Is there a reason why the Spring-Security dose not provide any possibility to lookup for the RemoteAddress when the application is located behind a proxy e.g. load balancer, apache httpd server? At the moment the WebAuthenticationDetails object is saving the ip of the proxy. I saw that there are also solution for finding the remote address over the X-FORWARDED-FOR header attribute. I am curios is a reason why this is not provided?
If you use Tomcat, you could configure RemoteIpValve.
Tomcat port of mod_remoteip, this valve replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxy or a load balancer via a request headers (e.g. "X-Forwarded-For").
Related
i know there are lots of similar questions about but no one help me.
I have a linux server running nginx reverse proxy in docker, a duckdns domain created,opened my router port 80 and 443. I can't access from outside with my domain name or public ip, it seems like my router refuses external request. I tried with lots of configuration, follow lots of guides on web... I get crazy to solve this problem.
I think problem is before nginx, so i not post my nginx conf. If can help, I will post it.
Hope someone can help me. Thank you so much
There are several things that could be causing the issue with your router refusing external requests. Here are a few things to check:
Make sure that your router's firewall is configured to allow incoming connections on ports 80 and 443. Some routers have a built-in firewall that needs to be configured to allow traffic through specific ports.
Confirm that your router is properly forwarding incoming requests to the correct IP address and port on your network. This is typically done through a feature called port forwarding.
Check your router's security settings to ensure that it is not blocking incoming requests based on the source IP address or domain name. Some routers have the option to block incoming requests from specific IP addresses or domain names.
Confirm that your Linux server is properly configured to handle incoming requests. This includes checking that your Nginx reverse proxy is running and properly configured to forward requests to the correct IP address and port.
Verify that your DNS is pointing to the right IP address, you can use online tools like https://www.whatsmydns.net/ to check this.
Check if your router have any VPN or proxy service enabled, which could be affecting the incoming request.
Check if your ISP is blocking incoming connection to your public IP address.
It's also possible that there might be a problem with your router's firmware or hardware, in that case, you may need to contact the manufacturer for further assistance.
I need to know the difference between DNS name and IP address.
Context --> Client applications interact with ALB(application load balancers) which in turn interact with EC2 instance.
Now it is told that we get a fixed hostname with "ALB", so does this mean we get a fixed IP which is all our applications can connect to ALB only via one IP address ?
Regards,
Somen Swain
How to recreate: Install Ngnix proxy manager and any self-hosted web app [Nextcloud, Owncloud, Portainer] in my case Portaniner WebGUI and put Ngnix proxy manager in front of it by using Duck DNS as a dynamic DNS client and setting the record to the Tailscale IP of the machine then after doing all of this when I write the domain name in browser bar it keeps on loading forever with about: blank on the other hand if I write Tailscale IP a with the correct port it loads in a second
I think this was asked on https://github.com/tailscale/tailscale/issues/3428
It looks like Duck DNS rejects IP addresses in the CGNAT range 100.x.y.z because they are not publicly reachable. https://tailscale.com/kb/1081/magicdns/ can likely do what you're looking for, and can set up TLS certificates as well: https://tailscale.com/blog/tls-certs/.
I have solved the problem it was not of Duck DNS not working with CGNAT but I forgot to add Portainer to the Ngnix Proxy Manager network so it lead to Ngnix proxy manager not being able to connect to portainer every one who put the effort in solving the problem are appreciated
I'm looking for a way to change what the reverse DNS resolves to in Docker.
If I set my container's FQDN to foo.bar I expect a reverse DNS lookup for its IP to resolve to foo.bar, but it always resolves to <container_name>.<network_name>.
Is there a way I can change that?
Docker's DNS support is designed to support container discovery within a cluster. It's not an application traffic management solution, so features are limited.
For example it's possible to configure a DNS wildcard which resolves "*.foo.bar" urls to a server running a container savvy load balancer solution (A load balancer that knows where all the containers, associated with each application, are located and running).
That load balancer can then route traffic based on the incoming "Hostname" HTTP header:
"app1.foo.bar" -> "App1 Container1", "App1 Container2"
"app2.foo.bar" ->
"App2 Container1", "App2 Container2", "App2 Container3"
For a practical implementation take a look at how Kubernetes does load balancing (This is an advanced topic):
http://kubernetes.io/docs/user-guide/ingress/
We configured ELB with sticky sessions for the JSESSIONID cookie for two tomcats (tomcat1 and tomcat2)(Flow is - Apache Http Server - ELB - tomcats)
AJP protocol with port 8009 has been configured on tomcat side as from AWS ELB there is no AJP option, we have configured with tcp:8009
So the Apache httpd.conf entry is, (xxx.amazonaws.com is ELB name)
BalancerMember ajp://xxx.amazonaws.com:8009
Somehow the sticky session is not working, the http request is sent to both tomcat servers. Is it because of the protocol on ELB side (tcp:8009)? We are not sure what is missing here, Need help!!
Once you change it to TCP you lose sticky sessions. It is an ELB limitation. You might be able to get away with switching the protocol to HTTP but with a different port other than 80.
Unless I am mistaken, you might have to setup an HA Proxy or something else instead of the ELB. Something that can do both TCP with sticky.
It is well know that websockets+sticky doesn't work on amazon.
https://forums.aws.amazon.com/thread.jspa?messageID=627367