Детали

Сергей Попцов создал 6 дней назад

Сергей Попцов обновил 6 дней назад

Действующие разрешения книги

Действия

Версии

Configuring Correct User IP Display When Using HAProxy Authentication

When using a load balancer such as HAProxy, all users in the system see the HAProxy address instead of the actual IP address of the user's workstation.

Solution:

Add the following line to the HAProxy configuration file in the backend jms-web section:

backend jms-web
  mode http
  option forwardfor except 127.0.0.1 
  http-request set-header X-Forwarded-For %[src]

On each JS server, open the Nginx configuration file:

nano /opt/jumpserver/config/nginx/lb_http_server.conf

server {
  listen 443 ssl http2;
  set_real_ip_from 10.10.53.210;  # IP вашего HAProxy
  real_ip_header X-Forwarded-For;
  real_ip_recursive on;

  server_tokens off;

Restart HAProxy and Jumpserver.

systemctl restart haproxy
jmsctl restart

Наверх

Getting Started Guide for JumpServer PoC

Installation JumpServer Enterprise Edition

Installation JumpServer Community Edition

JumpServer HA-cluster configuration

HAProxy configuration for JumpServer HA-cluster

Operation and Maintenance with command line jmsctl

JumpServer port discription

Installing SSL Certificates and Configuring HTTPS

Configuring Correct User IP Display When Using HAProxy Authentication

How to Save Transferred Files in JumpServer

Where Does JumpServer Store Copies of Files Transferred via SFTP and RDP?

How to Remove Passwords Entered by Users Inside SSH Sessions from the Logs

Syslog configuration

Configuring External Storage for Session Recordings in JumpServer

How to Set the Correct Date and Time in JumpServer?

RDP Session Video Compression: Configuring Video-Worker

Active Directory synchronization with AD groups

How to enable 2FA(TOTP) auth

Installing OpenSSH for account management for Windows

RemoteApp configuration for application publishing

Setting up Panda for application publishing(alternative to RemoteApp)

Changing the lifetime and reusability of connection tokens in JumpServer

How to configure access to asset web-interface, HTTP session configuration

Command filter configuration for SSH and database queries

How to connect to domain assets using a single domain account?

Automatic privilege escalation when connecting via SSH

Creating Accounts and SSH Keys on the Target System (Push Accounts)

Discovering Unmanaged Accounts (Discover Accounts)

Changing the Default Directory for SFTP Connections

Configuring Asset Discovery in Local Networks and Cloud Platforms

Connecting to Target Systems: All Possible Options

Opening RDP Sessions in Remote Desktop Manager (Devolutions)

Supported Database Types and Connection Methods

Installing, Configuring, and Using JumpServer Client

Connecting to Systems Using the SSH Selector in JumpServer

How to check system status and container logs

RemoteApp Troubleshooting

Custome Applet structure for RemoteApp

How to Write API Requests Using Cursor AI

Developing Custom Applications for Panda

Configuring Correct User IP Display When Using HAProxy Authentication