Re: Guac Access Over HTTPS w/ NGINX Reverse Proxy

Mon, 03 Dec 2018 07:21:56 -0800 

In answer to your first question, I can reach the https nginx site
internally - in fact, the http site redirects to the https site.  I've not
tried to reach it from outside my home network, though.  I'll try after
work today.

With respect to your second question, I'm sure I've tried setting it up w/
the ssl_ portion in the in the server { } section b/c I've tried multiple
variations.  I can try again, though.  If it works, it would raise the
question of why https works internally, but not externally.

On Mon, Dec 3, 2018 at 7:46 AM Nick Couchman <[email protected]> wrote:

>
>
> On Sun, Dec 2, 2018 at 7:51 PM Matthew Lawson <[email protected]>
> wrote:
>
>> However, I cannot figure out how to reach the guacamole login page from
>> outside my home network over a secure connection.  When I try, I receive an
>> error message. FF, for instance, indicates that 'SSL received a record that
>> exceeded the maximum permissible length.'  Apparently, that means I've
>> mis-configured something, but I have not been able to figure out what.
>>
>
> Can  you reach any HTTPS page served by Nginx?  Or do they all display
> that error, regardless of whether you're trying to access Guacamole or not?
>
>
>>
>> If someone would be kind enough to point out where I've gone wrong in my
>> setup, I would greatly appreciate it.
>>
>> Best regards,
>>
>> ~ML
>>
>>
>>
>> My nginx config file:
>> worker_processes  auto;
>>
>> events {
>>     worker_connections  1024;
>> }
>>
>> http {
>>     include       mime.types;
>>     default_type  application/octet-stream;
>>     include /etc/nginx/conf.d/*.conf;
>>     server_tokens off;
>>     ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
>>     ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
>>     ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
>>     ssl_protocols       TLSv1.1 TLSv1.2;
>>     ssl_dhparam /etc/ssl/certs/dhparam.pem;
>>     ssl_session_cache shared:SSL:10m;
>>     ssl_session_timeout 10m;
>>
>
> I'm not an expert on Nginx configuration by any stretch of the
> imagination, but have you tried putting these ssl_* lines down in the
> server {} section that configures the HTTPS port rather than up here in the
> common http {} section?  In my Nginx configuration I have all of those
> options located with the section that configures HTTPS.
>
> -Nick
>

Reply via email to