guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <vn...@apache.org>
Subject Re: Guac Access Over HTTPS w/ NGINX Reverse Proxy
Date Mon, 03 Dec 2018 12:46:38 GMT
On Sun, Dec 2, 2018 at 7:51 PM Matthew Lawson <m3.lawson.ml@gmail.com>
wrote:

> However, I cannot figure out how to reach the guacamole login page from
> outside my home network over a secure connection.  When I try, I receive an
> error message. FF, for instance, indicates that 'SSL received a record that
> exceeded the maximum permissible length.'  Apparently, that means I've
> mis-configured something, but I have not been able to figure out what.
>

Can  you reach any HTTPS page served by Nginx?  Or do they all display that
error, regardless of whether you're trying to access Guacamole or not?


>
> If someone would be kind enough to point out where I've gone wrong in my
> setup, I would greatly appreciate it.
>
> Best regards,
>
> ~ML
>
>
>
> My nginx config file:
> worker_processes  auto;
>
> events {
>     worker_connections  1024;
> }
>
> http {
>     include       mime.types;
>     default_type  application/octet-stream;
>     include /etc/nginx/conf.d/*.conf;
>     server_tokens off;
>     ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
>     ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
>     ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
>     ssl_protocols       TLSv1.1 TLSv1.2;
>     ssl_dhparam /etc/ssl/certs/dhparam.pem;
>     ssl_session_cache shared:SSL:10m;
>     ssl_session_timeout 10m;
>

I'm not an expert on Nginx configuration by any stretch of the imagination,
but have you tried putting these ssl_* lines down in the server {} section
that configures the HTTPS port rather than up here in the common http {}
section?  In my Nginx configuration I have all of those options located
with the section that configures HTTPS.

-Nick

Mime
View raw message