guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ivanmarcus <ivanmar...@yahoo.com>
Subject Re: Guac Access Over HTTPS w/ NGINX Reverse Proxy
Date Mon, 03 Dec 2018 02:35:10 GMT
Matthew,

It's possible your edge router isn't correctly set up. Typically you'd 
want external port 443 to resolve to the internal ip number of your 
Nginx instance on port 443.

If your router is translating the external https request (eg 443) to 
internal http (eg 80) then you may get the message you have.

Wireshark or similar may also be of some use in tracing what's happening 
internally when an external request is made...


On 3/12/2018 1:51 p.m., Matthew Lawson wrote:
> I'm struggling to set up access to guacamole with a secured connection 
> outside my home (local, internal) network.  I can login over http 
> within my home network.  I can login using https from within my home 
> network.  I can also log in from outside my home network over http.  I 
> can even SSH into my home server.
>
> However, I cannot figure out how to reach the guacamole login page 
> from outside my home network over a secure connection.  When I try, I 
> receive an error message. FF, for instance, indicates that 'SSL 
> received a record that exceeded the maximum permissible length.'  
> Apparently, that means I've mis-configured something, but I have not 
> been able to figure out what.
>
> If someone would be kind enough to point out where I've gone wrong in 
> my setup, I would greatly appreciate it.
>
> Best regards,
>
> ~ML
>
>
>
> My nginx config file:
> worker_processes  auto;
>
> events {
>     worker_connections  1024;
> }
>
> http {
>     include       mime.types;
>     default_type  application/octet-stream;
>     include /etc/nginx/conf.d/*.conf;
>     server_tokens off;
>     ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
>     ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
>     ssl_ciphers  EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
>     ssl_protocols       TLSv1.1 TLSv1.2;
>     ssl_dhparam /etc/ssl/certs/dhparam.pem;
>     ssl_session_cache shared:SSL:10m;
>     ssl_session_timeout 10m;
>
>     sendfile        on;
>
>     keepalive_timeout  75;
>
>     #gzip  on;
> }
>
>
> My server config file located in /etc/nginx/conf.d/
>
> server {
>         listen          80;
>         server_name     localhost
> myDomainName.com
>                                   ;
>         return 301 https://localhost$request_uri;
> }
>     server {
>         listen  443 ssl http2; # default_server;
>         listen  [::]:443 ssl http2; # default_server;
>         server_name     localhost;
>         root /var/www/example.com <http://example.com>; # root placeholder
>         index index.html;
>
>         location /guacamole/ {
>                 proxy_pass http://localhost:8080/guacamole/;
>                 proxy_buffering off;
>                 proxy_http_version 1.1;
>                 proxy_set_header X-Forwarded-For 
> $proxy_add_x_forwarded_for;
>                 proxy_set_header Upgrade $http_upgrade;
>               proxy_set_header Connection $http_connection;
>                 access_log off;
> #               proxy_redirect http://localhost:8080/guacamole/ 
> https://localhost:8080/guacamole/; # no noticeable effect;
>         }
>
>         gzip on;
>         gzip_comp_level 3;
>         gzip_types text/plain text/css application/javascript image/*;
> }
>


Mime
View raw message