[
https://issues.apache.org/jira/browse/GUACAMOLE-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16164106#comment-16164106
]
Richard Gallamore commented on GUACAMOLE-379:
---------------------------------------------
Ah, yeah I failed to mention that, when guacd is started in trace log_level,
there are no errors provided.
I actually finally wised up and checked the browser console and noticed I am
receiving http error 413. Guacamole is also running on tomcat8 behind nginx
which I suspect must be the issue. I am using the following configuration:
{code:java}
http {
include mime.types;
types {
text/plain log;
}
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# don't send the nginx version number in error pages and Server header
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_ciphers
"EECDH+AES256GCM:EDH+AES256GCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve P-521:P-384;
ssl_dhparam /usr/local/etc/ssl/keys/dhparams_4096.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver private 8.8.8.8 8.8.4.4;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains;
preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
server {
listen 80;
# listen [::]:80;
server_name private.com;
return 301 https://$host$request_uri;
}
server {
listen 443 default_server ssl http2;
# listen [::]:443 default_server ssl http2;
server_name www.private.com;
root /usr/local/www/nginx;
index index.php index.htm index.html;
ssl_certificate omitted;
ssl_certificate_key omitted;
ssl_trusted_certificate omitted;
error_page 500 502 503 504 /50x.html;
location = 50x.html {
root /usr/local/www/nginx-dist;
}
...REMOVED more irrelevant code...
location /guacamole {
add_header X-Frame-Options "";
# proxy_set_header X-Forwarded-Host $host:$server_port;
# proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass http://private:8080/guacamole;
proxy_buffering off;
proxy_http_version 1.1;
access_log off;
}
}
}
{code}
> SFTP put requests fail on rdp and SFTP server
> ---------------------------------------------
>
> Key: GUACAMOLE-379
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-379
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole
> Affects Versions: 0.9.13-incubating
> Environment: FreeBSD Current r323109 using 11-STABLE r323103 user
> land. ZFS file system.
> Reporter: Richard Gallamore
>
> Currently I have attempted to use SFTP with a few different configurations.
> Most if not 90% of all the configurations I have attempted fail with:
> {quote}
> You do not have permission to upload this file. If you require access, please
> check your system settings, or check with your system administrator.
> {quote}
> sshd_config: all defaults with this conditional
> {code:none}
> Match User guacamole
> ChrootDirectory /home/guacamole
> X11Forwarding no
> AllowTcpForwarding no
> ForceCommand internal-sftp
> AuthenticationMethods publickey #,keyboard-interactive # using both Methods
> will fail
> {code}
> This is not a permissions issue,
> {code:none}
> # ls /home/guacamole/home/guacamole
> # echo "put -p /home/guacamole/a /home/guacamole" | sftp -P22
> [email protected]
>
> Enter passphrase for key '/root/.ssh/id_rsa':
>
>
>
> Connected to private.com.
>
>
>
> sftp> put -p /home/guacamole/a /home/guacamole
>
>
>
> Uploading /home/guacamole/a to /home/guacamole/a
>
>
>
> /home/guacamole/a
> # ls /home/guacamole/home/guacamole
> a
> {code}
> Have also tested using rdp drive option and received mostly the same results.
> Randomly it will work on some files but I have not been able to figure out
> why. Does not seem to be related to filename or size.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
