Hi,
I have guacamole setup on Ubuntu 18.04. The client is installed on Tomcat 8
and it is behind nginx proxy. SSL is enable don Nginx. The steps followed
for Tomcat 8 and nginx are same as per guacamole documentation. The problem
i am facing is that the Session and Thread information for user guacamole
sessions is not reflecting in Tomcat 8 manager
application(localhost:8080/manager). My nginx.conf looks like
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript
text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
my nginx-guacamole-ssl looks like:
server {
listen 80;
server_name xxx.xxxxx.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name xxx.xxxx.com;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
ssl_certificate /etc/guacamole_source/SSL_Cert/__xxxx_com.crt;
ssl_certificate_key /etc/guacamole_source/SSL_Cert/xxxx.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers
ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
resolver 192.168.42.129 8.8.8.8 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains;
preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
access_log /var/log/nginx/guac_access.log;
error_log /var/log/nginx/guac_error.log;
location /guacamole/ {
proxy_pass http://127.0.0.1:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
}
Have i missed anything?
Thanks
--
**Disclaimer:* This message and any attachment may contain confidential,
proprietary information and is intended only for the individual named. If
you are not the original intended recipient and have erroneously received
this message, you should not disseminate, distribute or copy this e-mail.
Please notify the sender immediately by e-mail if you have received this
e-mail by mistake and delete this e-mail from your system. Hitachi MGRM Net
E-mail transmission cannot be guaranteed to be secure or error-free as
information could be intercepted, corrupted, lost, destroyed, arrive late
or incomplete, or contain viruses. Hitachi MGRM Net therefore does not
accept liability for any errors or omissions in the contents of this
message, which arise as a result of e-mail transmission. If verification is
required, please request a hard-copy version. Hitachi MGRM Net Ltd, C -
6/5, Safdarjung Development Area, New Delhi - 110016, India*
*
*
*'Please
consider the environment before printing this e-mail'.*
