Pivotal Knowledge Base

Follow

How To Trust Public IP Ranges as Trusted Proxies in Elastic Runtime

Environment

 Product  Version
 Pivotal Cloud Foundry Elastic Runtime  1.8.x, 1.9.x 

Symptom

User cannot login to apps manager via login <system-domain>

Cause

Pivotal Account Apps are not set up to trust the Public IP Ranges as trusted proxies. Currently, it only honors the Internal IP Ranges. This issue includes attempting to log into any Pivotal Account org/space.

Resolution

1. Browse to <console.YOUR-SYSTEM-DOMAIN>

2. Navigate to the elastic runtime tile and click on the Credentials Tab

3. Navigate to the UAA Section and copy the password for the Admin User (Please note: Admin User, not Admin Client) 


4. Launch Apps Manager at https://apps.{system-domain}


5. Select the System ORG and pivotal-account-space


6. Navigate to pivotal-account APP


7. Click on the Env Variables Tab


8. Add the following ENV Variable - server.tomcat.internal-proxies The value is .*


9. Restart the APP

Optionally:

You may also use the CF CLI by issuing the below commands to set the env-var:

  • cf login
  • cf target -o system -s pivotal-account-space
  • cf set-env pivotal-account server.tomcat.internal-proxies .*


Additional Information

This issue will be fixed to work out of the box starting with the v1.10 release. As of now, there is currently no ETA.

**Disclaimer

Affected version numbers are current as at the time this KB has been written.

Comments

Powered by Zendesk