Thanks Pascal, I have confirmed what you proposed as a workaround: I
replaced the following:
server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b
with the following:
server.tomcat.accesslog.pattern=%{X-Forwarded-For}i %l %u %t "%r" %s %b
I.e., I replaced '%h' with '%{X-Forwarded-For}i'
There
Nice investigation.
Bug reproduced with plain spring-boot 2.2.2.RELEASE (*)
It looks like a bug in spring-boot... or at least a difference with
plain tomcat that could be documented...
Fortunately, easy workaround:
server.tomcat.accesslog.pattern=%{X-Forwarded-For}i ...
cu
(*) tested with
OK, I checked more closely -- the cas.log and cas_audit.log files are,
indeed responding to the RemoteIpValve setting (i.e., they are logging the
IP address of the client. The same is true for the gradle log file in
.gradle/daemon/5.6.3/daemon-.out.log. However, the tomcat
access_log..log
Thanks, Pascal, for the helpful link you provided a couple weeks ago for
confiuring RemoteIpValve for CAS when placing the CAS server behind a
reverse proxy (load balancer). Based on the information in the link, I
added lines to the cas.properties file, which are described in my Dec 19
post.
OK, in the cas.properties files I have placed the following (for our
reverse proxy hosted at IP = 111.222.33.44):
BEGIN
...
server.tomcat.accesslog.directory=/var/log/tomcat
server.tomcat.accesslog.pattern=%h %l %u %t "%r" %s %b
server.use-forward-headers=true
On 18/12/2019 19:48, crdaudt wrote:
Is it possible to configure the embedded tomcat container with a RemoteIpValve
setting?
It is possible:
https://docs.spring.io/spring-boot/docs/current/reference/html/howto.html#howto-use-tomcat-behind-a-proxy-server
--
- Website:
Our CAS instances are behind a load balancer. For cas 5.x.x, we placed our
version cas.war file in a tomcat container for which the tomcat server.xml
file was configured with a RemoteIpValve identifying the internal proxy IP
address of the load balancer. The RemoteIpValve configuration allows