Hi Daniel,
0:0:0:0:0:0:0:1 is the loopback address for IPv6 as compared to 127.0.0.1 in IPv4. You may be getting this for the users who are trying to access guacamole from the same system where it is installed, and that too using either ‘localhost” or the loopback address. You should try what Thiago mentioned and let us know the results. From: Thiago Cruz [mailto:[email protected]] Sent: 10 April 2020 12:51 AM To: [email protected] Subject: Re: randomely showing localhost IP in guacamole user history Daniel, Try insert "0:0:0:0:0:0:0:1" into your "internalProxies" parameter at RemoteIpValve. Thiago Cruz On Thu, Apr 9, 2020 at 4:15 PM <[email protected] <mailto:[email protected]> > wrote: Hi Tushar from catalina.out , and its the 0:0:0:0:0:0:0:1 that seems to be an issue. good user 14:32:54.531 [http-bio-8080-exec-2857] INFO o.a.g.r.auth.AuthenticationService - User "USER123" successfully authenticated from 123.123.123.123. 14:33:12.408 [http-bio-8080-exec-2858] INFO o.a.g.r.auth.AuthenticationService - User "USER123" successfully authenticated from 123.123.123.123. picky user 14:59:19.947 [http-bio-8080-exec-3271] INFO o.a.g.r.auth.AuthenticationService - User "USER456" successfully authenticated from 222.222.222.222. 14:59:48.577 [http-bio-8080-exec-3272] INFO o.a.g.r.auth.AuthenticationService - User "USER456" successfully authenticated from [222.222.222.222, 0:0:0:0:0:0:0:1]. The only thing i can say is...maybe... the ORDER of the lines in the log file seem to sometimes be reversed? meaning sometimes the one with [ xxx . 0::] is first. but it's hard to tell. which ssl file do you mean? currently its setup under nginx/sites-enabled/default just this and some SSL certificate things... server { listen 443 ssl; server_name guacamole.localdomain.local MyServerr.myrealdomainname.com <http://MyServerr.myrealdomainname.com> ; root /usr/share/nginx/MyRoot; index index.html; location /MYSUBDIRECTORY/ { # I am running the Tomcat7 and Guacamole on the local server proxy_pass <http://localhost:8080/guacamole/> http://localhost:8080/guacamole/; proxy_redirect off; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_cookie_path /guacamole/ /MYSUBDIRECTORY/; access_log off; # break; } \danielm From: "Tushar Jain" <[email protected] <mailto:[email protected]> > To: <[email protected] <mailto:[email protected]> > Date: 04/09/20 09:00 AM Subject: RE: randomely showing localhost IP in guacamole user history _____ Please share the contents of nginx –guacamole-ssl file as well. Assuming there is nothing else configured on nginx like in default etc. Please also share the 2 lines you are seeing against the real IP for some users. Yes, as far as I can tell. I've gone through this so many times. I thought also i needed to set maybe the 0:0:... address into the proxies also but that didnt seem to have any affect either. The odd thing is it does work some of the time... == <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1" remoteIpHeader="X-Forwarded-For" remoteIpProxiesHeader="X-Forwarded-By" protocolHeader="X-Forwarded-Proto" /> === /danielm From: "Nick Couchman" < <mailto:[email protected]> [email protected]> To: <mailto:[email protected]> [email protected] Date: 04/08/20 10:18 PM Subject: Re: randomely showing localhost IP in guacamole user history _____ So if it works some of the time, the headers must be getting sent correctly? so the proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; must be working from nginx? Have you also set the RemoteIPValve correctly in Tomcat? http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip -Nick Disclaimer: This message and any attachment may contain confidential, proprietary information and is intended only for the individual named. If you are not the original intended recipient and have erroneously received this message, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Hitachi MGRM Net therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 6/5, Safdarjung Development Area, New Delhi - 110016, India 'Please consider the environment before printing this e-mail'. -- Ћiago ₢uz -- **Disclaimer:* This message and any attachment may contain confidential, proprietary information and is intended only for the individual named. If you are not the original intended recipient and have erroneously received this message, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Hitachi MGRM Net therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 6/5, Safdarjung Development Area, New Delhi - 110016, India* * * *'Please consider the environment before printing this e-mail'.*
