Daniel, Try insert "0:0:0:0:0:0:0:1" into your "internalProxies" parameter at RemoteIpValve.
Thiago Cruz On Thu, Apr 9, 2020 at 4:15 PM <[email protected]> wrote: > Hi > Tushar > > from catalina.out , and its the 0:0:0:0:0:0:0:1 that seems to be an issue. > > good user > 14:32:54.531 [http-bio-8080-exec-2857] INFO > o.a.g.r.auth.AuthenticationService - User "USER123" successfully > authenticated from 123.123.123.123. > 14:33:12.408 [http-bio-8080-exec-2858] INFO > o.a.g.r.auth.AuthenticationService - User "USER123" successfully > authenticated from 123.123.123.123. > > picky user > 14:59:19.947 [http-bio-8080-exec-3271] INFO > o.a.g.r.auth.AuthenticationService - User "USER456" successfully > authenticated from 222.222.222.222. > 14:59:48.577 [http-bio-8080-exec-3272] INFO > o.a.g.r.auth.AuthenticationService - User "USER456" successfully > authenticated from [222.222.222.222, 0:0:0:0:0:0:0:1]. > > The only thing i can say is...maybe... the ORDER of the lines in the log > file seem to sometimes be reversed? meaning sometimes the one with [ xxx . > 0::] is first. but it's hard to tell. > > > which ssl file do you mean? > currently its setup under nginx/sites-enabled/default > > just this and some SSL certificate things... > > server { > listen 443 ssl; > > server_name guacamole.localdomain.local > MyServerr.myrealdomainname.com; > root /usr/share/nginx/MyRoot; > index index.html; > > > location /MYSUBDIRECTORY/ { > # I am running the Tomcat7 and Guacamole on the local server > proxy_pass http://localhost:8080/guacamole/; > proxy_redirect off; > proxy_buffering off; > proxy_http_version 1.1; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection "upgrade"; > proxy_cookie_path /guacamole/ /MYSUBDIRECTORY/; > access_log off; > # break; > } > > > \danielm > > > > From: "Tushar Jain" <[email protected]> > To: <[email protected]> > Date: 04/09/20 09:00 AM > Subject: RE: randomely showing localhost IP in guacamole user > history > ------------------------------ > > > > Please share the contents of nginx –guacamole-ssl file as well. Assuming > there is nothing else configured on nginx like in default etc. > > Please also share the 2 lines you are seeing against the real IP for some > users. > > > > Yes, as far as I can tell. I've gone through this so many times. > I thought also i needed to set maybe the 0:0:... address into the proxies > also but that didnt seem to have any affect either. > The odd thing is it does work some of the time... > == > <Valve className="org.apache.catalina.valves.RemoteIpValve" > internalProxies="127.0.0.1" > remoteIpHeader="X-Forwarded-For" > remoteIpProxiesHeader="X-Forwarded-By" > protocolHeader="X-Forwarded-Proto" /> > === > > > > /danielm > > > > From: "Nick Couchman" <*[email protected]* <[email protected]>> > To: *[email protected]* <[email protected]> > Date: 04/08/20 10:18 PM > Subject: Re: randomely showing localhost IP in guacamole user > history > ------------------------------ > > > > > > So if it works some of the time, the headers must be getting sent > correctly? > so the > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > must be working from nginx? > > > Have you also set the RemoteIPValve correctly in Tomcat? > > > *http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip* > <http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip> > > -Nick > > > *Disclaimer:** This message and any attachment may contain confidential, > proprietary information and is intended only for the individual named. If > you are not the original intended recipient and have erroneously received > this message, you should not disseminate, distribute or copy this e-mail. > Please notify the sender immediately by e-mail if you have received this > e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net > E-mail transmission cannot be guaranteed to be secure or error-free as > information could be intercepted, corrupted, lost, destroyed, arrive late > or incomplete, or contain viruses. Hitachi MGRM Net therefore does not > accept liability for any errors or omissions in the contents of this > message, which arise as a result of e-mail transmission. If verification is > required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - > 6/5, Safdarjung Development Area, New Delhi - 110016, India* > > *'Please consider the environment before printing this e-mail'.* > -- Ћiago ₢uz
