server.xml file within the guacamole
Docker container and set up the RemoteIp Valve:

http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip

-Nick

Bad user remote IP

2021-03-15 Thread Martin Vancl 
Hi,
I'm using Guacamole 1.3.0 with docker and nginx ssl proxy.
At page https://rdp.example.net/#/settings/postgresql/history all
users have the same remote host address "172.18.0.1". It is probably
from the docker network.
Is possible to have real user IP address at history page?

Thanks for help.

There is my  docker-compose.yml file:
---
version: "3"
services:

  init-guacamole-db:
image: guacamole/guacamole:latest
command: ["/bin/sh", "-c", "test -e /init/initdb.sql && echo 'init
file already exists' || /opt/guacamole/bin/initdb.sh --postgres >
/init/initdb.sql" ]
volumes:
  - dbinit:/init

  postgres:
image: postgres:13.1-alpine
restart: unless-stopped
volumes:
  - dbinit:/docker-entrypoint-initdb.d
  - dbdata:/var/lib/postgresql/data
environment:
  POSTGRES_USER: ${POSTGRES_USER:-guacdb}
  POSTGRES_PASSWORD: secretPassword
depends_on:
  - init-guacamole-db

  guacd:
image: guacamole/guacd:1.3.0
restart: unless-stopped
volumes:
  - /data:/data

  guac:
image: guacamole/guacamole:1.3.0
restart: unless-stopped
ports:
  - "8080:8080"
environment:
  GUACD_HOSTNAME: guacd
  POSTGRES_HOSTNAME: postgres
  POSTGRES_DATABASE: ${POSTGRES_USER:-guacdb}
  POSTGRES_USER: ${POSTGRES_USER:-guacdb}
  POSTGRES_PASSWORD: secretPassword
depends_on:
  - postgres
  - guacd

volumes:
  dbinit:
driver: local
  dbdata:
driver: local
  data:
driver: local
---
and nginx vhost:

---
server {
server_name rdp.example.net ;
listen 443 ssl http2;
listen [::]:443 ssl http2;
location / {
proxy_pass http://127.0.0.1:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
}
---

-- 
S pozdravem
Ing. Martin Vancl

e-mail:  tux.mar...@gmail.com
web:  www.vancl-it.cz

-
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org