On Fri, Feb 22, 2019 at 4:04 AM Kamal Ezzaki <[email protected]> wrote:
> Hello, I m using Guacamole1.0.0 in centos 7, I Read the Configuration Page > about Proxing Guacamole , i m using tomcat and i did added this > Configuration : > > vi /etc/guacamole/apache.conf > > <Location /guacamole/> > Order allow,deny > Allow from all > ProxyPass http://192.168.1.2:8080/guacamole/ flushpackets=on > ProxyPassReverse http://192.168.1.2:8080/guacamole/ > </Location> > > vi /etc/tomcat/server.xml > > <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" > maxThreads="150" SSLEnabled="true" scheme="https" > secure="true" > clientAuth="false" sslProtocol="TLS" > /> > > and than restart tomcat and restart guacd and when i try > https://192.168.1.2:8443/ give me innacessible > > You don't need to restart guacd, you need to restart Tomcat. Guacamole has two distinct components, Guacamole Server (guacd), which listens on port 4822, and Guacamole Client, which runs in Tomcat. Guacamole Client presents the Web interface in Tomcat, and connects to Guacamole server (guacd). The configuration you're changing above is the Tomcat configuration, so you need to restart Tomcat. Also, check and see if there is a firewall running on your system - if so, you'll need to open port 8443 on the firewall. Finally, while you can do TLS (HTTPS) support directly in Tomcat, most people don't - most people use a reverse proxy of some sort (httpd, nginx) to front the Tomcat configuration. There are a wide variety of reasons for this - one of them is that you normally cannot run Tomcat on a port lower than 1024 (like 443) under a non-root account, and running Tomcat as root is a really bad idea. Instructions for proxying Guacamole Client behind httpd and nginx can be found in the manual: http://guacamole.apache.org/doc/gug/proxying-guacamole.html -Nick >
