You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by DM...@simard.ca on 2020/04/08 22:54:59 UTC
randomely showing localhost IP in guacamole user history
Hi,
I have been trying to figure this one out for a while.
and I have already made many changes to allow for the x forward field (as
it does seem to work some of the time for some people).
Anyone have any suggestions to get a consistent result for the logs.
an example of catalina.out from tomcat would show for example
18:14:28.577 [http-bio-8080-exec-2804] INFO
o.a.g.r.auth.AuthenticationService - User "user1" successfully
authenticated from [202.202.202.202, 0:0:0:0:0:0:0:1].
18:14:47.085 [http-bio-8080-exec-2900] INFO
o.a.g.r.auth.AuthenticationService - User "user1" successfully
authenticated from 202.202.202.202.
and in this case, maybe i'll see the real ip in the interface ..202....
or maybe i'll see 0:0:0.....
oddly enough for some users it will only show 2 lines of the real IP .
So if it works some of the time, the headers must be getting sent
correctly?
so the
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
must be working from nginx?
fyi, this would be nginex and tomcat on the same box.
/danielm
RE: randomely showing localhost IP in guacamole user history
Posted by Tushar Jain <tu...@hitachi.mgrmnet.com>.
Hi Daniel,
0:0:0:0:0:0:0:1 is the loopback address for IPv6 as compared to 127.0.0.1 in IPv4. You may be getting this for the users who are trying to access guacamole from the same system where it is installed, and that too using either ‘localhost” or the loopback address.
You should try what Thiago mentioned and let us know the results.
From: Thiago Cruz [mailto:thiagocruz@gmail.com]
Sent: 10 April 2020 12:51 AM
To: user@guacamole.apache.org
Subject: Re: randomely showing localhost IP in guacamole user history
Daniel,
Try insert "0:0:0:0:0:0:0:1" into your "internalProxies" parameter at RemoteIpValve.
Thiago Cruz
On Thu, Apr 9, 2020 at 4:15 PM <DMoscovitch@simard.ca <ma...@simard.ca> > wrote:
Hi
Tushar
from catalina.out , and its the 0:0:0:0:0:0:0:1 that seems to be an issue.
good user
14:32:54.531 [http-bio-8080-exec-2857] INFO o.a.g.r.auth.AuthenticationService - User "USER123" successfully authenticated from 123.123.123.123.
14:33:12.408 [http-bio-8080-exec-2858] INFO o.a.g.r.auth.AuthenticationService - User "USER123" successfully authenticated from 123.123.123.123.
picky user
14:59:19.947 [http-bio-8080-exec-3271] INFO o.a.g.r.auth.AuthenticationService - User "USER456" successfully authenticated from 222.222.222.222.
14:59:48.577 [http-bio-8080-exec-3272] INFO o.a.g.r.auth.AuthenticationService - User "USER456" successfully authenticated from [222.222.222.222, 0:0:0:0:0:0:0:1].
The only thing i can say is...maybe... the ORDER of the lines in the log file seem to sometimes be reversed? meaning sometimes the one with [ xxx . 0::] is first. but it's hard to tell.
which ssl file do you mean?
currently its setup under nginx/sites-enabled/default
just this and some SSL certificate things...
server {
listen 443 ssl;
server_name guacamole.localdomain.local MyServerr.myrealdomainname.com <http://MyServerr.myrealdomainname.com> ;
root /usr/share/nginx/MyRoot;
index index.html;
location /MYSUBDIRECTORY/ {
# I am running the Tomcat7 and Guacamole on the local server
proxy_pass <http://localhost:8080/guacamole/> http://localhost:8080/guacamole/;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cookie_path /guacamole/ /MYSUBDIRECTORY/;
access_log off;
# break;
}
\danielm
From: "Tushar Jain" <tushar.jain@hitachi.mgrmnet.com <ma...@hitachi.mgrmnet.com> >
To: <user@guacamole.apache.org <ma...@guacamole.apache.org> >
Date: 04/09/20 09:00 AM
Subject: RE: randomely showing localhost IP in guacamole user history
_____
Please share the contents of nginx –guacamole-ssl file as well. Assuming there is nothing else configured on nginx like in default etc.
Please also share the 2 lines you are seeing against the real IP for some users.
Yes, as far as I can tell. I've gone through this so many times.
I thought also i needed to set maybe the 0:0:... address into the proxies also but that didnt seem to have any affect either.
The odd thing is it does work some of the time...
==
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="X-Forwarded-For"
remoteIpProxiesHeader="X-Forwarded-By"
protocolHeader="X-Forwarded-Proto" />
===
/danielm
From: "Nick Couchman" < <ma...@apache.org> vnick@apache.org>
To: <ma...@guacamole.apache.org> user@guacamole.apache.org
Date: 04/08/20 10:18 PM
Subject: Re: randomely showing localhost IP in guacamole user history
_____
So if it works some of the time, the headers must be getting sent correctly?
so the
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
must be working from nginx?
Have you also set the RemoteIPValve correctly in Tomcat?
http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
-Nick
Disclaimer: This message and any attachment may contain confidential, proprietary information and is intended only for the individual named. If you are not the original intended recipient and have erroneously received this message, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Hitachi MGRM Net therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C - 6/5, Safdarjung Development Area, New Delhi - 110016, India
'Please consider the environment before printing this e-mail'.
--
Ћiago ₢uz
--
**Disclaimer:* This message and any attachment may contain confidential,
proprietary information and is intended only for the individual named. If
you are not the original intended recipient and have erroneously received
this message, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net
E-mail transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification is
required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
6/5, Safdarjung Development Area, New Delhi - 110016, India*
*
*
*'Please
consider the environment before printing this e-mail'.*
Re: randomely showing localhost IP in guacamole user history
Posted by Chris Misztur <cm...@mriiot.com>.
It's just strange that you're showing an IPv6 localhost IP.
*Chris *
On Tue, Apr 14, 2020 at 2:02 PM <DM...@simard.ca> wrote:
> I did try that at one point and it didnt seem to make a diff. but I could
> try again and will try a full reboot instead of just restarting all the
> associated services.
>
> everything is hosted on 1 server. and there is just a firewall in front of
> it, so unless thats doing something odd, its just strange that it works
> sometimes 1 way and sometimes different.
>
> thanks
>
> /dm
>
>
>
>
> From: "Thiago Cruz" <th...@gmail.com>
> To: user@guacamole.apache.org
> Date: 04/09/20 03:21 PM
> Subject: Re: randomely showing localhost IP in guacamole user
> history
> ------------------------------
>
>
>
> Daniel,
>
> Try insert "0:0:0:0:0:0:0:1" into your "internalProxies" parameter at
> RemoteIpValve.
>
> Thiago Cruz
>
>
> On Thu, Apr 9, 2020 at 4:15 PM <*DMoscovitch@simard.ca*
> <DM...@simard.ca>> wrote:
> Hi
> Tushar
>
> from catalina.out , and its the 0:0:0:0:0:0:0:1 that seems to be an issue.
>
> good user
> 14:32:54.531 [http-bio-8080-exec-2857] INFO
> o.a.g.r.auth.AuthenticationService - User "USER123" successfully
> authenticated from 123.123.123.123.
> 14:33:12.408 [http-bio-8080-exec-2858] INFO
> o.a.g.r.auth.AuthenticationService - User "USER123" successfully
> authenticated from 123.123.123.123.
>
> picky user
> 14:59:19.947 [http-bio-8080-exec-3271] INFO
> o.a.g.r.auth.AuthenticationService - User "USER456" successfully
> authenticated from 222.222.222.222.
> 14:59:48.577 [http-bio-8080-exec-3272] INFO
> o.a.g.r.auth.AuthenticationService - User "USER456" successfully
> authenticated from [222.222.222.222, 0:0:0:0:0:0:0:1].
>
> The only thing i can say is...maybe... the ORDER of the lines in the log
> file seem to sometimes be reversed? meaning sometimes the one with [ xxx .
> 0::] is first. but it's hard to tell.
>
>
> which ssl file do you mean?
> currently its setup under nginx/sites-enabled/default
>
> just this and some SSL certificate things...
>
> server {
> listen 443 ssl;
>
> server_name guacamole.localdomain.local
> *MyServerr.myrealdomainname.com* <http://myserverr.myrealdomainname.com/>;
> root /usr/share/nginx/MyRoot;
> index index.html;
>
>
> location /MYSUBDIRECTORY/ {
> # I am running the Tomcat7 and Guacamole on the local server
> proxy_pass *http://localhost:8080/guacamole/*
> <http://localhost:8080/guacamole/>;
> proxy_redirect off;
> proxy_buffering off;
> proxy_http_version 1.1;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "upgrade";
> proxy_cookie_path /guacamole/ /MYSUBDIRECTORY/;
> access_log off;
> # break;
> }
>
>
> \danielm
>
>
>
> From: "Tushar Jain" <*tushar.jain@hitachi.mgrmnet.com*
> <tu...@hitachi.mgrmnet.com>>
> To: <*user@guacamole.apache.org* <us...@guacamole.apache.org>>
> Date: 04/09/20 09:00 AM
> Subject: RE: randomely showing localhost IP in guacamole user
> history
> ------------------------------
>
>
>
> Please share the contents of nginx –guacamole-ssl file as well. Assuming
> there is nothing else configured on nginx like in default etc.
>
> Please also share the 2 lines you are seeing against the real IP for some
> users.
>
>
>
> Yes, as far as I can tell. I've gone through this so many times.
> I thought also i needed to set maybe the 0:0:... address into the proxies
> also but that didnt seem to have any affect either.
> The odd thing is it does work some of the time...
> ==
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="127.0.0.1"
> remoteIpHeader="X-Forwarded-For"
> remoteIpProxiesHeader="X-Forwarded-By"
> protocolHeader="X-Forwarded-Proto" />
> ===
>
>
>
> /danielm
>
>
>
> From: "Nick Couchman" <*vnick@apache.org* <vn...@apache.org>>
> To: *user@guacamole.apache.org* <us...@guacamole.apache.org>
> Date: 04/08/20 10:18 PM
> Subject: Re: randomely showing localhost IP in guacamole user
> history
> ------------------------------
>
>
>
>
>
>
> So if it works some of the time, the headers must be getting sent
> correctly?
> so the
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> must be working from nginx?
>
>
> Have you also set the RemoteIPValve correctly in Tomcat?
>
>
> *http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip*
> <http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip>
>
> -Nick
>
>
> * Disclaimer:** This message and any attachment may contain confidential,
> proprietary information and is intended only for the individual named. If
> you are not the original intended recipient and have erroneously received
> this message, you should not disseminate, distribute or copy this e-mail.
> Please notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net
> E-mail transmission cannot be guaranteed to be secure or error-free as
> information could be intercepted, corrupted, lost, destroyed, arrive late
> or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
> accept liability for any errors or omissions in the contents of this
> message, which arise as a result of e-mail transmission. If verification is
> required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
> 6/5, Safdarjung Development Area, New Delhi - 110016, India*
>
> * 'Please consider the environment before printing this e-mail'.*
>
>
>
> --
> Ћiago ₢uz
>
>
Re: randomely showing localhost IP in guacamole user history
Posted by Niubbo75 <a....@me.com.INVALID>.
Here's my Tomcat conf:
======================================================
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
======================================================
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log"
suffix=".txt"
pattern="%a Remote User[ %{X-Forwarded-For}i %l %u %t ] Request[ %r ]
Status Code[ %s ] Bytes[ %b ] Referer[ %{Referer}i ] Agent[ %{User-agent}i ]
" />
======================================================
and in catalina.out I get correct remote & local IP (local IP do not use
nginx but connect directly to tomcat on port 8080) and in
localhost_access_log-* I get full detailed logs.
Alessandro
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: randomely showing localhost IP in guacamole user history
Posted by DM...@simard.ca.
Thanks. seems to still be working for me still . here's hoping.
ALSO incase this helps, in my setup this was required to allow the correct
IP for the tomcat access logs . or else you end up with 127.0.0.1 as well
logging .
add requestAttributesEnabled="true" into the
org.apache.catalina.valves.AccessLogValve
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
requestAttributesEnabled="true"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
/danielm
From: "Niubbo75" <a....@me.com.INVALID>
To: user@guacamole.apache.org
Date: 04/15/20 12:46 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
I'm glad you solve your issue too.
Yes I do have also IPv6 in my /etc/hosts (I'm on CentOS 7), this is the
default in modern OSes.
Bests,
Alessandro
--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: randomely showing localhost IP in guacamole user history
Posted by Niubbo75 <a....@me.com.INVALID>.
I'm glad you solve your issue too.
Yes I do have also IPv6 in my /etc/hosts (I'm on CentOS 7), this is the
default in modern OSes.
Bests,
Alessandro
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: randomely showing localhost IP in guacamole user history
Posted by DM...@simard.ca.
Thanks Im trying that 1 change now "127.0.0.1" instead of"localhost" in
the nginx config,
proxy_pass http://127.0.0.1:8080/guacamole/;
come to think of it, this did seem like a resolution thing and I bet if
you check your
/etc/hosts
file you will see localhost also in the IP6 section, which is odd since I
dont use IP6 . but it must have been there on default install. So, its
probably internally resolving to the random ip it finds first. (UBUNTU).
==================================
127.0.0.1 localhost
127.0.1.1 myhostnameHERE
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
==================================
so far it looks to be working. last few tests only show ip4 .
/danielm
From: "Niubbo75" <a....@me.com.INVALID>
To: user@guacamole.apache.org
Date: 04/14/20 08:26 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
Try to change localhost with 127.0.0.1 in your nginx.conf, this solve the
same issue for me.
Alessandro
--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: randomely showing localhost IP in guacamole user history
Posted by Niubbo75 <a....@me.com.INVALID>.
Try to change localhost with 127.0.0.1 in your nginx.conf, this solve the
same issue for me.
Alessandro
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: randomely showing localhost IP in guacamole user history
Posted by DM...@simard.ca.
I did try that at one point and it didnt seem to make a diff. but I could
try again and will try a full reboot instead of just restarting all the
associated services.
everything is hosted on 1 server. and there is just a firewall in front of
it, so unless thats doing something odd, its just strange that it works
sometimes 1 way and sometimes different.
thanks
/dm
From: "Thiago Cruz" <th...@gmail.com>
To: user@guacamole.apache.org
Date: 04/09/20 03:21 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
Daniel,
Try insert "0:0:0:0:0:0:0:1" into your "internalProxies" parameter at
RemoteIpValve.
Thiago Cruz
On Thu, Apr 9, 2020 at 4:15 PM <DM...@simard.ca> wrote:
Hi
Tushar
from catalina.out , and its the 0:0:0:0:0:0:0:1 that seems to be an issue.
good user
14:32:54.531 [http-bio-8080-exec-2857] INFO
o.a.g.r.auth.AuthenticationService - User "USER123" successfully
authenticated from 123.123.123.123.
14:33:12.408 [http-bio-8080-exec-2858] INFO
o.a.g.r.auth.AuthenticationService - User "USER123" successfully
authenticated from 123.123.123.123.
picky user
14:59:19.947 [http-bio-8080-exec-3271] INFO
o.a.g.r.auth.AuthenticationService - User "USER456" successfully
authenticated from 222.222.222.222.
14:59:48.577 [http-bio-8080-exec-3272] INFO
o.a.g.r.auth.AuthenticationService - User "USER456" successfully
authenticated from [222.222.222.222, 0:0:0:0:0:0:0:1].
The only thing i can say is...maybe... the ORDER of the lines in the log
file seem to sometimes be reversed? meaning sometimes the one with [ xxx .
0::] is first. but it's hard to tell.
which ssl file do you mean?
currently its setup under nginx/sites-enabled/default
just this and some SSL certificate things...
server {
listen 443 ssl;
server_name guacamole.localdomain.local
MyServerr.myrealdomainname.com;
root /usr/share/nginx/MyRoot;
index index.html;
location /MYSUBDIRECTORY/ {
# I am running the Tomcat7 and Guacamole on the local server
proxy_pass http://localhost:8080/guacamole/;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cookie_path /guacamole/ /MYSUBDIRECTORY/;
access_log off;
# break;
}
\danielm
From: "Tushar Jain" <tu...@hitachi.mgrmnet.com>
To: <us...@guacamole.apache.org>
Date: 04/09/20 09:00 AM
Subject: RE: randomely showing localhost IP in guacamole user
history
Please share the contents of nginx –guacamole-ssl file as well. Assuming
there is nothing else configured on nginx like in default etc.
Please also share the 2 lines you are seeing against the real IP for some
users.
Yes, as far as I can tell. I've gone through this so many times.
I thought also i needed to set maybe the 0:0:... address into the proxies
also but that didnt seem to have any affect either.
The odd thing is it does work some of the time...
==
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="X-Forwarded-For"
remoteIpProxiesHeader="X-Forwarded-By"
protocolHeader="X-Forwarded-Proto" />
===
/danielm
From: "Nick Couchman" <vn...@apache.org>
To: user@guacamole.apache.org
Date: 04/08/20 10:18 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
So if it works some of the time, the headers must be getting sent
correctly?
so the
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
must be working from nginx?
Have you also set the RemoteIPValve correctly in Tomcat?
http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
-Nick
Disclaimer: This message and any attachment may contain confidential,
proprietary information and is intended only for the individual named. If
you are not the original intended recipient and have erroneously received
this message, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM
Net E-mail transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification
is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
6/5, Safdarjung Development Area, New Delhi - 110016, India
'Please consider the environment before printing this e-mail'.
--
Ћiago ₢uz
Re: randomely showing localhost IP in guacamole user history
Posted by Thiago Cruz <th...@gmail.com>.
Daniel,
Try insert "0:0:0:0:0:0:0:1" into your "internalProxies" parameter at
RemoteIpValve.
Thiago Cruz
On Thu, Apr 9, 2020 at 4:15 PM <DM...@simard.ca> wrote:
> Hi
> Tushar
>
> from catalina.out , and its the 0:0:0:0:0:0:0:1 that seems to be an issue.
>
> good user
> 14:32:54.531 [http-bio-8080-exec-2857] INFO
> o.a.g.r.auth.AuthenticationService - User "USER123" successfully
> authenticated from 123.123.123.123.
> 14:33:12.408 [http-bio-8080-exec-2858] INFO
> o.a.g.r.auth.AuthenticationService - User "USER123" successfully
> authenticated from 123.123.123.123.
>
> picky user
> 14:59:19.947 [http-bio-8080-exec-3271] INFO
> o.a.g.r.auth.AuthenticationService - User "USER456" successfully
> authenticated from 222.222.222.222.
> 14:59:48.577 [http-bio-8080-exec-3272] INFO
> o.a.g.r.auth.AuthenticationService - User "USER456" successfully
> authenticated from [222.222.222.222, 0:0:0:0:0:0:0:1].
>
> The only thing i can say is...maybe... the ORDER of the lines in the log
> file seem to sometimes be reversed? meaning sometimes the one with [ xxx .
> 0::] is first. but it's hard to tell.
>
>
> which ssl file do you mean?
> currently its setup under nginx/sites-enabled/default
>
> just this and some SSL certificate things...
>
> server {
> listen 443 ssl;
>
> server_name guacamole.localdomain.local
> MyServerr.myrealdomainname.com;
> root /usr/share/nginx/MyRoot;
> index index.html;
>
>
> location /MYSUBDIRECTORY/ {
> # I am running the Tomcat7 and Guacamole on the local server
> proxy_pass http://localhost:8080/guacamole/;
> proxy_redirect off;
> proxy_buffering off;
> proxy_http_version 1.1;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "upgrade";
> proxy_cookie_path /guacamole/ /MYSUBDIRECTORY/;
> access_log off;
> # break;
> }
>
>
> \danielm
>
>
>
> From: "Tushar Jain" <tu...@hitachi.mgrmnet.com>
> To: <us...@guacamole.apache.org>
> Date: 04/09/20 09:00 AM
> Subject: RE: randomely showing localhost IP in guacamole user
> history
> ------------------------------
>
>
>
> Please share the contents of nginx –guacamole-ssl file as well. Assuming
> there is nothing else configured on nginx like in default etc.
>
> Please also share the 2 lines you are seeing against the real IP for some
> users.
>
>
>
> Yes, as far as I can tell. I've gone through this so many times.
> I thought also i needed to set maybe the 0:0:... address into the proxies
> also but that didnt seem to have any affect either.
> The odd thing is it does work some of the time...
> ==
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="127.0.0.1"
> remoteIpHeader="X-Forwarded-For"
> remoteIpProxiesHeader="X-Forwarded-By"
> protocolHeader="X-Forwarded-Proto" />
> ===
>
>
>
> /danielm
>
>
>
> From: "Nick Couchman" <*vnick@apache.org* <vn...@apache.org>>
> To: *user@guacamole.apache.org* <us...@guacamole.apache.org>
> Date: 04/08/20 10:18 PM
> Subject: Re: randomely showing localhost IP in guacamole user
> history
> ------------------------------
>
>
>
>
>
> So if it works some of the time, the headers must be getting sent
> correctly?
> so the
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> must be working from nginx?
>
>
> Have you also set the RemoteIPValve correctly in Tomcat?
>
>
> *http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip*
> <http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip>
>
> -Nick
>
>
> *Disclaimer:** This message and any attachment may contain confidential,
> proprietary information and is intended only for the individual named. If
> you are not the original intended recipient and have erroneously received
> this message, you should not disseminate, distribute or copy this e-mail.
> Please notify the sender immediately by e-mail if you have received this
> e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net
> E-mail transmission cannot be guaranteed to be secure or error-free as
> information could be intercepted, corrupted, lost, destroyed, arrive late
> or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
> accept liability for any errors or omissions in the contents of this
> message, which arise as a result of e-mail transmission. If verification is
> required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
> 6/5, Safdarjung Development Area, New Delhi - 110016, India*
>
> *'Please consider the environment before printing this e-mail'.*
>
--
Ћiago ₢uz
RE: randomely showing localhost IP in guacamole user history
Posted by DM...@simard.ca.
Hi
Tushar
from catalina.out , and its the 0:0:0:0:0:0:0:1 that seems to be an issue.
good user
14:32:54.531 [http-bio-8080-exec-2857] INFO
o.a.g.r.auth.AuthenticationService - User "USER123" successfully
authenticated from 123.123.123.123.
14:33:12.408 [http-bio-8080-exec-2858] INFO
o.a.g.r.auth.AuthenticationService - User "USER123" successfully
authenticated from 123.123.123.123.
picky user
14:59:19.947 [http-bio-8080-exec-3271] INFO
o.a.g.r.auth.AuthenticationService - User "USER456" successfully
authenticated from 222.222.222.222.
14:59:48.577 [http-bio-8080-exec-3272] INFO
o.a.g.r.auth.AuthenticationService - User "USER456" successfully
authenticated from [222.222.222.222, 0:0:0:0:0:0:0:1].
The only thing i can say is...maybe... the ORDER of the lines in the log
file seem to sometimes be reversed? meaning sometimes the one with [ xxx .
0::] is first. but it's hard to tell.
which ssl file do you mean?
currently its setup under nginx/sites-enabled/default
just this and some SSL certificate things...
server {
listen 443 ssl;
server_name guacamole.localdomain.local
MyServerr.myrealdomainname.com;
root /usr/share/nginx/MyRoot;
index index.html;
location /MYSUBDIRECTORY/ {
# I am running the Tomcat7 and Guacamole on the local server
proxy_pass http://localhost:8080/guacamole/;
proxy_redirect off;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_cookie_path /guacamole/ /MYSUBDIRECTORY/;
access_log off;
# break;
}
\danielm
From: "Tushar Jain" <tu...@hitachi.mgrmnet.com>
To: <us...@guacamole.apache.org>
Date: 04/09/20 09:00 AM
Subject: RE: randomely showing localhost IP in guacamole user
history
Please share the contents of nginx –guacamole-ssl file as well. Assuming
there is nothing else configured on nginx like in default etc.
Please also share the 2 lines you are seeing against the real IP for some
users.
Yes, as far as I can tell. I've gone through this so many times.
I thought also i needed to set maybe the 0:0:... address into the proxies
also but that didnt seem to have any affect either.
The odd thing is it does work some of the time...
==
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="X-Forwarded-For"
remoteIpProxiesHeader="X-Forwarded-By"
protocolHeader="X-Forwarded-Proto" />
===
/danielm
From: "Nick Couchman" <vn...@apache.org>
To: user@guacamole.apache.org
Date: 04/08/20 10:18 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
So if it works some of the time, the headers must be getting sent
correctly?
so the
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
must be working from nginx?
Have you also set the RemoteIPValve correctly in Tomcat?
http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
-Nick
Disclaimer: This message and any attachment may contain confidential,
proprietary information and is intended only for the individual named. If
you are not the original intended recipient and have erroneously received
this message, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM
Net E-mail transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification
is required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
6/5, Safdarjung Development Area, New Delhi - 110016, India
'Please consider the environment before printing this e-mail'.
RE: randomely showing localhost IP in guacamole user history
Posted by Tushar Jain <tu...@hitachi.mgrmnet.com>.
Please share the contents of nginx -guacamole-ssl file as well. Assuming
there is nothing else configured on nginx like in default etc.
Please also share the 2 lines you are seeing against the real IP for some
users.
Yes, as far as I can tell. I've gone through this so many times.
I thought also i needed to set maybe the 0:0:... address into the proxies
also but that didnt seem to have any affect either.
The odd thing is it does work some of the time...
==
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="X-Forwarded-For"
remoteIpProxiesHeader="X-Forwarded-By"
protocolHeader="X-Forwarded-Proto" />
===
/danielm
From: "Nick Couchman" < <ma...@apache.org> vnick@apache.org>
To: <ma...@guacamole.apache.org> user@guacamole.apache.org
Date: 04/08/20 10:18 PM
Subject: Re: randomely showing localhost IP in guacamole user history
_____
So if it works some of the time, the headers must be getting sent correctly?
so the
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
must be working from nginx?
Have you also set the RemoteIPValve correctly in Tomcat?
http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
-Nick
--
**Disclaimer:* This message and any attachment may contain confidential,
proprietary information and is intended only for the individual named. If
you are not the original intended recipient and have erroneously received
this message, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net
E-mail transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification is
required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
6/5, Safdarjung Development Area, New Delhi - 110016, India*
*
*
*'Please
consider the environment before printing this e-mail'.*
Re: randomely showing localhost IP in guacamole user history
Posted by Thiago Cruz <th...@gmail.com>.
If you have a balancer I recommend adding into internalProxies
(internalProxies="127.0.0.1|<IP_BAL>"),
to get real client IP.
On Thu, Apr 9, 2020 at 3:51 PM Chris Misztur <cm...@mriiot.com> wrote:
>
> @DMoscovitch is your proxy listening on IPv6?
>
>
> On Thu, Apr 9, 2020 at 7:53 AM <DM...@simard.ca> wrote:
>
>> Yes, as far as I can tell. I've gone through this so many times.
>> I thought also i needed to set maybe the 0:0:... address into the proxies
>> also but that didnt seem to have any affect either.
>> The odd thing is it does work some of the time....
>>
>> ==
>> <Valve className="org.apache.catalina.valves.RemoteIpValve"
>> internalProxies="127.0.0.1"
>> remoteIpHeader="X-Forwarded-For"
>> remoteIpProxiesHeader="X-Forwarded-By"
>> protocolHeader="X-Forwarded-Proto" />
>> ===
>>
>>
>>
>> /danielm
>>
>>
>>
>> From: "Nick Couchman" <vn...@apache.org>
>> To: user@guacamole.apache.org
>> Date: 04/08/20 10:18 PM
>> Subject: Re: randomely showing localhost IP in guacamole user
>> history
>> ------------------------------
>>
>>
>>
>>
>> So if it works some of the time, the headers must be getting sent
>> correctly?
>> so the
>> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>> must be working from nginx?
>>
>>
>> Have you also set the RemoteIPValve correctly in Tomcat?
>>
>>
>> *http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip*
>> <http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip>
>>
>> -Nick
>>
>
--
Ћiago ₢uz
Re: randomely showing localhost IP in guacamole user history
Posted by DM...@simard.ca.
i'm not actually sure. We are not using IP6 .
. the server only has 1 ip.
/danielm
From: "Chris Misztur" <cm...@mriiot.com>
To: user@guacamole.apache.org
Date: 04/09/20 02:51 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
@DMoscovitch is your proxy listening on IPv6?
On Thu, Apr 9, 2020 at 7:53 AM <DM...@simard.ca> wrote:
Yes, as far as I can tell. I've gone through this so many times.
I thought also i needed to set maybe the 0:0:... address into the proxies
also but that didnt seem to have any affect either.
The odd thing is it does work some of the time....
==
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="X-Forwarded-For"
remoteIpProxiesHeader="X-Forwarded-By"
protocolHeader="X-Forwarded-Proto" />
===
/danielm
From: "Nick Couchman" <vn...@apache.org>
To: user@guacamole.apache.org
Date: 04/08/20 10:18 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
So if it works some of the time, the headers must be getting sent
correctly?
so the
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
must be working from nginx?
Have you also set the RemoteIPValve correctly in Tomcat?
http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
-Nick
Re: randomely showing localhost IP in guacamole user history
Posted by Chris Misztur <cm...@mriiot.com>.
@DMoscovitch is your proxy listening on IPv6?
On Thu, Apr 9, 2020 at 7:53 AM <DM...@simard.ca> wrote:
> Yes, as far as I can tell. I've gone through this so many times.
> I thought also i needed to set maybe the 0:0:... address into the proxies
> also but that didnt seem to have any affect either.
> The odd thing is it does work some of the time....
>
> ==
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="127.0.0.1"
> remoteIpHeader="X-Forwarded-For"
> remoteIpProxiesHeader="X-Forwarded-By"
> protocolHeader="X-Forwarded-Proto" />
> ===
>
>
>
> /danielm
>
>
>
> From: "Nick Couchman" <vn...@apache.org>
> To: user@guacamole.apache.org
> Date: 04/08/20 10:18 PM
> Subject: Re: randomely showing localhost IP in guacamole user
> history
> ------------------------------
>
>
>
>
> So if it works some of the time, the headers must be getting sent
> correctly?
> so the
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> must be working from nginx?
>
>
> Have you also set the RemoteIPValve correctly in Tomcat?
>
>
> *http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip*
> <http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip>
>
> -Nick
>
Re: randomely showing localhost IP in guacamole user history
Posted by DM...@simard.ca.
Yes, as far as I can tell. I've gone through this so many times.
I thought also i needed to set maybe the 0:0:... address into the proxies
also but that didnt seem to have any affect either.
The odd thing is it does work some of the time....
==
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="X-Forwarded-For"
remoteIpProxiesHeader="X-Forwarded-By"
protocolHeader="X-Forwarded-Proto" />
===
/danielm
From: "Nick Couchman" <vn...@apache.org>
To: user@guacamole.apache.org
Date: 04/08/20 10:18 PM
Subject: Re: randomely showing localhost IP in guacamole user
history
So if it works some of the time, the headers must be getting sent
correctly?
so the
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
must be working from nginx?
Have you also set the RemoteIPValve correctly in Tomcat?
http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
-Nick
Re: randomely showing localhost IP in guacamole user history
Posted by Niubbo75 <a....@me.com.INVALID>.
Hi Nick, I'm also intrested in this, I have try to set it but after tomcat
restart I get 502 on NGINX, so I think to do not have set Valve correctly in
tomcat 9, can you please clarify how to do that?
Here my nginx.conf, I have put all configuration in it just because I do not
have and I will not have any other websites to manage on this server:
https://pastebin.com/embed_js/3MmCKsw6
is it correct or not?
Where I have to put Valve config in tomcat 9?
Thanks,
Alessandro
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: randomely showing localhost IP in guacamole user history
Posted by Nick Couchman <vn...@apache.org>.
>
>
> So if it works some of the time, the headers must be getting sent
> correctly?
> so the
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> must be working from nginx?
>
>
Have you also set the RemoteIPValve correctly in Tomcat?
http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip
-Nick