From 963be2c0873029add0300240d88237b38710d2a2 Mon Sep 17 00:00:00 2001
From: yivantsov-atlassian <52448429+bianchi2@users.noreply.github.com>
Date: Thu, 2 May 2024 14:32:42 +1000
Subject: [PATCH] Add remote ip valve envs to readme (#797)

* Add remote ip valve envs

* Add Jira docs

* Update CONFLUENCE.md

* Update JIRA.md

* Update CONFLUENCE.md

* Update JIRA.md

---------

Co-authored-by: Yevhen Ivantsov <yivantsov@atlassian.com>
---
 docs/docs/containers/CONFLUENCE.md | 27 +++++++++++++++++++++++++++
 docs/docs/containers/JIRA.md       | 28 ++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/docs/docs/containers/CONFLUENCE.md b/docs/docs/containers/CONFLUENCE.md
index ad7a3788d..a1f4aaedc 100644
--- a/docs/docs/containers/CONFLUENCE.md
+++ b/docs/docs/containers/CONFLUENCE.md
@@ -131,6 +131,33 @@ of the setup. They can be controlled via the below environment variables.
    that you map the directory to a volume and perform log ingestion/cleanup with
    external tools.
 
+* `ATL_TOMCAT_REQUESTATTRIBUTESENABLED`
+
+  Checks for the existence of request attributes (typically set by the RemoteIpValve and similar)
+  that should be used to override the values returned by the request for remote address,
+  remote host, server port and protocol. This property is usually combined with `ATL_TOMCAT_TRUSTEDPROXIES`
+  and `ATL_TOMCAT_INTERNALPROXIES` to show IP address of the remote host instead of the load balancer's.
+  If not declared, the default value of `false` will be used.
+
+* `ATL_TOMCAT_TRUSTEDPROXIES`
+
+  A list of IP addresses separated by a pipe character e.g. `10.0.9.6|10.0.9.32`.  
+  Trusted proxies that appear in the `remoteIpHeader` will be trusted and *will appear*
+  in the `proxiesHeader` value. By adding a list of Trusted Proxies, Confluence will remove the
+  load balancers' IP addresses from Confluence's view of the incoming connection. This could be desired
+  in a clustered load balancer architecture where the load balancer address changes depending on
+  which node proxies the connection.
+  If not specified, no trusted proxies will be trusted.
+
+* `ATL_TOMCAT_INTERNALPROXIES`
+
+  A list of IP addresses separated by a pipe character e.g. `10.0.9.6|10.0.9.32`.  
+  Trusted proxies that appear in the `remoteIpHeader` will be trusted and *will not appear*
+  in the `proxiesHeader` value. By adding a list of Internal Proxies, Confluence will remove the
+  load balancers' IP addresses from Confluence's view of the incoming connection. This could be desired
+  in a clustered load balancer architecture where the load balancer address changes depending on
+  which node proxies the connection. If not specified, no internal proxies will be trusted.
+
 The following Tomcat/Catalina options are also supported. For more information,
 see <https://tomcat.apache.org/tomcat-7.0-doc/config/index.html>. 
 
diff --git a/docs/docs/containers/JIRA.md b/docs/docs/containers/JIRA.md
index b794f326a..bc243dadf 100644
--- a/docs/docs/containers/JIRA.md
+++ b/docs/docs/containers/JIRA.md
@@ -128,6 +128,34 @@ be controlled via the below environment variables.
    The context path the application is served over. `CATALINA_CONTEXT_PATH` is
    also supported for backwards compatability.
 
+* `ATL_TOMCAT_REQUESTATTRIBUTESENABLED`
+
+  Checks for the existence of request attributes (typically set by the RemoteIpValve and similar)
+  that should be used to override the values returned by the request for remote address,
+  remote host, server port and protocol. This property is usually combined with `ATL_TOMCAT_TRUSTEDPROXIES`
+  and `ATL_TOMCAT_INTERNALPROXIES` to show IP address of the remote host instead of the load balancer's.
+  If not declared, the default value of `false` will be used.
+
+* `ATL_TOMCAT_TRUSTEDPROXIES`
+
+  A list of IP addresses separated by a pipe character e.g. `10.0.9.6|10.0.9.32`.  
+  Trusted proxies that appear in the `remoteIpHeader` will be trusted and *will appear*
+  in the `proxiesHeader` value. By adding a list of Trusted Proxies, Confluence will remove the
+  load balancers' IP addresses from Confluence's view of the incoming connection. This could be desired
+  in a clustered load balancer architecture where the load balancer address changes depending on
+  which node proxies the connection.
+  If not specified, no trusted proxies will be trusted.
+
+* `ATL_TOMCAT_INTERNALPROXIES`
+
+  A list of IP addresses separated by a pipe character e.g. `10.0.9.6|10.0.9.32`.  
+  Trusted proxies that appear in the `remoteIpHeader` will be trusted and *will not appear*
+  in the `proxiesHeader` value. By adding a list of Internal Proxies, Confluence will remove the
+  load balancers' IP addresses from Confluence's view of the incoming connection. This could be desired
+  in a clustered load balancer architecture where the load balancer address changes depending on
+  which node proxies the connection.
+  If not specified, no internal proxies will be trusted.
+
 The following Tomcat/Catalina options are also supported. For more information,
 see https://tomcat.apache.org/tomcat-7.0-doc/config/index.html.