guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Couchman <>
Subject Re: Newbie Question : Guacamole with HTTPS
Date Fri, 22 Feb 2019 09:49:24 GMT
On Fri, Feb 22, 2019 at 4:04 AM Kamal Ezzaki <> wrote:

> Hello, I m using Guacamole1.0.0 in centos 7, I Read the Configuration Page
> about Proxing Guacamole , i m using tomcat and i did added this
> Configuration :
> vi /etc/guacamole/apache.conf
> <Location /guacamole/>
>     Order allow,deny
>     Allow from all
>     ProxyPass flushpackets=on
>     ProxyPassReverse
> </Location>
> vi /etc/tomcat/server.xml
> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
>                maxThreads="150" SSLEnabled="true" scheme="https"
> secure="true"
>                clientAuth="false" sslProtocol="TLS"
>          />
> and than restart tomcat and restart guacd and when i try
>  give me innacessible
You don't need to restart guacd, you need to restart Tomcat.  Guacamole has
two distinct components, Guacamole Server (guacd), which listens on port
4822, and Guacamole Client, which runs in Tomcat.  Guacamole Client
presents the Web interface in Tomcat, and connects to Guacamole server
(guacd).  The configuration you're changing above is the Tomcat
configuration, so you need to restart Tomcat.

Also, check and see if there is a firewall running on your system - if so,
you'll need to open port 8443 on the firewall.

Finally, while you can do TLS (HTTPS) support directly in Tomcat, most
people don't - most people use a reverse proxy of some sort (httpd, nginx)
to front the Tomcat configuration.  There are a wide variety of reasons for
this - one of them is that you normally cannot run Tomcat on a port lower
than 1024 (like 443) under a non-root account, and running Tomcat as root
is a really bad idea.  Instructions for proxying Guacamole Client behind
httpd and nginx can be found in the manual:



View raw message