I am currently seeking to deploy SignServer behind a couple of load balancers.
In the production environment database, there is a 'requestIP' column within the 'ArchiveData' table as created in the default SignServer data source.
I would like to inquire if there is any way to save the source IP of the client machine that pinged SignServer for a timestamp, instead of the load balancer's IP (as it currently stands) into this particular column. In other words, I am interested in the X-Forwarded-For HTTP header of the timestamp request.
If yes, how should I go about enabling it? Please note that the worker process already has its ARCHIVE property set to TRUE.
If no, what should I do to implement such a feature?
Best Regards
Desmond
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Currently default Archiver (called OldDatabaseArchiver) only uses the "real" IP address but having the option to take this value from the X-Forwarded-For HTTP header sounds like a good feature.
This behavior should probably be configurable so that those not running SignServer behind a proxy only uses the "real" IP address and those that have a proxy can use the header value if present.
The OldDatabaseArchiver gets the IP address from the RequestContext which is created in GenericProcessServlet.java. A new property RequestContext.X_FORWARDED_FOR could be created and put in the RequestContext to be available for the OldDatabaseArchiver. A new property of the OldDatabaseArchiver called for instance "USE_X_FORWARDED_FOR=true/false" could be used. See Test1Archiver.java for how to access properties from an Archiver.
You can contact PrimeKey at info@primekey.se if you want professional support. If you decide to do the implementation your self we are happy for code contributions but can not guarantee that they gets accepted.
Hi Everyone
I am currently seeking to deploy SignServer behind a couple of load balancers.
In the production environment database, there is a 'requestIP' column within the 'ArchiveData' table as created in the default SignServer data source.
I would like to inquire if there is any way to save the source IP of the client machine that pinged SignServer for a timestamp, instead of the load balancer's IP (as it currently stands) into this particular column. In other words, I am interested in the X-Forwarded-For HTTP header of the timestamp request.
If yes, how should I go about enabling it? Please note that the worker process already has its ARCHIVE property set to TRUE.
If no, what should I do to implement such a feature?
Best Regards
Desmond
Hi Desmond,
Currently default Archiver (called OldDatabaseArchiver) only uses the "real" IP address but having the option to take this value from the X-Forwarded-For HTTP header sounds like a good feature.
This behavior should probably be configurable so that those not running SignServer behind a proxy only uses the "real" IP address and those that have a proxy can use the header value if present.
The OldDatabaseArchiver gets the IP address from the RequestContext which is created in GenericProcessServlet.java. A new property RequestContext.X_FORWARDED_FOR could be created and put in the RequestContext to be available for the OldDatabaseArchiver. A new property of the OldDatabaseArchiver called for instance "USE_X_FORWARDED_FOR=true/false" could be used. See Test1Archiver.java for how to access properties from an Archiver.
You can contact PrimeKey at info@primekey.se if you want professional support. If you decide to do the implementation your self we are happy for code contributions but can not guarantee that they gets accepted.
Best regards,
Markus
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/