starred/tacticalrmm

Fork 0

mirror of https://github.com/amidaware/tacticalrmm.git synced 2026-04-26 06:55:52 +03:00

[GH-ISSUE #601] adding php capability to the nginx server and doing the ip lookups on the agent to the server #2327

New issue

Closed

opened 2026-03-14 03:35:06 +03:00 by kerem · 4 comments

kerem commented

2026-03-14 03:35:06 +03:00

Owner

Originally created by @meuchels on GitHub (Jun 28, 2021).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/601

Is your feature request related to a problem? Please describe.
No

Describe the solution you'd like
add php to the nginx server so lookups and agent communication can be contained to our own environment along with other server side scripting.

Describe alternatives you've considered
the following will give you a webpage that will provide the public ip using php.

<?php echo $_SERVER['REMOTE_ADDR']; ?>

Additional context
containment and communication with 3rd party sites is my reasoning.
curl rmm.mydomainname.com/ip.php
should get you the same results without all the fuss and keep it contained in our own environments.

Originally created by @meuchels on GitHub (Jun 28, 2021). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/601 **Is your feature request related to a problem? Please describe.** No **Describe the solution you'd like** add php to the nginx server so lookups and agent communication can be contained to our own environment along with other server side scripting. **Describe alternatives you've considered** the following will give you a webpage that will provide the public ip using php. `<?php echo $_SERVER['REMOTE_ADDR']; ?> ` **Additional context** containment and communication with 3rd party sites is my reasoning. `curl rmm.mydomainname.com/ip.php` should get you the same results without all the fuss and keep it contained in our own environments.

kerem closed this issue

2026-03-14 03:35:11 +03:00

kerem commented

2026-03-14 03:35:17 +03:00

Author

Owner

@unplugged216 commented on GitHub (Jun 28, 2021):

I am not sure PHP will account for all instances of hosting. For example, we are using CloudFlare for reverse proxy and <?php echo $_SERVER['REMOTE_ADDR']; ?> returns the CF Ray instance IP rather than the end users IP. Now, we could build tests in for that however, that could entail a pretty beefy update to handle all of the proxy providers out there.

Is there a security concern with querying a service like icanhazip.com? I could see this being a benefit if it was an internal only network. At that point then one could implement a forward lookup record in DNS for either internal or external networks and redirect to a controlled instance.

In tacticals situation, nginx is strictly used for proxy at the moment from what I can tell. Adding services to it may expose more then it closes.

Thoughts?

@unplugged216 commented on GitHub (Jun 28, 2021): I am not sure PHP will account for all instances of hosting. For example, we are using CloudFlare for reverse proxy and `<?php echo $_SERVER['REMOTE_ADDR']; ?>` returns the CF Ray instance IP rather than the end users IP. Now, we could build tests in for that however, that could entail a pretty beefy update to handle all of the proxy providers out there. Is there a security concern with querying a service like `icanhazip.com`? I could see this being a benefit if it was an internal only network. At that point then one could implement a forward lookup record in DNS for either internal or external networks and redirect to a controlled instance. In tacticals situation, nginx is strictly used for proxy at the moment from what I can tell. Adding services to it may expose more then it closes. Thoughts?

kerem commented

2026-03-14 03:35:22 +03:00

Author

Owner

@meuchels commented on GitHub (Jun 28, 2021):

gotcha.

my concern is using tactical in an environment where you have to whitelist all communication. gov or municipalities usually require this.
we would have to put in a security request to allow rmm communication let alone the public ip query feature.
the more you can keep contained to server-agent communication the better IMHO.

maybe there is an alternative to my mention?

@meuchels commented on GitHub (Jun 28, 2021): gotcha. my concern is using tactical in an environment where you have to whitelist all communication. gov or municipalities usually require this. we would have to put in a security request to allow rmm communication let alone the public ip query feature. the more you can keep contained to server-agent communication the better IMHO. maybe there is an alternative to my mention?

kerem commented

2026-03-14 03:35:27 +03:00

Author

Owner

@wh1te909 commented on GitHub (Jun 28, 2021):

the install script doesn't install php and we're not going to install php to do something that can already be done with django/python, so if it were to be implemented we would just add an api endpoint for it

and yes the reason the agent needs to hit a 3rd party service and not the RMM is because alot of people run tacticalrmm behind NAT or cloudflare as @unplugged216 mentioned and so if we query the rmm for the ip it will not always return the public ip of the agent

@wh1te909 commented on GitHub (Jun 28, 2021): the install script doesn't install php and we're not going to install php to do something that can already be done with django/python, so if it were to be implemented we would just add an api endpoint for it and yes the reason the agent needs to hit a 3rd party service and not the RMM is because alot of people run tacticalrmm behind NAT or cloudflare as @unplugged216 mentioned and so if we query the rmm for the ip it will not always return the public ip of the agent

kerem commented

2026-03-14 03:35:32 +03:00

Author

Owner

@meuchels commented on GitHub (Jun 28, 2021):

Thanks for helping clear up your reasoning.
I will go ahead and close this.

keep up the good work!

@meuchels commented on GitHub (Jun 28, 2021): Thanks for helping clear up your reasoning. I will go ahead and close this. keep up the good work!

kerem referenced this issue

2026-03-14 07:14:35 +03:00

[GH-ISSUE #2327] Nginx problem during update #3383