it's fine now i set up i reverse proxy nginx and the https work perfect and for anyone wanna know how i just followed this tuto : https://www.digitalocean.com/community/tutorials/how-to-encrypt-tomcat-8-connections-with-apache-or-nginx-on-centos-7
<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Garanti sans virus. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2> Le ven. 22 févr. 2019 à 11:24, Paulo Gonçalves <[email protected]> a écrit : > You are configuring apache to use "http" and tomcat to listen for "https". > > You should remove the following parts and maybe change the port number (in > apache you have 8080 not 8443) to use "http" on tomcat. > <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" > maxThreads="150" SSLEnabled="true" scheme="https" > secure="true" > clientAuth="false" sslProtocol="TLS" > /> > > Or you can change apache to use "https" and adjust the port. > > You also need to "proxy" the websocket in apache: > > <Location /guacamole/websocket-tunnel> > ProxyPass ws://192.168.1.2:8080/guacamole/websocket-tunnel > ProxyPassReverse ws://192.168.1.2:8080/guacamole/websocket-tunnel > </Location> > --- > Paulo Alexandre Figueiredo Gonçalves > Departamento de Tecnologias de Informação e Comunicação (DTIC) > > Email: [email protected] | Voip: 301103 > > [image: Logo_IPC] Serviços Centrais > Rua da Misericórdia, Lagar dos Cortiços - S. Martinho do Bispo, 3045-093 > Coimbra > Tel.: +351 239 791 250 > Site:www.ipc.pt | E-mail:[email protected] > > > A 2019-02-22 09:49, Nick Couchman escreveu: > > On Fri, Feb 22, 2019 at 4:04 AM Kamal Ezzaki <[email protected]> > wrote: > >> Hello, I m using Guacamole1.0.0 in centos 7, I Read the Configuration >> Page about Proxing Guacamole , i m using tomcat and i did added this >> Configuration : >> >> vi /etc/guacamole/apache.conf >> >> <Location /guacamole/> >> Order allow,deny >> Allow from all >> ProxyPass http://192.168.1.2:8080/guacamole/ flushpackets=on >> ProxyPassReverse http://192.168.1.2:8080/guacamole/ >> </Location> >> >> vi /etc/tomcat/server.xml >> >> <Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol" >> maxThreads="150" SSLEnabled="true" scheme="https" >> secure="true" >> clientAuth="false" sslProtocol="TLS" >> /> >> >> and than restart tomcat and restart guacd and when i try >> https://192.168.1.2:8443/ give me innacessible >> >> > > You don't need to restart guacd, you need to restart Tomcat. Guacamole > has two distinct components, Guacamole Server (guacd), which listens on > port 4822, and Guacamole Client, which runs in Tomcat. Guacamole Client > presents the Web interface in Tomcat, and connects to Guacamole server > (guacd). The configuration you're changing above is the Tomcat > configuration, so you need to restart Tomcat. > > Also, check and see if there is a firewall running on your system - if so, > you'll need to open port 8443 on the firewall. > > Finally, while you can do TLS (HTTPS) support directly in Tomcat, most > people don't - most people use a reverse proxy of some sort (httpd, nginx) > to front the Tomcat configuration. There are a wide variety of reasons for > this - one of them is that you normally cannot run Tomcat on a port lower > than 1024 (like 443) under a non-root account, and running Tomcat as root > is a really bad idea. Instructions for proxying Guacamole Client behind > httpd and nginx can be found in the manual: > > http://guacamole.apache.org/doc/gug/proxying-guacamole.html > > -Nick > > -- *EZZAKI Kamal* *Élève** ingénieur en **Administration Réseaux et **Systèmes* *à l'ENSEM* *Tél : +212 6 81 78 28 64* *Email : [email protected] <[email protected]>* <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Garanti sans virus. www.avast.com <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
