PROXY_XXX (tomcat) setting caused service cannot startup at container restart

[WindoC]

Problem: When using those environments PROXY_XXX to change the tomcat setting. That won't have any issue when the container first startup. But it will cause the error after restarting that container. (ex: reboot the server or using docker restart)

Below show how to reproduce the problem:

1. Start a guacamole with environments PROXY_XXX.

docker run -d --restart=always \
--net=host \
--name guacamole \
=-v /data/docker-guacamole:/config \
-e "EXTENSIONS=history-recording-storage" \
-e "REMOTE_IP_VALVE_ENABLED=true" \
-e "PROXY_ALLOWED_IPS_REGEX=127.0.0.1" \
-e "PROXY_BY_HEADER=x-forwarded-by" \
-e "PROXY_IP_HEADER=x-forwarded-for" \
-e "PROXY_PROTOCOL_HEADER=x-forwarded-proto" \
abesnier/guacamole

The status is ok at the first start.

antoniocheong@IS0105:~$ docker ps
CONTAINER ID   IMAGE                COMMAND   CREATED         STATUS                   PORTS      NAMES
174323bfef6a   abesnier/guacamole   "/init"   2 minutes ago   Up 2 minutes (healthy)   8080/tcp   guacamole

Then restart the container

antoniocheong@IS0105:~$ docker restart guacamole
guacamole
antoniocheong@IS0105:~$ docker ps
CONTAINER ID   IMAGE                COMMAND   CREATED         STATUS                             PORTS      NAMES
174323bfef6a   abesnier/guacamole   "/init"   5 minutes ago   Up 47 seconds (health: starting)   8080/tcp   guacamole

the container cannot start correctly. Below error found from container log

antoniocheong@IS0105:~$ docker logs -f --tail 100 guacamole
2024-07-11 02:19:38.602 UTC [2805] FATAL:  role "root" does not exist
/var/run/postgresql:5432 - accepting connections
/usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                               ^
/usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                               ^
/usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                               ^
/usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                               ^
/usr/local/tomcat/conf/server.xml:151.231: Attribute internalProxies redefined
warded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"
                                                                               ^
Starting guacamole client...
NOTE: Picked up JDK_JAVA_OPTIONS:  --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
11-Jul-2024 02:19:38.987 SEVERE [main] org.apache.tomcat.util.digester.Digester.fatalError Parse fatal error at line [151] column [231]
        org.xml.sax.SAXParseException; systemId: file:/usr/local/tomcat/conf/server.xml; lineNumber: 151; columnNumber: 231; Attribute "internalProxies" was already specified for element "Valve".
                at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.fatalError(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.impl.XMLScanner.reportFatalError(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanAttribute(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
                at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
                at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:579)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:671)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                at java.base/java.lang.reflect.Method.invoke(Unknown Source)
                at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
                at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
11-Jul-2024 02:19:39.002 WARNING [main] org.apache.catalina.startup.Catalina.parseServerXml Unable to load server configuration from [/usr/local/tomcat/conf/server.xml]
        org.xml.sax.SAXParseException; systemId: file:/usr/local/tomcat/conf/server.xml; lineNumber: 151; columnNumber: 231; Attribute "internalProxies" was already specified for element "Valve".
                at java.xml/com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(Unknown Source)
                at java.xml/com.sun.org.apache.xerces.internal.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
                at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1535)
                at org.apache.catalina.startup.Catalina.parseServerXml(Catalina.java:579)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:671)
                at org.apache.catalina.startup.Catalina.load(Catalina.java:709)
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                at java.base/java.lang.reflect.Method.invoke(Unknown Source)
                at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:302)
                at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:472)
11-Jul-2024 02:19:39.007 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server, server instance is not configured

The /usr/local/tomcat/conf/server.xml was not modified correctly after the 2nd start.

antoniocheong@IS0105:~$ docker exec -it guacamole tail /usr/local/tomcat/conf/server.xml
             Documentation at: /docs/config/valve.html
             Note: The pattern used is equivalent to using pattern="common" -->
        <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1"/>
        <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"/>
        <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1"/>
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t &quot;%r&quot; %s %b"/>
      </Host>
    </Engine>
  </Service>
</Server>

the diff compare for the 1st and 2nd /usr/local/tomcat/conf/server.xml

antoniocheong@IS0105:~$ diff server.xml.1st server.xml.2nd
150c150,152
<         <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" remoteIpProxiesHeader="x-forwarded-by"/>
---
>         <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1"/>
>         <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1" remoteIpHeader="x-forwarded-for" protocolHeader="x-forwarded-proto" remoteIpProxiesHeader="x-forwarded-by" internalProxies="127.0.0.1"/>
>         <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127.0.0.1"/>

[abesnier]

PR approved and merged, thanks for your support!

Changes will be updated in the image at the next weekly build.