guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tony Hooker <tony.hoo...@dwwtc.com>
Subject RE: Guacamole HTTP tunnel not Websockets
Date Wed, 14 Jun 2017 21:56:03 GMT
This is our /etc/nginx/nginx.conf

----------------------------------------------
user www-data;
worker_processes 4;
pid /run/nginx.pid;

events
{
        worker_connections 768;
}

http
{
        # My Certificates
        ssl_certificate /etc/nginx/ssl/lvc.dwwtc.com/fullchain.pem;
        ssl_certificate_key /etc/nginx/ssl/lvc.dwwtc.com/privkey.pem;

        # SSL Performance Related
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 10m;

        # SSL Protocols and Ciphers
        ssl_prefer_server_ciphers on;
        ssl_protocols TLSv1.2;
        ssl_ciphers "ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:!AES128:!aNULL:!MD5:!eNULL:!EXPORT:!DES:!PSK:!RC4";
        # DHE Key-Exchange
        ssl_dhparam /etc/nginx/ssl/lvc.dwwtc.com/dhparam.pem;

        # Random Security Stuff
        server_tokens off;
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header Strict-Transport-Security max-age=63072000;

        # Common Proxy Settings
        proxy_set_header Host      \$host;
        proxy_set_header X-Real-IP  \$remote_addr;
        proxy_set_header    X-Forwarded-For \$proxy_add_x_forwarded_for;

        ########################
        # Default Config Stuff #
        ########################
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 4096; #Default:2048
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        gzip on;
        gzip_disable "msie6";
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

        # REDIRECTS ALL PORT 80/HTTP to 443/HTTPS
        server
        {
                listen 80;
                listen [::]:80;
                server_name lvc.dwwtc.com;

                location ~ /.well-known/acme-challenge
                {
                    root /var/www/html/;
                }

                return 301 https://\$host\$request_uri;
        }

        # GUACAMOLE SERVER SETTINGS
        server
        {
                listen 443 ssl;
                listen [::]:443 ssl;
                server_name lvc.dwwtc.com;

                proxy_buffering off;
                proxy_redirect  off;
                proxy_cookie_path /guacamole/ /;
                proxy_http_version 1.1;
                proxy_set_header Upgrade \$http_upgrade;
                proxy_set_header Connection "upgrade";

                location ~ /.well-known/acme-challenge
                {
                    root /var/www/html/;
                }

                location /
                {
                        proxy_pass http://lvc.dwwtc.local:8080/;
                }
        }
}
----------------------------------------------
Mime
View raw message