benrubson commented on a change in pull request #469: GUACAMOLE-890: Security: Allow image to run as non-root user URL: https://github.com/apache/guacamole-client/pull/469#discussion_r373169858
########## File path: Dockerfile ########## @@ -56,6 +56,13 @@ WORKDIR /opt/guacamole # Copy artifacts from builder image into this image COPY --from=builder /opt/guacamole/ . +# Turn on the Remote IP Valve +RUN sed -i 's+^\(\( *\)</Host>\)+\2 <Valve className="org.apache.catalina.valves.RemoteIpValve" />\n\n\1+' /usr/local/tomcat/conf/server.xml Review comment: > What is the impact of configuring the Remote IP Valve with default options? I have only ever seen it with proxy filtering enabled. If you use (as you should) your Docker instance behind a (Apache) reverse proxy : - without the Remote IP Valve, you'll get the Docker interface IP in the Guacamole logs ; - with the Remote IP Valve, you'll get the correct client (public) IP in the Guacamole logs. If you use your Docker instance directly (strange as you won't provide SSL etc...) : - with or without the Remote IP Valve, you'll get the correct client (public) IP in the Guacamole logs. The only drawback is that a client with a **local** IP should be able to replace its IP by a fake one in Guacamole logs adding some headers (normally sent by the proxy) to his requests (`X-Forwarded-For`). ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
