Update remote address for remote proxies

In Foreman 2.3.4 the remote address verification was tightened to only trust certain proxies[1]. Then in Foreman 3.2 the installer added a flag to configure this[2]. [1]: https://projects.theforeman.org/issues/30779 [2]: https://projects.theforeman.org/issues/34089 Signed-off-by: Lukas Zapletal <lzap+git@redhat.com>
theforeman · Sep 28, 2022 · 7f1b05e · 7f1b05e
1 parent 22cb144
commit 7f1b05e
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/...dules/proc_using-vmware-cloud-init-and-userdata-templates-for-provisioning.adoc b/...dules/proc_using-vmware-cloud-init-and-userdata-templates-for-provisioning.adoc
@@ -190,11 +190,12 @@ You can use the xref:Adding_VMware_Images_to_Server_{context}[] section to add t
 If you deploy {Project} with the {SmartProxy} templates feature, you must configure {Project} to recognize hosts' IP addresses forwarded over the X-Forwarded-For HTTP header to serve correct template payload.
 
 For security reasons, {Project} recognizes this HTTP header only from localhost.
-For each individual {SmartProxy}, you must configure a regular expression to recognize hosts' IP addresses.
-From the {ProjectWebUI}, you can do this by navigating to *Administer* > *Settings* > *Provisioning*, and changing the *Remote address* setting.
-From the CLI, you can do this by entering the following command:
+For each individual {SmartProxy}, you must configure a setting to recognize hosts' IP addresses.
+To add an IP address (e.g. 192.0.2.10) or range (e.g. 192.0.2.0/24), use the following command:
 
 [options="nowrap" subs="+quotes,attributes"]
 ----
-# hammer settings set --name remote_addr --value '(localhost(4|6|4to6)?|192.168.122.(1|2|3))'
+# {foreman-installer} --foreman-trusted-proxies 127.0.0.1/8 --foreman-trusted-proxies ::1 --foreman-trusted-proxies 192.0.2.10
 ----
+
+The localhost entries are required, do not omit them.