guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: DNS or IP access without port number
Date Tue, 15 May 2018 11:33:55 GMT
On Tue, May 15, 2018 at 1:21 AM, Asbern <asbern.a@trainocate.com> wrote:

> Hi all,
>
>
>
> I have successfully deployed guacamole, I could access via
> https://ip:8443/guacamole, but is it possible to access using IP alone
> without the port and the path?
>
>
>
>
>
Yes, it is possible to do both.  Deploying Guacamole without a path is
relatively simple - instead of naming the WAR file guacamole.war when you
copy it into the webapps folder, you name it ROOT.war.  The special name
"ROOT.war" causes it to be deployed at the base of the Tomcat install.

The port number requires a little bit more work, mainly because of security
restrictions.  Tomcat cannot run on any port lower than 1024 unless it is
run as the root user, which is not something you want to do.  So, the best
way to get Guacamole (or anything Tomcat-related) deployed on ports lower
than 1024 (like standard HTTP/HTTPS ports 80/443) is to proxy it through
either Nginx or Apache httpd.  There are instructions for this in the
Guacamole manual:

http://guacamole.apache.org/doc/gug/proxying-guacamole.html

The other alternative is to use iptables to redirect traffic at the lower
ports to the higher ports, as described on the following pages:

https://glassonionblog.wordpress.com/2011/04/08/tomcat-redirecting-traffic-from-port-8080-to-80-using-iptables/
https://wiki.jenkins.io/display/JENKINS/Running+Jenkins+on+Port+80+or+443+using+iptables

These methods *usually* work, but there can be issues with links
redirecting to the port Tomcat is actually running on, which are overcome
by the Proxy method.  It's usually worth investing the time in getting the
proxy configuration up and running - it's not that complicated, and, once
configured, works a lot more seamlessly.

-Nick

Mime
View raw message