Badatos
commented
1 week ago Hi!
I think you need to modify the function void manager_check(void) in wims.c, but I don't know how ^^.
Open jpahullo opened 1 week ago
Badatos
commented
1 week ago Hi!
I think you need to modify the function void manager_check(void) in wims.c, but I don't know how ^^.
jpahullo
commented
1 week ago Oh!
Thanks @Badatos!
This gave me a clue where to start to search for.
I arrived to the line on wimsd.c:270:
setenv("REMOTE_ADDR",inet_ntoa(saddr.sin_addr),1);And that environment variable is then used to populate the variable remote_addr used on lines.c:1215::checkhost():
snprintf(hbuf1,sizeof(hbuf1),"+%s+",remote_addr);then, this lines.c file also uses remote_host variable. I will check for it.
By now, no idea how to deal with manager IPs under a proxy.
Thanks!
Jordi
jpahullo
commented
1 week ago Ok, remote_addr and remote_host refer to the same host: one for its IP and the second one for its DNS name, just in case the administrator put the name instead of an IP.
jpahullo
commented
1 week ago Found the solution @amato-gianluca and @Badatos !
This docker image contains the remoteip module enabled by default.
So it is necessary to add a specific configuration for this module to work, like this, in the site configuration file:
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy first.ip.pro.xy
RemoteIPInternalProxy second.ip.pro.xyI tried on the first time RemoteIPTrustedProxy, but, according to Apache official documentation, the Trusted ones escapes internal IPs, whilst Internal ones considers any IP (including internal IPs).
In our case, we use internal IP ranges when navigating inside the institution network. So that was the reason we couldn't see the administration button.
I will leave this issue open. I will try to contribute some skeleton with this knowledge, so that people can extend it easily.
Thanks,
Jordi
Hi @amato-gianluca ,
We have WIMS in production with 2 web servers. 2 containers based on the production-ready image we have here.
I am fine tunning it.
If I access to any server directly, it detects my IP and I can enter to the administrator site. However, if I access to the WIMS service through the load balanced URL, apache registers the IP of the load balancer, but also the X-Forwared-For IP with my IP.
Do you know how to deal with a load balancer node in front of 2 web servers architecture, so that WIMS detects my X-Forwarded-For IP if present?
I looked into the README about the proxied service for this subject, I had done some trial (mainly adding the request header for https), but with no success.
I looked in src/ directory for "admin" or "IP" but with no success to detect where it is processed, so that I can understand how to deal with it.
Is there some configuration settings from Apache or whatever, that I should consider to make it work? And for "make it work" I mean "let me see the button for administration when I visit the public website with my specific IP".
My IP is specified in a range, and it works well when I connect myself directly to one or another node. So the problem is not on this part.
Thanks,
Jordi