JSS Cluster detecting IP address of EC2 VPN Instance instead of JSS

Question

JSS Cluster environment is setup on Amazon EC2.  We have 3 JSS in cluster in different regions.  To connect the VPCs in these regions, we have multiple VPN instances that we route traffic through.

Goal:2 JSS - we want to setup in Limited Access mode1 JSS - setup in Full Access mode, and stores main database

IssueWhen connecting a Limited JSS from one region to the Full JSS in another region, the traffic goes through our VPN instances.  When logging onto the Full JSS, I see that the Cluster detects the IP address of the VPN instance instead of the source IP address of the Limited JSS.

VPN Instances are setup using OpenSwan on an Ubuntu box.

I've tried enabling RemoteIPvalve and added the following to our server.xml file on all JSS:
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="10.11.2.239|10.11.10.42" trustedProxies="10.11.2.239|10.11.10.42" remoteIpHeader="x-forwarded-for" remoteIpProxiesHeader="x-forwarded-by" protocolHeader="x-forwarded-proto" />

For InternalProxies, I entered the IP addresses of our VPN instances.

Does anyone have advice on getting JSS Cluster to detect the source IP?

kitzy · Answer

I think you might be out of luck here. As far as I can tell, the JSS determines the IP address of a cluster node by looking at what IP address is accessing the database server. Since all the database server can see is the request coming from the VPN server, that's the IP it'll register. AFAIK there isn't a way around that, but I could be wrong. I'd recommend reaching out to your TAM if you haven't already, they might know something the rest of us don't.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded