guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jonathan Hunter <jmhunt...@gmail.com>
Subject Re: unable to use websocket - HTTP tunnel instead
Date Sun, 31 Dec 2017 14:50:11 GMT
Just a thought - does the order of the <Location> directives in apache's
config make a difference? I had something very similar when getting mine
working (see my other thread about printing not working over HTTP, only via
web socket)

FWIW, my working Apache config pretty much boils down to just this below,
and works fine. I don't use <Location> for the reverse proxy (although I do
use it to set/unset HTTP authentication headers)


        # sudo a2enmod proxy_wstunnel

        ProxyPass /access/websocket-tunnel
ws://server:1234/guacamole/websocket-tunnel

        ProxyPass /access/        http://server:1234/guacamole/


        # sudo a2enmod authnz_ldap

        # sudo a2enmod headers

        <Location /access/>

                AuthName "Remote Access"

                AuthBasicProvider ldap

                AuthType Basic

                [...]

                require ldap-group CN=mygroup,OU=myou,DC=mydc

                [...]

        </Location>

I didn't need ProxyPassReverse, or indeed anything else.

On 20 December 2017 at 14:43, wouterve <woutervaneenoo@avr.be> wrote:

> Hi,
> This is a continuation from my  previous post
> <http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
> Performance-issues-guacamole-0-9-13-td2339.html>
> as it was getting a little messy.
> So here is my problem:
>
> Guacamole is not using websocket but http-tunnel instead eventhough I have
> set up a proxy with Apache.
>
> Here is the output from /var/lib/tomcat7/logs/catalina.out:
>
>
> > 16:19:18.001 [http-bio-8080-exec-10] INFO
> > o.a.g.r.auth.AuthenticationService - User "vaneenw" successfully
> > authenticated from 192.168.217.184.
> > Wed Dec 20 16:19:18 CET 2017 WARN: Establishing SSL connection without
> > server's identity verification is not recommended. According to MySQL
> > 5.5.45+, 5.6.26+ and 5.7.6+ requirements SSL connection must be
> > established by default if explicit option isn't set. For compliance with
> > existing applications not using SSL the verifyServerCertificate property
> > is set to 'false'. You need either to explicitly disable SSL by setting
> > useSSL=false, or set useSSL=true and provide truststore for server
> > certificate verification.
> > 16:19:18.351 [http-bio-8080-exec-13] INFO
> > o.a.g.tunnel.TunnelRequestService - User "vaneenw" connected to
> connection
> > "1".
> > 16:19:18.354 [http-bio-8080-exec-13] INFO
> > o.a.g.tunnel.TunnelRequestService - User "vaneenw" disconnected from
> > connection "1". Duration: 3 milliseconds
> > 16:19:18.552 [http-bio-8080-exec-7] INFO
> > o.a.g.tunnel.TunnelRequestService - User "vaneenw" connected to
> connection
> > "1".
> > 16:19:18.552 [http-bio-8080-exec-7] INFO
> > o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not
> > WebSocket). Performance may be sub-optimal.
>
> With Apache, I have done the following configuration:
>
> 1-enable mod_proxy & mod_proxy_wstunnel
>
>
> >  sudo a2enmod proxy_wstunnel   (this also enables mod_proxy..)
> > sudo a2enmod proxy_http
> > sudo a2enmod headers
> > sudo a2enmod rewrite
> > sudo a2enmod proxy_html
> > sudo a2enmod deflate
>
> (I'm not sure whether the other mods beside the first one are really
> necessary but doesn't harm to enable too much it seems to me..)
>
>
> Then I've changed my apache virtual host file:
> /etc/apache2/sites-enabled/000-default.conf
> (as desbribed by the  guacamole documentation
> <https://guacamole.apache.org/doc/gug/proxying-guacamole.html>
>
>
> > <VirtualHost *:80>
> > ServerName name
> >
> >       ServerAdmin webmaster@localhost
> >       DocumentRoot /var/www/html
> >       ProxyRequests on
> > <Proxy *=""/>
> >         Order allow,deny
> >         Allow from all
> > </Proxy>
> >
> > <Location /guacamole/>
> >     Order allow,deny
> >     Allow from all
> >     ProxyPass http://localhost:8080/guacamole/ flushpackets=on
> >     ProxyPassReverse http://localhost:8080/guacamole/
> > </Location>
> >
> > <Location /guacamole/websocket-tunnel>
> >    Order allow,deny
> >    Allow from all
> >    ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
> >    ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel
> > </Location>
> >
> > </VirtualHost>
>
>
> (note: once websocket is working I will adapt the <proxy> config so that
> only local requests are accepted)
>
> Thus far, I haven't succeeded in establishing connection with guacomole
> through websocket which results in very laggy response from the remote
> computer..
> Only exception is when I log into guacamole from the server itself, then I
> have a websocket and optimal performance so problem is within proxying I
> guess.
>
> I have to add I don't use SSL certificates (use port 80) as can also be
> found in the tomcat log (see above). Could this also have to do something
> with it?
>
> Can someone help me with configuration please?
>
> kind regards,
>
> wouter
>
>
>
>
>
> --
> Sent from: http://apache-guacamole-general-user-mailing-list.
> 2363388.n4.nabble.com/
>



-- 
"If we knew what it was we were doing, it would not be called research,
would it?"
      - Albert Einstein

Mime
View raw message