My Setup is as follows
Webmail01 running tomcat with guacamole on port 8080 Apache 2 on same machine listening on 443…. Connecting to guacamole directly on port 8080, fine! Connecting to apache, not working Connecting directly to rdp client, working Von: Nick Couchman <[email protected]> Gesendet: Freitag, 23. Oktober 2020 14:26 An: [email protected] Betreff: Re: Guacamole and reverse Proxy On Thu, Oct 22, 2020 at 6:21 PM Dirk Laurenz <[email protected] <mailto:[email protected]> > wrote: Hello, I make my first steps with guacamole and it’s great! Locally it’s working perfectly. Now I try to expose it to the internet in order to use it remotely. So I configured apache as an reverse proxy. That works fine so far, but I’m not able to start any session. Logging to the web interface works fine. But as soon as I start an rdp session or ssh session they don’t work. Locally they work. Here’s my apache config: <VirtualHost *:443> DocumentRoot /var/www/vpn.somedom.com <http://vpn.somedom.com> ServerAdmin webmaster@localhost ErrorLog /var/log/apache2/vpn.somedom.com_error.log CustomLog /var/log/apache2/vpn.somedom.com_access.log combined RewriteEngine on RewriteCond %{SERVER_NAME} =roundcube.somedom.com <http://roundcube.somedom.com> RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} <https://%25%7bSERVER_NAME%7d%25%7bREQUEST_URI%7d> [END,NE,R=permanent] SSLEngine on SSLProxyEngine on <Directory "/var/www/vpn.somedom.com <http://vpn.somedom.com> "> allow from all Options None Require all granted </Directory> ServerName vpn.somedom.com <http://vpn.somedom.com> <Location /guacamole/> Order allow,deny Allow from all ProxyPass http://localhost:8080/guacamole/ flushpackets=on ProxyPassReverse http://localhost:8080/guacamole/ </Location> <Location /guacamole/websocket-tunnel> Order allow,deny Allow from all ProxyPass ws://localhost:8080/guacamole/websocket-tunnel ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel </Location> Header always unset X-Frame-Options Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/vpn.somedom.com/fullchain.pem <http://vpn.somedom.com/fullchain.pem> SSLCertificateKeyFile /etc/letsencrypt/live/vpn.somedom.com/privkey.pem <http://vpn.somedom.com/privkey.pem> </VirtualHost> This what I see in the logs: (ssh) Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO o.a.g.tunnel.TunnelRequestService - User "xxx" connected to connection "xxx". Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. And RDP Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.393 [http-nio-8080-exec-6] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole". Okt 22 23:57:35 webmail01 guacd[1536]: Creating new client for protocol "rdp" Okt 22 23:57:35 webmail01 guacd[1536]: Connection ID is "$be247aff-2218-4279-8aa6-fda852e6a056" Okt 22 23:57:35 webmail01 guacd[1740]: No security mode specified. Defaulting to security mode negotiation with server. Okt 22 23:57:35 webmail01 guacd[1740]: Resize method: none Okt 22 23:57:35 webmail01 guacd[1740]: User "@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" joined connection "$be247aff-2218-4279-8aa6-fda852e6a056" (1 users now present) Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO o.a.g.tunnel.TunnelRequestService - User "dlaurenz" connected to connection "JD01". Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal. Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "base" Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "de-de-qwertz" Okt 22 23:57:35 webmail01 guacd[1740]: Connected to RDPDR 1.13 as client 0x0003 Okt 22 23:58:07 webmail01 guacd[1740]: RDP server closed connection: Manually logged off. Okt 22 23:58:07 webmail01 guacd[1740]: Internal RDP client disconnected This indicates that the RDP server has, for some reason or another, closed the connection. Are you able to successfully connect to this server with identical parameters from a standard RDP client? -Nick
