My guess is that you didn’t turn off proxy buffering.
This nginx config I’m using complete with SSL and “all the bells and whistles”
(gets an A+ on Qualys scans) and seems to be holding quite ok so far. Hope it
helps.
The X-GUASRV header is just so I can know for sure which server I'm hitting if
I need to debug/trace anything.
server {
listen 443 ssl http2;
client_max_body_size 10000M;
ssl on;
ssl_certificate /etc/nginx/ssl/aram.crt;
ssl_certificate_key /etc/nginx/ssl/aram-dec.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
# certs sent to the client in SERVER HELLO are concatenated in
ssl_certificate
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;
# modern configuration. tweak to your needs.
ssl_ciphers
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:RSA+AESGCM:!aNULL:!eNULL:!LOW:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
ssl_session_cache shared:TLS:2m;
ssl_ecdh_curve secp384r1;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 valid=300s;
resolver_timeout 5s;
root /var/www/html;
index index.php index.html index.htm;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains;
preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
access_log /var/log/nginx/guac_access.log;
error_log /var/log/nginx/guac_error.log;
location /guacamole/ {
proxy_pass http://127.0.0.1:8080/guacamole/;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_cookie_path /guacamole/ /;
add_header X-GUASRV 12;
}
}
> On 10 Aug 2020, at 23:36, timeshredder <[email protected]> wrote:
>
> I'm not sure exactly what is going on, but I have been able to get *most of
> guacamole working. MySQL (mariaDB) authentication, reverse proxy via nginx,
> etc. But I have one issue that is vexing me at this point, I am unable to
> upload any file bigger than a few bytes. When a 4 byte file succeeds, the
> ouput is given below:
> <http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t1471/guacamole_my_sql_file_upload_success_a.png>
>
>
> But if I try any file even slightly larger, it fails:
> In the log /var/log/syslog, I am getting a message (unable to open file
> "filename")
> <http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/file/t1471/guacamole_my_sql_file_upload_unsuccessful_a.png>
>
>
> I am running Ubuntu 20.04 with 1.2.0 which brings up another question
> because my guacamole installation reports version 1.1.0 (in the lower right
> hand corner of web login) but I installed from the 1.2.0 source from:
> https://downloads.apache.org/guacamole/1.2.0/source/guacamole-server-1.2.0.tar.gz
>
> I figured it might be a limit in /etc/nginx/nginx.conf
> but I changed to:
> client_max_body size 100M;
>
> I also changed the relevant portions of and added the same line there
> /etc/nginx/sites-available/default
> /etc/nginx/sites-available/nginx-guacamole-ssl
>
> Finally, I also changed a limit in:
> /var/lib/tomcat9/webapps/guacamole/WEB-INF/web.xml
> <multipart-config>
> <max-file-size>104857600</max-file-size>
> <max-request-size>104857600</max-request-size>
> </multipart-config>
>
> But it doesn't seem to be helping.
>
>
>
> --
> Sent from:
> http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
