Hello,
Previously I had been using Apache and AJP which is why I didn't have this
problem before. Now I have switched over to nginx and it simply forwards
the HTTP request, so the problem is as described below.
James' solution worked for me. More exactly:
in nginx I added:
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
In Tomcat, I added:
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1" />
(inside the host tags)
Thanks for the swift help,
Ant
On 19 October 2015 at 03:48, James Roper <[email protected]> wrote:
> Reverse proxies typically pass the clients IP address by adding additional
> headers to the request. There is a new standard (RFC7239) called the
> Forwarded header, but not many proxies or servers have support for this,
> most use the old defacto standard of X-Forwarded-For.
>
> So, you need to configure nginx to add an X-Forwarded-For header, and you
> also need to configure the pebble server to read the X-Forwarded-For
> header. To configure nginx:
>
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> Now pebble doesn't out of the box support using the X-Forwarded-For
> header, but the server you run it on may. If you run it on tomcat for
> example, you can use the remote IP valve in your tomcat server
> configuration:
>
>
> https://tomcat.apache.org/tomcat-7.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html
>
>
>
> On 18 October 2015 at 00:03, Olaf Kock <[email protected]> wrote:
>
>> Hi Ant,
>>
>> I'm not sure about nginx, but this frequently happens with Apache as
>> well. I can tell you how to fix it there, you'll have to do the
>> "translation" to nginx yourself...
>>
>> When you forward from Apache to (e.g.) tomcat through HTTP, you're
>> creating a new HTTP request on Apache, legitimately this comes from
>> 127.0.0.1. Typically this also looses the original Hostname (as it only
>> carries whatever Apache needs to access your tomcat instance). Also tomcat
>> believes it's serving content on port 8080 and generates URLs according to
>> this.
>>
>> One way to fix it is to forward not through HTTP but through AJP - on
>> Apache mod_jk is an option.
>>
>> There are numerous options that carry the original request's properties
>> forward to tomcat, signalling to tomcat that it's behind a proxy.
>> "ProxyPreserveHost On" is one of them, so that Tomcat gets an idea of the
>> original Hostname. There's certainly one that forwards the original host's
>> IP, I'm suspecting something similar to "x-forwarded-for", a typical proxy
>> header.
>>
>> Sorry, not a full solution, but maybe enough food for thought to get you
>> onto the right track. Please report back with the solution if this has
>> helped finding it. Or report back if it hasn't - maybe someone else has the
>> setup ready to go and can share as well.
>>
>> Cheers,
>> Olaf
>>
>>
>> Am 15.10.2015 um 22:12 schrieb Ant Kutschera:
>>
>> Hi,
>>
>> I have come across an interesting problem when pebble is deployed behind
>> a reverse proxy (e.g. nginx).
>>
>> If I log in to my blog and post a comment, then 127.0.0.1 is added to the
>> whitelist, because pebble sees the request coming from localhost (the
>> reverse proxy) rather than from the internet. That then opens up my blog
>> for anyone in the world to create a comment, because when they do, it too
>> is viewed as coming from localhost, which is now on the whitelist :-)
>>
>> Either I have nginx setup wrong, and it should be passing pebble the
>> outside IP address (help please?) or this is a bug/feature-request in
>> pebble.
>>
>> Has anyone else had this problem? I using Pebble 2.4.
>>
>> Thanks,
>> Ant
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>>
>>
>> _______________________________________________
>> Pebble-user mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/pebble-user
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>> _______________________________________________
>> Pebble-user mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/pebble-user
>>
>>
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Pebble-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/pebble-user
>
>
--
_______________________
Dr Ant Kutschera
------------------------------------------------------------------------------
_______________________________________________
Pebble-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/pebble-user
