I did try that at one point and it didnt seem to make a diff. but I could
try again and will try a full reboot instead of just restarting all the
associated services.
everything is hosted on 1 server. and there is just a firewall in front of
it, so unless thats doing something odd, its just strange that it works
sometimes 1 way and sometimes different.
thanks
/dm
From: "Thiago Cruz" <thiagoc...@gmail.com>
To: user@guacamole.apache.org
Date: 04/09/20 03:21 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
Daniel,
Try insert "0:0:0:0:0:0:0:1" into your "internalProxies" parameter at
RemoteIpValve.
Thiago Cruz
On Thu, Apr 9, 2020 at 4:15 PM <dmoscovi...@simard.ca> wrote:
Hi
Tushar
from catalina.out , and its the 0:0:0:0:0:0:0:1 that seems to be an issue.
good user
14:32:54.531 [http-bio-8080-exec-2857] INFO
o.a.g.r.auth.AuthenticationService - User "USER123" successfully
authenticated from 123.123.123.123.
14:33:12.408 [http-bio-8080-exec-2858] INFO
o.a.g.r.auth.AuthenticationService - User "USER123" successfully
authenticated from 123.123.123.123.
picky user
14:59:19.947 [http-bio-8080-exec-3271] INFO
o.a.g.r.auth.AuthenticationService - User "USER456" successfully
authenticated from 222.222.222.222.
14:59:48.577 [http-bio-8080-exec-3272] INFO
o.a.g.r.auth.AuthenticationService - User "USER456" successfully
authenticated from [222.222.222.222, 0:0:0:0:0:0:0:1].
The only thing i can say is...maybe... the ORDER of the lines in the log
file seem to sometimes be reversed? meaning sometimes the one with [ xxx .
0::] is first. but it's hard to tell.
which ssl file do you mean?
currently its setup under nginx/sites-enabled/default
just this and some SSL certificate things...
server {
listen 443 ssl;
server_name guacamole.localdomain.local
MyServerr.myrealdomainname.com;
root /usr/share/nginx/MyRoot;
index index.html;
location /MYSUBDIRECTORY/ {
# I am running the Tomcat7 and Guacamole on the local server
proxy_pass http://localhost:8080/guacamole/;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cookie_path /guacamole/ /MYSUBDIRECTORY/;
access_log off;
# break;
}
\danielm
From: "Tushar Jain" <tushar.j...@hitachi.mgrmnet.com>
To: <user@guacamole.apache.org>
Date: 04/09/20 09:00 AM
Subject: RE: randomely showing localhost IP in guacamole user
history
Please share the contents of nginx –guacamole-ssl file as well. Assuming
there is nothing else configured on nginx like in default etc.
Please also share the 2 lines you are seeing against the real IP for some
users.
Yes, as far as I can tell. I've gone through this so many times.
I thought also i needed to set maybe the 0:0:... address into the proxies
also but that didnt seem to have any affect either.
The odd thing is it does work some of the time...
==
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="X-Forwarded-For"
remoteIpProxiesHeader="X-Forwarded-By"
protocolHeader="X-Forwarded-Proto" />
===
/danielm
From: "Nick Couchman" <vn...@apache.org>
To: user@guacamole.apache.org
Date: 04/08/20 10:18 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
So if it works some of the time, the headers must be getting sent
correctly?
so the
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
must be working from nginx?
Have you also set the RemoteIPValve correctly in Tomcat?
http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
-Nick
Disclaimer: This message and any attachment may contain confidential,
proprietary information and is intended only for the individual named. If
you are not the original intended recipient and have erroneously received
this message, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM
Net E-mail transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification
is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
6/5, Safdarjung Development Area, New Delhi - 110016, India
'Please consider the environment before printing this e-mail'.
--
Ћiago ₢uz
