Hello,
I make my first steps with guacamole and it's great! Locally it's working
perfectly.
Now I try to expose it to the internet in order to use it remotely.
So I configured apache as an reverse proxy. That works fine so far, but I'm
not able to start any session.
Logging to the web interface works fine. But as soon as I start an rdp
session or ssh session they don't work.
Locally they work.
Here's my apache config:
<VirtualHost *:443>
DocumentRoot /var/www/vpn.somedom.com
ServerAdmin webmaster@localhost
ErrorLog /var/log/apache2/vpn.somedom.com_error.log
CustomLog /var/log/apache2/vpn.somedom.com_access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =roundcube.somedom.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI}
<https://%25%7bSERVER_NAME%7d%25%7bREQUEST_URI%7d> [END,NE,R=permanent]
SSLEngine on
SSLProxyEngine on
<Directory "/var/www/vpn.somedom.com">
allow from all
Options None
Require all granted
</Directory>
ServerName vpn.somedom.com
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://localhost:8080/guacamole/
flushpackets=on
ProxyPassReverse http://localhost:8080/guacamole/
</Location>
<Location /guacamole/websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel
</Location>
Header always unset X-Frame-Options
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/vpn.somedom.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/vpn.somedom.com/privkey.pem
</VirtualHost>
This what I see in the logs: (ssh)
Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2]
INFO o.a.g.tunnel.TunnelRequestService - User "xxx" connected to connection
"xxx".
Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2]
INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel
(not WebSocket). Performance may be sub-optimal.
And RDP
Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.393 [http-nio-8080-exec-6]
INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is
"/etc/guacamole".
Okt 22 23:57:35 webmail01 guacd[1536]: Creating new client for protocol
"rdp"
Okt 22 23:57:35 webmail01 guacd[1536]: Connection ID is
"$be247aff-2218-4279-8aa6-fda852e6a056"
Okt 22 23:57:35 webmail01 guacd[1740]: No security mode specified.
Defaulting to security mode negotiation with server.
Okt 22 23:57:35 webmail01 guacd[1740]: Resize method: none
Okt 22 23:57:35 webmail01 guacd[1740]: User
"@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" joined connection
"$be247aff-2218-4279-8aa6-fda852e6a056" (1 users now present)
Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6]
INFO o.a.g.tunnel.TunnelRequestService - User "dlaurenz" connected to
connection "JD01".
Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6]
INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel
(not WebSocket). Performance may be sub-optimal.
Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "base"
Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "de-de-qwertz"
Okt 22 23:57:35 webmail01 guacd[1740]: Connected to RDPDR 1.13 as client
0x0003
Okt 22 23:58:07 webmail01 guacd[1740]: RDP server closed connection:
Manually logged off.
Okt 22 23:58:07 webmail01 guacd[1740]: Internal RDP client disconnected
Okt 22 23:58:08 webmail01 guacd[1740]: User
"@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" disconnected (0 users remain)
Okt 22 23:58:08 webmail01 guacd[1740]: Last user of connection
"$be247aff-2218-4279-8aa6-fda852e6a056" disconnected
Okt 22 23:58:08 webmail01 guacd[1536]: Connection
"$be247aff-2218-4279-8aa6-fda852e6a056" removed.
Okt 22 23:58:09 webmail01 tomcat9[1543]: 23:58:09.055 [http-nio-8080-exec-9]
INFO o.a.g.tunnel.TunnelRequestService - User "dlaurenz" disconnected from
connection "JD01". Duration: 33605 milliseconds
Okt 22 23:58:09 webmail01 tomcat9[1543]: 23:58:09.215
[http-nio-8080-exec-10] WARN o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP
tunnel request rejected: No such tunnel.
Okt 22 23:58:09 webmail01 tomcat9[1543]: 23:58:09.284 [http-nio-8080-exec-4]
WARN o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: No
such tunnel.
What I see in the webinterface is:
Connection Disconnected.. And then I can retry
What am I missing?
Regards, Dirk
