safebox/guacamole-client
4
0
Fork 0
mirror of https://github.com/gyurix1968/guacamole-client.git synced 2025-09-06 05:07:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

GUACAMOLE-1005: Docker, configure RemoteIPValve with xmlstarlet

Browse Source
This commit is contained in:
Giacomo Longo
2021-03-06 23:12:12 +01:00
parent d91bfc9c9c
commit e25be1960d
2 changed files with 44 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@@ -50,6 +50,9 @@ RUN /opt/guacamole/bin/build-guacamole.sh "$BUILD_DIR" /opt/guacamole "$BUILD_PR
# For the runtime image, we start with the official Tomcat distribution # For the runtime image, we start with the official Tomcat distribution
FROM tomcat:${TOMCAT_VERSION}-${TOMCAT_JRE} FROM tomcat:${TOMCAT_VERSION}-${TOMCAT_JRE}
# Install XMLStarlet for server.conf alterations
RUN apt-get update -qq && apt-get install -y xmlstarlet
# This is where the build artifacts go in the runtime image # This is where the build artifacts go in the runtime image
WORKDIR /opt/guacamole WORKDIR /opt/guacamole
@@ -68,4 +71,3 @@ USER guacamole
# Start Guacamole under Tomcat, listening on 0.0.0.0:8080 # Start Guacamole under Tomcat, listening on 0.0.0.0:8080
EXPOSE 8080 EXPOSE 8080
CMD ["/opt/guacamole/bin/start.sh" ] CMD ["/opt/guacamole/bin/start.sh" ]

64
guacamole-docker/bin/start.sh
View File

@@ -714,35 +714,51 @@ associate_json() {
## Upstream documentation: https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/RemoteIpValve.html ## Upstream documentation: https://tomcat.apache.org/tomcat-8.5-doc/api/org/apache/catalina/valves/RemoteIpValve.html
## ##
enable_remote_ip_valve() { enable_remote_ip_valve() {
# Use Tomcat defaults if optional variables have not been provided # Add <Valve> element
xmlstarlet edit --inplace \
--insert '/Server/Service/Engine/Host/*' --type elem -n Valve \
--insert '/Server/Service/Engine/Host/Valve[not(@className)]' --type attr -n className -v org.apache.catalina.valves.RemoteIpValve \
$CATALINA_BASE/conf/server.xml
# Allowed IPs
if [ -z "$GUACAMOLE_PROXY_ALLOWED_IPS_REGEX" ]; then if [ -z "$GUACAMOLE_PROXY_ALLOWED_IPS_REGEX" ]; then
echo "Using default Tomcat allowed IPs regex" echo "Using default Tomcat allowed IPs regex"
fi else
if [ -z "$GUACAMOLE_PROXY_IP_HEADER" ]; then xmlstarlet edit --inplace \
echo "Using default Tomcat proxy IP header" --insert '/Server/Service/Engine/Host/Valve[@className="org.apache.catalina.valves.RemoteIpValve"]' \
fi --type attr -n internalProxies -v "$GUACAMOLE_PROXY_ALLOWED_IPS_REGEX" \
if [ -z "$GUACAMOLE_PROXY_PROTOCOL_HEADER" ]; then $CATALINA_BASE/conf/server.xml
echo "Using default Tomcat proxy protocol header"
fi
if [ -z "$GUACAMOLE_PROXY_BY_HEADER" ]; then
echo "Using default Tomcat proxy forwarded by header"
fi fi
# Build the new Tomcat configuration inplace # X-Forwarded-For
## Explaination: if [ -z "$GUACAMOLE_PROXY_IP_HEADER" ]; then
## The initial regex ((\s)+)</Host> echo "Using default Tomcat proxy IP header"
## Matches the spaces before </Host> as \1 and individual spaces as \2, ... else
## The replacement will be located at \1\2\2 (original + 2 spaces) xmlstarlet edit --inplace \
## ${VAR:+expr} expressions yield either empty (thus using Tomcat's default) or our setting --insert "/Server/Service/Engine/Host/Valve[@className='org.apache.catalina.valves.RemoteIpValve']" \
## The last line restores the configuration file original tag at its original indentation --type attr -n remoteIpHeader -v "$GUACAMOLE_PROXY_IP_HEADER" \
sed -i "s|^\(\(\s\)\+\)</Host>|\1\2\2<Valve \
className=\"org.apache.catalina.valves.RemoteIpValve\" \
${GUACAMOLE_PROXY_ALLOWED_IPS_REGEX:+internalProxies=\"$GUACAMOLE_PROXY_ALLOWED_IPS_REGEX\"} \
${GUACAMOLE_PROXY_IP_HEADER:+remoteIpHeader=\"$GUACAMOLE_PROXY_IP_HEADER\"} \
${GUACAMOLE_PROXY_BY_HEADER:+remoteIpProxiesHeader=\"$GUACAMOLE_PROXY_BY_HEADER\"} \
${GUACAMOLE_PROXY_PROTOCOL_HEADER:+protocolHeader=\"$GUACAMOLE_PROXY_PROTOCOL_HEADER\"} \
/>\n\1</Host>|" \
$CATALINA_BASE/conf/server.xml $CATALINA_BASE/conf/server.xml
fi
# X-Forwarded-Proto
if [ -z "$GUACAMOLE_PROXY_PROTOCOL_HEADER" ]; then
echo "Using default Tomcat proxy protocol header"
else
xmlstarlet edit --inplace \
--insert "/Server/Service/Engine/Host/Valve[@className='org.apache.catalina.valves.RemoteIpValve']" \
--type attr -n protocolHeader -v "$GUACAMOLE_PROXY_PROTOCOL_HEADER" \
$CATALINA_BASE/conf/server.xml
fi
# X-Forwarded-By
if [ -z "$GUACAMOLE_PROXY_BY_HEADER" ]; then
echo "Using default Tomcat proxy forwarded by header"
else
xmlstarlet edit --inplace \
--insert "/Server/Service/Engine/Host/Valve[@className='org.apache.catalina.valves.RemoteIpValve']" \
--type attr -n remoteIpProxiesHeader -v "$GUACAMOLE_PROXY_BY_HEADER" \
$CATALINA_BASE/conf/server.xml
fi
} }
## ##