Remote IP behind haproxy mode tcp

classic Classic list List threaded Threaded
4 messages Options
wla
Reply | Threaded
Open this post in threaded view
|

Remote IP behind haproxy mode tcp

wla

Sorry, first postet it to dev, but “user” should be the right adress.

 

Von: Walter Laub
Gesendet: Montag, 25. Mai 2020 12:56
An: [hidden email]
Betreff: Remote IP behind haproxy mode tcp

 

Hi,

 

guacamole behind haproxy with “mode tcp”.

HTTPS is terminated on tomcat, so haproxy use “mode tcp”.

 

It works.

But, how to pass the “remote IP” (Client IP) to guacamole? It see the IP of haproxy …

 

Thanks,

Walter

Reply | Threaded
Open this post in threaded view
|

Re: Remote IP behind haproxy mode tcp

Sven Specker

> Hi,
>
> guacamole behind haproxy with "mode tcp".
> HTTPS is terminated on tomcat, so haproxy use "mode tcp".
>
> It works.
> But, how to pass the "remote IP" (Client IP) to guacamole? It see the IP of haproxy ...
>

Never did it this way, but you can send a PROXY Protocol string or
binary block to the guacamole app-server by adding a

send-proxy/send-proxy-v2

directive to the server line. No other way, iirc, since we are dealing
with TCP.

How to teach tomcat to honor that just like the header-based things, no
idea. Never saw anything about the proxy protocol in the tomcat docs,
then again, I never looked too hard. I am sure you can somehow shoehorn
that in.

If you just want the traffic between the proxy and the app-server to be
encrypted, I'd just terminate it at the proxy and reencrypt it again.
That way you can fiddle with the usual headers before sending the
request onward. Not very efficient tho. Adding  the ssl directive to the
server line will do that trick.

Best regards,

Sven Specker
--
__________________________________________________________________
*** Sven Specker -- University of Frankfurt Computing Center   ***
*********** UNIX System Administration (Auth/IDM) ****************
***** [hidden email] [Phone (+49)-69-798-15188] *****
******************************************************************
__________________________________________________________________
                Johann Wolfgang Goethe Universitaet
    - Hochschulrechenzentrum -
          Theodor W. Adorno-Platz 1 (PA-1P16)

    D-60323 Frankfurt/Main
__________________________________________________________________
______________ TeX-users do it in {groups}________________________


smime.p7s (7K) Download Attachment
wla
Reply | Threaded
Open this post in threaded view
|

AW: Remote IP behind haproxy mode tcp

wla
Hi,

> send-proxy/send-proxy-v2

So, I think with this setup it's not possible to monitor the remote ip.
Since the Tomcat does not support the PROXY protocol, it cannot handle it.

Thanks,
Walter

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Remote IP behind haproxy mode tcp

Christian Kraus-2
In reply to this post by wla
RE: Remote IP behind haproxy mode tcp

maybe thats what you're seaching for ?


https://guacamole.apache.org/doc/gug/proxying-guacamole.html#tomcat-remote-ip


rg


Christian














 



-----Ursprüngliche Nachricht-----
Von: Walter Laub <[hidden email]>
Gesendet: Montag 25 Mai 2020 13:18
An: [hidden email]
Betreff: Remote IP behind haproxy mode tcp

Sorry, first postet it to dev, but “user” should be the right adress.

 

Von: Walter Laub
Gesendet: Montag, 25. Mai 2020 12:56
An: [hidden email]
Betreff: Remote IP behind haproxy mode tcp

 

Hi,

 

guacamole behind haproxy with “mode tcp”.

HTTPS is terminated on tomcat, so haproxy use “mode tcp”.

 

It works.

But, how to pass the “remote IP” (Client IP) to guacamole? It see the IP of haproxy …

 

Thanks,

Walter