I did try that at one point and it didnt seem to make a diff. but I could try again and will try a full reboot instead of just restarting all the associated services.
everything is hosted on 1 server. and there is just a firewall in front of it, so unless thats doing something odd, its just strange that it works sometimes 1 way and sometimes different. thanks /dm From: "Thiago Cruz" <thiagoc...@gmail.com> To: user@guacamole.apache.org Date: 04/09/20 03:21 PM Subject: Re: randomely showing localhost IP in guacamole user history Daniel, Try insert "0:0:0:0:0:0:0:1" into your "internalProxies" parameter at RemoteIpValve. Thiago Cruz On Thu, Apr 9, 2020 at 4:15 PM <dmoscovi...@simard.ca> wrote: Hi Tushar from catalina.out , and its the 0:0:0:0:0:0:0:1 that seems to be an issue. good user 14:32:54.531 [http-bio-8080-exec-2857] INFO o.a.g.r.auth.AuthenticationService - User "USER123" successfully authenticated from 123.123.123.123. 14:33:12.408 [http-bio-8080-exec-2858] INFO o.a.g.r.auth.AuthenticationService - User "USER123" successfully authenticated from 123.123.123.123. picky user 14:59:19.947 [http-bio-8080-exec-3271] INFO o.a.g.r.auth.AuthenticationService - User "USER456" successfully authenticated from 222.222.222.222. 14:59:48.577 [http-bio-8080-exec-3272] INFO o.a.g.r.auth.AuthenticationService - User "USER456" successfully authenticated from [222.222.222.222, 0:0:0:0:0:0:0:1]. The only thing i can say is...maybe... the ORDER of the lines in the log file seem to sometimes be reversed? meaning sometimes the one with [ xxx . 0::] is first. but it's hard to tell. which ssl file do you mean? currently its setup under nginx/sites-enabled/default just this and some SSL certificate things... server { listen 443 ssl; server_name guacamole.localdomain.local MyServerr.myrealdomainname.com; root /usr/share/nginx/MyRoot; index index.html; location /MYSUBDIRECTORY/ { # I am running the Tomcat7 and Guacamole on the local server proxy_pass http://localhost:8080/guacamole/; proxy_redirect off; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_cookie_path /guacamole/ /MYSUBDIRECTORY/; access_log off; # break; } \danielm From: "Tushar Jain" <tushar.j...@hitachi.mgrmnet.com> To: <user@guacamole.apache.org> Date: 04/09/20 09:00 AM Subject: RE: randomely showing localhost IP in guacamole user history Please share the contents of nginx –guacamole-ssl file as well. Assuming there is nothing else configured on nginx like in default etc. Please also share the 2 lines you are seeing against the real IP for some users. Yes, as far as I can tell. I've gone through this so many times. I thought also i needed to set maybe the 0:0:... address into the proxies also but that didnt seem to have any affect either. The odd thing is it does work some of the time... == <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1" remoteIpHeader="X-Forwarded-For" remoteIpProxiesHeader="X-Forwarded-By" protocolHeader="X-Forwarded-Proto" /> === /danielm From: "Nick Couchman" <vn...@apache.org> To: user@guacamole.apache.org Date: 04/08/20 10:18 PM Subject: Re: randomely showing localhost IP in guacamole user history So if it works some of the time, the headers must be getting sent correctly? so the proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; must be working from nginx? Have you also set the RemoteIPValve correctly in Tomcat? http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip -Nick Disclaimer: This message and any attachment may contain confidential, proprietary information and is intended only for the individual named. If you are not the original intended recipient and have erroneously received this message, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Hitachi MGRM Net therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 6/5, Safdarjung Development Area, New Delhi - 110016, India 'Please consider the environment before printing this e-mail'. -- Ћiago ₢uz