guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paulo Gonçalves <pafgoncal...@ipc.pt>
Subject Re: Newbie Question : Guacamole with HTTPS
Date Fri, 22 Feb 2019 10:23:49 GMT
You are configuring apache to use "http" and tomcat to listen for
"https". 

You should remove the following parts and maybe change the port number
(in apache you have 8080 not 8443) to use "http" on tomcat.

<Connector port="8443"
protocol="org.apache.coyote.http11.Http11Protocol" 
               maxThreads="150" SSLEnabled="true" scheme="https"
secure="true" 
               clientAuth="false" sslProtocol="TLS" 
         /> 

Or you can change apache to use "https" and adjust the port. 

You also need to "proxy" the websocket in apache: 

<Location /guacamole/websocket-tunnel>
   ProxyPass ws://192.168.1.2:8080/guacamole/websocket-tunnel
   ProxyPassReverse ws://192.168.1.2:8080/guacamole/websocket-tunnel
</Location> 
---

 		Paulo Alexandre Figueiredo Gonçalves

 		Departamento de Tecnologias de Informação e Comunicação (DTIC)

 		Email: pafgoncalves@ipc.pt | Voip: 301103

 		 Serviços Centrais

 		Rua da Misericórdia, Lagar dos Cortiços - S. Martinho do Bispo,
3045-093 Coimbra

 		Tel.: +351 239 791 250

 		Site:www.ipc.pt [1] | E-mail:ipc@ipc.pt

A 2019-02-22 09:49, Nick Couchman escreveu:

> On Fri, Feb 22, 2019 at 4:04 AM Kamal Ezzaki <kamalezzaki1@gmail.com> wrote: 
> 
>> Hello, I m using Guacamole1.0.0 in centos 7, I Read the Configuration Page about
Proxing Guacamole , i m using tomcat and i did added this Configuration : 
>> vi /etc/guacamole/apache.conf 
>> 
>> <Location /guacamole/> 
>> Order allow,deny 
>> Allow from all 
>> ProxyPass http://192.168.1.2:8080/guacamole/ flushpackets=on 
>> ProxyPassReverse http://192.168.1.2:8080/guacamole/ 
>> </Location> 
>> 
>> vi /etc/tomcat/server.xml 
>> 
>> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" 
>> maxThreads="150" SSLEnabled="true" scheme="https" secure="true" 
>> clientAuth="false" sslProtocol="TLS" 
>> /> 
>> 
>> and than restart tomcat and restart guacd and when i try https://192.168.1.2:8443/
 give me innacessible
> 
> You don't need to restart guacd, you need to restart Tomcat.  Guacamole has two distinct
components, Guacamole Server (guacd), which listens on port 4822, and Guacamole Client, which
runs in Tomcat.  Guacamole Client presents the Web interface in Tomcat, and connects to Guacamole
server (guacd).  The configuration you're changing above is the Tomcat configuration, so you
need to restart Tomcat. 
> 
> Also, check and see if there is a firewall running on your system - if so, you'll need
to open port 8443 on the firewall. 
> 
> Finally, while you can do TLS (HTTPS) support directly in Tomcat, most people don't -
most people use a reverse proxy of some sort (httpd, nginx) to front the Tomcat configuration.
 There are a wide variety of reasons for this - one of them is that you normally cannot run
Tomcat on a port lower than 1024 (like 443) under a non-root account, and running Tomcat as
root is a really bad idea.  Instructions for proxying Guacamole Client behind httpd and nginx
can be found in the manual: 
> 
> http://guacamole.apache.org/doc/gug/proxying-guacamole.html 
> 
> -Nick
 

Links:
------
[1] http://www.ipc.pt
Mime
View raw message