PROXY_XXX (tomcat) setting caused service cannot startup at container restart

[WindoC]

Problem: When using those environments PROXY_XXX to change the tomcat setting. That won't have any issue when the container first startup. But it will cause the error after restarting that container. (ex: reboot the server or using docker restart)

Below show how to reproduce the problem:

1. Start a guacamole with environments PROXY_XXX.

   docker run -d --restart=always \
   --net=host \
   --name guacamole \
   =-v /data/docker-guacamole:/config \
   -e "EXTENSIONS=history-recording-storage" \
   -e "REMOTE_IP_VALVE_ENABLED=true" \
   -e "PROXY_ALLOWED_IPS_REGEX=127.0.0.1" \
   -e "PROXY_BY_HEADER=x-forwarded-by" \
   -e "PROXY_IP_HEADER=x-forwarded-for" \
   -e "PROXY_PROTOCOL_HEADER=x-forwarded-proto" \
   abesnier/guacamole

   The status is ok at the first start.

   antoniocheong@IS0105:~$ docker ps
   CONTAINER ID   IMAGE                COMMAND   CREATED         STATUS                   PORTS      NAMES
   174323bfef6a   abesnier/guacamole   "/init"   2 minutes ago   Up 2 minutes (healthy)   8080/tcp   guacamole

   Then restart the container

   antoniocheong@IS0105:~$ docker restart guacamole
   guacamole
   antoniocheong@IS0105:~$ docker ps
   CONTAINER ID   IMAGE                COMMAND   CREATED         STATUS                             PORTS      NAMES
   174323bfef6a   abesnier/guacamole   "/init"   5 minutes ago   Up 47 seconds (health: starting)   8080/tcp   guacamole

   the container cannot start correctly. Below error found from container log

   antoniocheong@IS0105:~$ docker logs -f --tail 100 guacamole
   2024-07-11 02:19:38.602 UTC [2805] FATAL:  role "root" does not exist
   /var/run/postgresql:5432 - accepting connections
   /usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
   warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                              ^
   /usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
   warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                              ^
   /usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
   warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                              ^
   /usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
   warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                              ^
   /usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
   warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                              ^
   Starting guacamole client...
   NOTE: Picked up JDK_JAVA_OPTIONS:  --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
   11-Jul-2024 02:19:38.987 SEVERE [main] org.apache.tomcat.util.digester.Digester.fatalError Parse fatal error at line [151] column [231]
       org.xml.sax.SAXParseException; systemId: file:/usr/local/tomcat/conf/server.xml; lineNumber: 151; columnNumber: 231; Attribute "internalProxies" was already specified for element "Valve".
               at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanAttribute(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
               at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
               at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:579)
               at org.apache.catalina.startup.Catalina.load(Catalina.java:671)
               at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
               at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
               at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
               at java.base/java.lang.reflect.Method.invoke(Unknown Source)
               at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
               at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
   11-Jul-2024 02:19:39.002 WARNING [main] org.apache.catalina.startup.Catalina.parseServerXml Unable to load server configuration from [/usr/local/tomcat/conf/server.xml]
       org.xml.sax.SAXParseException; systemId: file:/usr/local/tomcat/conf/server.xml; lineNumber: 151; columnNumber: 231; Attribute "internalProxies" was already specified for element "Valve".
               at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
               at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
               at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
               at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:579)
               at org.apache.catalina.startup.Catalina.load(Catalina.java:671)
               at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
               at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
               at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
               at java.base/java.lang.reflect.Method.invoke(Unknown Source)
               at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
               at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
   11-Jul-2024 02:19:39.007 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server, server instance is not configured

   The /usr/local/tomcat/conf/server.xml was not modified correctly after the 2nd start.

   antoniocheong@IS0105:~$ docker exec -it guacamole tail /usr/local/tomcat/conf/server.xml
            Documentation at: /docs/config/valve.html
            Note: The pattern used is equivalent to using pattern="common" -->
       <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1"/>
       <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"/>
       <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1"/>
       <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b"/>
     </Host>
   </Engine>
   </Service>
   </Server>

   the diff compare for the 1st and 2nd /usr/local/tomcat/conf/server.xml

   antoniocheong@IS0105:~$ diff server.xml.1st server.xml.2nd
   150c150,152
   <         <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" remoteIpProxiesHeader="x-forwarded-by"/>
   ---
   >         <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1"/>
   >         <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"/>
   >         <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1"/>

[abesnier]

PR approved and merged, thanks for your support!

Changes will be updated in the image at the next weekly build.