RE: Apache configuration for guacamole

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
Just checking, are you interested acquiring the list of attendees? Please respond my email. I'm waiting for your response.
Thank you.







-----Original Message-----
From: Dan Nessett <dnessett@xxxxxxxxx.INVALID> 
Sent: Tuesday, December 20, 2022 6:17 AM
To: users@xxxxxxxxxxxxxxxx
Subject:  Apache configuration for guacamole

I am attempting to get guacamole working with apache. I have been working with the guacamole users, but they now tell me that I have an apache2 configuration problem. So, I am trying to get some help from apache2 users.

The set up I have is a small network behind a firewall/NAT router (running pfsense). HTTPS requests go to an external address and non-standard port that the router converts using NAT to an internal address and standard port for HTTPS (443). The local machine servicing requests to this internal address/port pair runs SSLH, which is a SSH/HTTPS protocol multiplexor. The SSLH daemon parses the first part of each protocol packet and decides to forward it to either the sshd daemon or the installed apache web server. In the latter case it sends to port 4443, on which apache is listening. I know this works, since I can login to the machine via ssh from an external address and HTTPS requests to the configured virtual machine display properly, e.g., https://<machine dns name>:<external port that NAT translates to 443>/phpinfo.php 

The problem occurs when I attempt to access guacamole with an HTTPS request of: https://<machine dns name>:<external port that NAT translates to 443>/guacamole. This does not work. The file 000-default.conf in /etc/apache/sites-enabled is:

# Comment out the port 80 virtual host block

<IfDefine IgnoreBlockComment>
<VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf </VirtualHost> </IfDefine>

<VirtualHost *:4443>
        ServerName <machine dns name>
        DocumentRoot /mnt/raid5/webserver/sites/MOserver
	Header always unset X-Frame-Options

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	<Location /guacamole/>
	 Order allow,deny
	 Allow from all
	 ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
	 ProxyPassReverse http://127.0.0.1:8080/guacamole/
	</Location>

        <Location /websocket-tunnel>
          Order allow,deny
          Allow from all
          #Require all granted
          ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
          ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
        </Location>

	SSLEngine on
	SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
	SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Since web page URLs work properly, the only thing I can imagine is causing a problem are the two <Location> blocks that contain ProxyPass and ProxyPassReverse entries. I am completely unfamilar with these and would appreciate some help with the apache2 configuration that is supposed to enable guacamole communication.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux