The file that you're checking ("/usr/local/tomcat/conf/server.xml") is
not the server.xml used by the image. It's the server.xml that serves as
the basis. A separate copy is made during startup, and it's that copy
that's modified according to the environment variables provided:
https://github.com/apache/guacamole-client/blob/bffc5fbdd5e2bb7a777f55c819a1d4d858829cb7/guacamole-docker/bin/start.sh#L1025-L1030
- Mike
On 8/13/2023 11:21 AM, Martin Vancl wrote:
My nginx proxy:
--------------------------------------
location / {
proxy_pass http://127.0.0.1:8090/guacamole/
<http://127.0.0.1:8090/guacamole/>;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forward-Proto http;
proxy_set_header X-Nginx-Proxy true;
proxy_buffering off;
}
--------------------------------------
and part of my docker-compose.yml:
--------------------------------------
image: guacamole/guacamole:1.5.3
ports:
- "127.0.0.1:8090:8080"
environment:
GUACD_HOSTNAME: guacd
POSTGRES_HOSTNAME: postgres
POSTGRES_DATABASE: ${POSTGRES_USER:-guacdb}
POSTGRES_USER: ${POSTGRES_USER:-guacdb}
POSTGRES_PASSWORD: secretPassword
GUACAMOLE_HOME: /guac_extensions
REMOTE_IP_VALVE_ENABLED: 'true'
volumes:
- /opt/guacamole/guac_extensions:/guac_extensions
depends_on:
- postgres
- guacd
--------------------------------------
But there is no "RemoteIpValve":
--------------------------------------
# docker exec -ti guacamole_guac_1 sh -c "cat
/usr/local/tomcat/conf/server.xml | grep Valve"
define subcomponents such as "Valves" at this level.
so you may not define subcomponents such as "Valves" at this level.
<Valve
className="org.apache.catalina.authenticator.SingleSignOn" />
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
--------------------------------------
pá 11. 8. 2023 v 21:53 odesílatel Nick Couchman <[email protected]
<mailto:[email protected]>> napsal:
On Fri, Aug 11, 2023 at 10:49 AM Martin Vancl <[email protected]
<mailto:[email protected]>> wrote:
>
> No. As I wrote:
> > I just updated to version 1.5.3 (from 1.4.0), and the problem
is still the same.
> So now I'm using 1.5.3 in docker.
>
> I wrote about version 1.3.0 in the first email three years ago.
Ah, okay - sorry to have missed that. I tried this out with the 1.5.3
container and adding the "-e REMOTE_IP_VALVE_ENABLED=true" option to
the container creation command results in the following line being
written to the server.xml file:
<Valve className="org.apache.catalina.valves.RemoteIpValve"/>
Can you confirm that you've created the container with that option and
you're definitely not seeing that line??
There are additional properties that can be used to control the
content of this line:
PROXY_ALLOWED_IPS_REGEX - The IP regex that should show up as valid
proxy addresses to Tomcat.
PROXY_IP_HEADER - The HTTP header to use for the remote ip.
PROXY_PROTOCOL_HEADER - The HTTP header to use for the protocol.
PROXY_BY_HEADER - The HTTP header to use for the IP of the proxy that
forwarded the request.
-Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
<mailto:[email protected]>
For additional commands, e-mail: [email protected]
<mailto:[email protected]>
--
S pozdravem
Ing. Martin Vancl
e-mail: [email protected] <mailto:[email protected]>
web: www.vancl-it.cz <http://www.vancl-it.cz>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
