Add remote ip valve envs to readme (#797)

* Add remote ip valve envs * Add Jira docs * Update CONFLUENCE.md * Update JIRA.md * Update CONFLUENCE.md * Update JIRA.md --------- Co-authored-by: Yevhen Ivantsov <yivantsov@atlassian.com>
atlassian · May 2, 2024 · 963be2c · 963be2c
1 parent 2a41de2
commit 963be2c
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 0 deletions.
diff --git a/docs/docs/containers/CONFLUENCE.md b/docs/docs/containers/CONFLUENCE.md
@@ -131,6 +131,33 @@ of the setup. They can be controlled via the below environment variables.
    that you map the directory to a volume and perform log ingestion/cleanup with
    external tools.
 
+* `ATL_TOMCAT_REQUESTATTRIBUTESENABLED`
+
+  Checks for the existence of request attributes (typically set by the RemoteIpValve and similar)
+  that should be used to override the values returned by the request for remote address,
+  remote host, server port and protocol. This property is usually combined with `ATL_TOMCAT_TRUSTEDPROXIES`
+  and `ATL_TOMCAT_INTERNALPROXIES` to show IP address of the remote host instead of the load balancer's.
+  If not declared, the default value of `false` will be used.
+
+* `ATL_TOMCAT_TRUSTEDPROXIES`
+
+  A list of IP addresses separated by a pipe character e.g. `10.0.9.6|10.0.9.32`.  
+  Trusted proxies that appear in the `remoteIpHeader` will be trusted and *will appear*
+  in the `proxiesHeader` value. By adding a list of Trusted Proxies, Confluence will remove the
+  load balancers' IP addresses from Confluence's view of the incoming connection. This could be desired
+  in a clustered load balancer architecture where the load balancer address changes depending on
+  which node proxies the connection.
+  If not specified, no trusted proxies will be trusted.
+
+* `ATL_TOMCAT_INTERNALPROXIES`
+
+  A list of IP addresses separated by a pipe character e.g. `10.0.9.6|10.0.9.32`.  
+  Trusted proxies that appear in the `remoteIpHeader` will be trusted and *will not appear*
+  in the `proxiesHeader` value. By adding a list of Internal Proxies, Confluence will remove the
+  load balancers' IP addresses from Confluence's view of the incoming connection. This could be desired
+  in a clustered load balancer architecture where the load balancer address changes depending on
+  which node proxies the connection. If not specified, no internal proxies will be trusted.
+
 The following Tomcat/Catalina options are also supported. For more information,
 see <https://tomcat.apache.org/tomcat-7.0-doc/config/index.html>. 
 

diff --git a/docs/docs/containers/JIRA.md b/docs/docs/containers/JIRA.md
@@ -128,6 +128,34 @@ be controlled via the below environment variables.
    The context path the application is served over. `CATALINA_CONTEXT_PATH` is
    also supported for backwards compatability.
 
+* `ATL_TOMCAT_REQUESTATTRIBUTESENABLED`
+
+  Checks for the existence of request attributes (typically set by the RemoteIpValve and similar)
+  that should be used to override the values returned by the request for remote address,
+  remote host, server port and protocol. This property is usually combined with `ATL_TOMCAT_TRUSTEDPROXIES`
+  and `ATL_TOMCAT_INTERNALPROXIES` to show IP address of the remote host instead of the load balancer's.
+  If not declared, the default value of `false` will be used.
+
+* `ATL_TOMCAT_TRUSTEDPROXIES`
+
+  A list of IP addresses separated by a pipe character e.g. `10.0.9.6|10.0.9.32`.  
+  Trusted proxies that appear in the `remoteIpHeader` will be trusted and *will appear*
+  in the `proxiesHeader` value. By adding a list of Trusted Proxies, Confluence will remove the
+  load balancers' IP addresses from Confluence's view of the incoming connection. This could be desired
+  in a clustered load balancer architecture where the load balancer address changes depending on
+  which node proxies the connection.
+  If not specified, no trusted proxies will be trusted.
+
+* `ATL_TOMCAT_INTERNALPROXIES`
+
+  A list of IP addresses separated by a pipe character e.g. `10.0.9.6|10.0.9.32`.  
+  Trusted proxies that appear in the `remoteIpHeader` will be trusted and *will not appear*
+  in the `proxiesHeader` value. By adding a list of Internal Proxies, Confluence will remove the
+  load balancers' IP addresses from Confluence's view of the incoming connection. This could be desired
+  in a clustered load balancer architecture where the load balancer address changes depending on
+  which node proxies the connection.
+  If not specified, no internal proxies will be trusted.
+
 The following Tomcat/Catalina options are also supported. For more information,
 see https://tomcat.apache.org/tomcat-7.0-doc/config/index.html.