guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <>
Subject Re: Guac Access Over HTTPS w/ NGINX Reverse Proxy
Date Mon, 03 Dec 2018 12:46:38 GMT
On Sun, Dec 2, 2018 at 7:51 PM Matthew Lawson <>

> However, I cannot figure out how to reach the guacamole login page from
> outside my home network over a secure connection.  When I try, I receive an
> error message. FF, for instance, indicates that 'SSL received a record that
> exceeded the maximum permissible length.'  Apparently, that means I've
> mis-configured something, but I have not been able to figure out what.

Can  you reach any HTTPS page served by Nginx?  Or do they all display that
error, regardless of whether you're trying to access Guacamole or not?

> If someone would be kind enough to point out where I've gone wrong in my
> setup, I would greatly appreciate it.
> Best regards,
> ~ML
> My nginx config file:
> worker_processes  auto;
> events {
>     worker_connections  1024;
> }
> http {
>     include       mime.types;
>     default_type  application/octet-stream;
>     include /etc/nginx/conf.d/*.conf;
>     server_tokens off;
>     ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
>     ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
>     ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
>     ssl_protocols       TLSv1.1 TLSv1.2;
>     ssl_dhparam /etc/ssl/certs/dhparam.pem;
>     ssl_session_cache shared:SSL:10m;
>     ssl_session_timeout 10m;

I'm not an expert on Nginx configuration by any stretch of the imagination,
but have you tried putting these ssl_* lines down in the server {} section
that configures the HTTPS port rather than up here in the common http {}
section?  In my Nginx configuration I have all of those options located
with the section that configures HTTPS.


View raw message