Hi, I'm in a similar situation. I have an external application that the backend communicates with Guacamole in order to get the list of reachable remote machines and redirect the user to the URL of the selected one (yes, with the token on the URL :-( , the problem is the same one, the address that log shows is the application address instead of the user address because although the user browser opens the remote session, the auth is done by my application backend, I tried to add the X_Forwarder_For header on the request but it doesn't work.
I'm not a tomcat expert, but I think that should be any setting to force the use of X_Forwarded_for provided address, any idea? Thanks Regards *Manel Molina* *[email protected] <[email protected]>* *Dirección de Ciberseguridad* Ciutat de L’Aigua (D38) Paseo de la Zona Franca, 48 08038 Barcelona / España www.veolia.com <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect2.fireeye.com%2Fv1%2Furl%3Fk%3D31323334-501d5122-31356fd6-454445555731-a8425f343e5c4fad%26q%3D1%26e%3D30530535-2971-48a4-8441-12c02ea4dc09%26u%3Dhttps%253A%252F%252Feur01.safelinks.protection.outlook.com%252F%253Furl%253Dhttp%25253A%25252F%25252Fwww.veolia.com%25252F%2526data%253D05%25257C01%25257Csergi.carmona%252540agbar.es%25257C4c93dad3808642dd7ec308da3ccb99ab%25257Cf4a12867922d4b9dbb859ee7898512a0%25257C0%25257C0%25257C637889142388029142%25257CUnknown%25257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%25253D%25257C3000%25257C%25257C%25257C%2526sdata%253DJJM7r2MgHUaiuJD%25252Bk2xlr3opNEFsJkp%25252Byh2MJq0XRS0%25253D%2526reserved%253D0&data=05%7C01%7Coriol.val%40agbar.es%7C8a3587bd93134628cf9908da4d2baf8e%7Cf4a12867922d4b9dbb859ee7898512a0%7C0%7C0%7C637907147446774859%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=5Vjff2WWXgkB77AldZ5g116HPKmbRv1h5PRjQjH9k0o%3D&reserved=0> El vie, 11 ago 2023 a las 10:08, Martin Vancl (<[email protected]>) escribió: > Hello, > I just updated to version 1.5.3 (from 1.4.0), and the problem is still the > same. > > I see the internal Docker IP in the session log :-( > > How can I fix this? > > The JIRA ticket is closed: > https://issues.apache.org/jira/browse/GUACAMOLE-1005 > I don't think it's resolved. > > > čt 18. 3. 2021 v 8:37 odesílatel fed <[email protected]> napsal: > >> Hi, >> >> I had the same problem and In some way I managed to make this work >> mapping the server.xml file to a local server.xml file after copying the >> one that is the default in the docker image to the host. >> >> So on volumes of guac I have: >> - ${PWD}/tomcat_conf/server.xml:/usr/local/tomcat/conf/server.xml >> >> And this new server.xml is the original one with this section added: >> >> <Valve className="org.apache.catalina.valves.RemoteIpValve" >> internalProxies="172.31.0.1" >> remoteIpHeader="x-forwarded-for" >> remoteIpProxiesHeader="x-forwarded-by" >> protocolHeader="x-forwarded-proto" /> >> >> It's not a good solution because as you see it depends on the host ip and >> this is written in the file and the subnet can change. So to try to avoid >> this I created a docker subnet just for guacamole. >> >> Bye >> >> On Wed, 17 Mar 2021 at 19:05, Nick Couchman <[email protected]> wrote: >> >>> On Mon, Mar 15, 2021 at 4:56 AM Martin Vancl <[email protected]> >>> wrote: >>> >>>> Hi, >>>> I'm using Guacamole 1.3.0 with docker and nginx ssl proxy. >>>> At page https://rdp.example.net/#/settings/postgresql/history all >>>> users have the same remote host address "172.18.0.1". It is probably >>>> from the docker network. >>>> Is possible to have real user IP address at history page? >>>> >>>> >>> You'll need to modify the Tomcat server.xml file within the guacamole >>> Docker container and set up the RemoteIp Valve: >>> >>> >>> http://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip >>> >>> -Nick >>> >> > > -- > S pozdravem > Ing. Martin Vancl > > e-mail: [email protected] > web: www.vancl-it.cz >
