Re: New user, Debian HowTo, some suggestions
On Thu, Feb 1, 2018 at 3:36 PM, Fabián Rodríguezwrote: > Hello, > > Many thanks for this software, it's proving very useful and I am happy I > was able to replace other similar proprietary software in a particular > situation I was dealing with. > > I'd like to suggest some improvements, I preferred no to use the bug > tracker yet for this. Here is my short list: > Yeah, but if you have requests for improvements, they should go into JIRA. > >- In Settings > Users > $USER > Permissions, I'd like to be able to >set two extra permissions: >- access sessions History tab > - access Active Sessions tab > > Can you explain why you think it is useful to have these as separate permissions? I guess I can see this for auditing, perhaps, if you want users that have the ability to only audit connections and connection history, but I'm curious what your use-case is. > >- When using the filter to find connections, I'd like to see which >Group they belong to (if any). Sometimes I have connections with the same >name in different groups, the current filtering results don't show group >membership > > That's because the idea of "groups" is not implemented at all in Guacamole right now. There is a current JIRA issue, already, for adding groups to Guacamole. See: https://issues.apache.org/jira/browse/GUACAMOLE-220 > >- Timezone for each user should be the same as the server's by default >(or have an option to use the same as the server's) >- When clicking on a group checkbox, the selection should also include >all members of the group, either checking or unchecking all boxes. I have >some large groups (40+ connections) and it would be faster to be able to >include/exclude all connections in any given group. > > This also already has a JIRA issue - I'm not sure that I agree that checking a top-level box should result in all children being checked - there are situations where you want to, for example, assign permissions to a user to access a connection group (load-balanced, maybe) but not give them any access to the underlying connections. I do agree that there needs to be a way to select all children more easily than you can right now. See: https://issues.apache.org/jira/browse/GUACAMOLE-181 >- Selecting a connection in a group is not enough to give access, the >group also needs to be checked which is not obvious (perhaps it should be >automatic) > > This depends on what you're trying to do, but see the point above. This behavior is intentional. > > > My recent setup of Guacamole on a Debian server wasn't easy as the > packages are outdated and some manual configuration was required. > > I've shared my notes for Debian server installation here if anyone is > interested: > > https://wiki.debian.org/Guacamole > Cool :-). -Nick
New user, Debian HowTo, some suggestions
Hello, Many thanks for this software, it's proving very useful and I am happy I was able to replace other similar proprietary software in a particular situation I was dealing with. I'd like to suggest some improvements, I preferred no to use the bug tracker yet for this. Here is my short list: * In Settings > Users > $USER > Permissions, I'd like to be able to set two extra permissions: o access sessions History tab o access Active Sessions tab * When using the filter to find connections, I'd like to see which Group they belong to (if any). Sometimes I have connections with the same name in different groups, the current filtering results don't show group membership * Timezone for each user should be the same as the server's by default (or have an option to use the same as the server's) * When clicking on a group checkbox, the selection should also include all members of the group, either checking or unchecking all boxes. I have some large groups (40+ connections) and it would be faster to be able to include/exclude all connections in any given group. * Selecting a connection in a group is not enough to give access, the group also needs to be checked which is not obvious (perhaps it should be automatic) My recent setup of Guacamole on a Debian server wasn't easy as the packages are outdated and some manual configuration was required. I've shared my notes for Debian server installation here if anyone is interested: https://wiki.debian.org/Guacamole Any comments for improvement are most welcome. The goal was to use as much as Debian provides in terms of official packages and long term use (and support). I took the opportunity to file a few bug reports in Debian. Cheers, F. -- Fabián Rodríguez http://debian.magicfab.ca
Re: guacamole behind haproxy
On Thu, Feb 1, 2018 at 7:06 AM, StephenDartwrote: > Has anyone got a successful config for haproxy to enable guacamole > I have a haproxy instance doing ssl offload and reverse proxy, passsing > /guacamole to the server at x.x.x.x:8080/guacamole > I can get to the login page and login successfully, but when presenting a > session, it will produce a 404 after the session is created and a few > tunnel > reads, then the session will disconnect. > > If directly connected to the guacamole server (bypassing haproxy), i can > successfully get a session and it is maintained, so something within > haproxy > is I presume timing the session out. > Does anyone run haproxy in front of guacamole and have a config they can > share or suggest what options are required to allow guacamole to work > successfully? > > I have tried using 0.9.13 and 0.9.14 of guacamole > Haproxy i have tried 1.6 and 1.7 > with options: > http-server-close > timeout tunnel 3600s > timeout connect 300s > timeout client 300s > You might want to post your full HAProxy configuration; however, it's important to keep in mind that HTTP is a stateless protocol. So, no matter what your timeout options, here, if you don't configure HAProxy for persistence or session stickiness, each HTTP connection that the web browser makes has the potential to get redirected to a different back-end server. This is likely the reason that you're seeing weird behavior, like the 404 errors and such, because the initial request gets forwarded to one back-end server, then the follow-up requests move on to other servers. This is probably more a question for the HAProxy forums, but I believe HAProxy supports hash tables of various types that can (attempt to) keep track of the client and make sure that the requests from the client go on to the same back-end server. Because Guacamole Client does not currently implement any session tracking across multiple Tomcat instances or servers, you'll need to configure HAProxy appropriately. -Nick
guacamole behind haproxy
Has anyone got a successful config for haproxy to enable guacamole I have a haproxy instance doing ssl offload and reverse proxy, passsing /guacamole to the server at x.x.x.x:8080/guacamole I can get to the login page and login successfully, but when presenting a session, it will produce a 404 after the session is created and a few tunnel reads, then the session will disconnect. If directly connected to the guacamole server (bypassing haproxy), i can successfully get a session and it is maintained, so something within haproxy is I presume timing the session out. Does anyone run haproxy in front of guacamole and have a config they can share or suggest what options are required to allow guacamole to work successfully? I have tried using 0.9.13 and 0.9.14 of guacamole Haproxy i have tried 1.6 and 1.7 with options: http-server-close timeout tunnel 3600s timeout connect 300s timeout client 300s 200 https://DOMAIN/guacamole/tunnel?connect 200 https://DOMAIN/guacamole/tunnel?read:3b0980ce-262f-4c21-a30e-76e7a2ad4f94:0 200 https://DOMAIN/guacamole/api/session/tunnels/3b0980ce-262f-4c21-a30e-76e7a2ad4f94/activeConnection/connection/sharingProfiles?token=9861B2605E85032EFA752E4EDAEC47DA8C3570E07FF9D3CD6AD92B2C2AF07309 200 https://DOMAIN/guacamole/tunnel?read:3b0980ce-262f-4c21-a30e-76e7a2ad4f94:1 *404 https://DOMAIN/guacamole/tunnel?write:3b0980ce-262f-4c21-a30e-76e7a2ad4f94* 200 https://DOMAIN/guacamole/api/tokens -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/