Odd that my text wasn't there. I used the raw text tags to display it
originally, the text is below.
I found the cause but wanted to update the post to keep it whole. Nothing
worse than finding a thread with the same issue you're having just to see it
end with "It's working now, thanks." and no information about the solution.
:)
After following your suggestion to connect to the site directly without the
proxy, I couldn't connect. Under the connection protocol for port 8443 I had
set the address to 127.0.0.1 to limit 8443 connection to only the local
host. I didn't want anyone to be able to bypass the proxy server and limit
the ports our vulnerability scanner would scan. Basally I forgot I made that
change. I changed address to the IP of the server and now connections are
being made.
I'd still like to lock it down but if i can't, then i can't. Next on my list
is getting communication to guacd to use ssl.
Thank you for your help.
Paul
Missing text from original post.
/var/log/tomcat8/catalina.out
05:25:41.637 [https-openssl-nio-127.0.0.1-8443-exec-7] INFO
o.a.g.tunnel.TunnelRequestService - User "proy" connected to connection
"30".
05:25:41.638 [https-openssl-nio-127.0.0.1-8443-exec-7] INFO
o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not
WebSocket). Performance may be sub-optimal.
05:26:05.327 [https-openssl-nio-127.0.0.1-8443-exec-1] INFO
o.a.g.tunnel.TunnelRequestService - User "proy" disconnected from connection
"30". Duration: 23689 milliseconds
05:26:05.334 [https-openssl-nio-127.0.0.1-8443-exec-1] ERROR
o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Connection
to guacd timed out.
My setup is apache proxy to guacamole with https.
apache all port 80 traffic redirects to port 443.
<VirtualHost *:443>
ServerName mgmt03
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLEngine on
SSLProxyEngine On
SSLCertificateFile /etc/ssl/certs/mgmt03.crt
SSLCertificateKeyFile /etc/ssl/private/mgmt03.key
ProxyRequests Off
ProxyPreserveHost On
# ProxyPass / https://localhost:8443/
# ProxyPassReverse / https://localhost:8443/
<Location />
Order allow,deny
Allow from all
ProxyPass https://localhost:8443/guacamole/ flushpackets=on
ProxyPassReverse https://localhost:8443/guacamole/
ProxyPassReverseCookiePath /guacamole/ /
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://localhost:8443/guacamole/websocket-tunnel
ProxyPassReverse ws://localhost:8443/guacamole/websocket-tunnel
</Location>
<Location /phpmyadmin/>
ProxyPass !
</Location>
</VirtualHost>
tomcat8 conf 443 and reverse proxy
<Connector port="8443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
address="127.0.0.1"
maxThreads="150" SSLEnabled="true"
compression="on" scheme="https" secure="true"
keystoreFile="conf/ssl.guac.keystore"
keystoreType="JCEKS"
keystorePass="XXXXXXXXXXXX"
truststoreFile="conf/ssl.guac.truststore"
truststorePass="XXXXXXXXXXXX"
truststoreType="JCEKS"
SSLVerifyClient= "none" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2,TLSv1.1"
URIEncoding="UTF-8"
/>
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
Broswer in developer mode tunnel error
Error during WebSocket handshake: Unexpected response code: 400
--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
