guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Carter Sema <CS...@acschools.org>
Subject Re: Apache Force Re-Direct to HTTPS
Date Tue, 17 Oct 2017 02:25:33 GMT
I checked my Apache folders and my only site-enabled is my tomcat one, and just to be safe,
I deleted the default ones in sites-available, rebooted apache2 and reloaded, still no luck.
I can actually access HTTP content such as Guac(not static default tomcat sites) and it works.
Any other tricks or ideas?

Do I need to enable Rewrite? The only reason I ask, is because on my other ubuntu-apache2-tomcat8
box, I don't have Rewrite enabled, and it works.



I ended up doing what you suggested and blocking my traffic to port 80. As a fix for right
now, eventually I will go back and investigate more. As you said, it's not pretty, but it
restricts unwanted access on unsecured ports. I'm pretty new to linux in general but quickly
learning, is blocking the port 80/8080 just as secure as forcing a redirect to https?





Carter Sema
Network Support Specialist
CSema@acschools.org

________________________________
From: Carter Sema <CSema@acschools.org>
Sent: Monday, October 16, 2017 3:42:06 PM
To: user@guacamole.incubator.apache.org
Subject: Apache Force Re-Direct to HTTPS

So, guac is configured to use Lets Encrypt for a SSL cert and it works great. But, my unsecured
version is still open. My Apache configuration is set to redirect to HTTPs, but guac doesn’t
seem to be listening, or my apache rules are incorrect.

My current apache config is listed below.

<VirtualHost *:80>
      # redirect to https
      Redirect permanent / https://myURL
</VirtualHost>

<VirtualHost *:443
      # LogLevel info ssl:warn
      ErrorLog ${APACHE_LOG_DIR}/error.log
      CustomLog ${APACHE_LOG_DIR}/access.log combined

      # Enable SSL for this virtual host.
      SSLEngine on
      SSLCertificateKeyFile /etc/letsencrypt/live/myurl.org/privkey.pem
      SSLCertificateFile /etc/letsencrypt/live/myurl.org/cert.pem
      SSLCertificateChainFile /etc/letsencrypt/live/myurl.org/chain.pem

      # Configure proxy with tomcat
      ProxyPreserveHost On
      ProxyRequests Off
      ProxyPass / http://localhost:8080/
      ProxyPassReverse / http://localhost:8080/
</VirtualHost>

After doing some searching I found that I needed to add this, to my configuration. But it
didn’t seem to work and my rewrite module has been enable.
      RewriteEngine On
      RewriteCond %{HTTPS} On
      RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}<https://%25%7bHTTP_HOST%7d%25%7bREQUEST_URI%7d>

I know this is a simple question, but would anyone have advice or a suggestion?

Thanks!

Carter Sema
Network Support Specialist
CSema@acschools.org<mailto:CSema@acschools.org>
[CertBadge_Administrator_web]


Mime
View raw message