guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Lawson <>
Subject Guac Access Over HTTPS w/ NGINX Reverse Proxy
Date Mon, 03 Dec 2018 00:51:27 GMT
I'm struggling to set up access to guacamole with a secured connection
outside my home (local, internal) network.  I can login over http within my
home network.  I can login using https from within my home network.  I can
also log in from outside my home network over http.  I can even SSH into my
home server.

However, I cannot figure out how to reach the guacamole login page from
outside my home network over a secure connection.  When I try, I receive an
error message. FF, for instance, indicates that 'SSL received a record that
exceeded the maximum permissible length.'  Apparently, that means I've
mis-configured something, but I have not been able to figure out what.

If someone would be kind enough to point out where I've gone wrong in my
setup, I would greatly appreciate it.

Best regards,


My nginx config file:
worker_processes  auto;

events {
    worker_connections  1024;

http {
    include       mime.types;
    default_type  application/octet-stream;
    include /etc/nginx/conf.d/*.conf;
    server_tokens off;
    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
    ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    ssl_protocols       TLSv1.1 TLSv1.2;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    sendfile        on;

    keepalive_timeout  75;

    #gzip  on;

My server config file located in /etc/nginx/conf.d/

server {
        listen          80;
        server_name     localhost
        return 301 https://localhost$request_uri;
    server {
        listen  443 ssl http2; # default_server;
        listen  [::]:443 ssl http2; # default_server;
        server_name     localhost;
        root /var/www/; # root placeholder
        index index.html;

        location /guacamole/ {
                proxy_pass http://localhost:8080/guacamole/;
                proxy_buffering off;
                proxy_http_version 1.1;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection $http_connection;
                access_log off;
#               proxy_redirect http://localhost:8080/guacamole/
https://localhost:8080/guacamole/; # no noticeable effect;

        gzip on;
        gzip_comp_level 3;
        gzip_types text/plain text/css application/javascript image/*;

View raw message