On Wed, Dec 30, 2020 at 12:36 PM Aslan French <[email protected]> wrote:
> Hi, > > My name is Aslan. I'm a design technologist. I'm not a particularly good > developer or sysadmin but I dabble in running cloud apps for my own > personal needs on a homelab server. I wanted to set up Apache Guacamole so > that I could manage my homelab server remotely while I'm away from home. I > can ssh in of course, but sometimes it would be nice to have access to a > GUI. > Welcome! > > My homelab server already has Nextcloud and an nginx proxy server > installed on it. > > I tried following a combination of these tutorials to install Guac on my > homelab server: > > > https://www.linuxbabe.com/ubuntu/apache-guacamole-remote-desktop-ubuntu-20-04 > > https://www.howtoforge.com/how-to-install-and-configure-guacamole-on-ubuntu-1804/ > > When I visit http://remote.aslanfrench.work:8080/guacamole/#/ from the > homelab server I can see the Guac login. When I try to login it stalls out > on me. > > When you say "stalls out", can you describe what happens? Just hangs and never finishes the login? It seems like, if you're getting the login page, you have Tomcat working correctly, your firewall is okay, etc. > When I try to access that url from my laptop it hangs and does not work. > > Here is my nginx conf: > > ``` >> server { >> listen 80; >> listen [::]:80; >> >> # ## ssl cert location >> # location /.well-known/acme-challenge { >> # root /var/www/letsencrypt; >> # default_type "text/plain"; >> # try_files $uri =404; >> # } >> >> server_name remote.aslanfrench.work; >> access_log /var/log/nginx/guac_access.log; >> >> error_log /var/log/nginx/guac_error.log; >> >> # reroute all other traffice to the 443 port >> location / { >> return 301 <a href="https://$server_name:443;";>https:// >> $server_name:443; >> } >> >> } >> >> >> # # HTTPS stuff >> server { >> listen 443 ssl http2 default_server; >> listen [::]:443 ssl http2 default_server; >> server_name remote.aslanfrench.work; >> >> access_log /var/log/nginx/guacamole.access.log main; >> error_log /var/log/nginx/guacamole.error.log warn; >> >> # root /var/www/guacamole; >> # index index.html; >> >> location /guacamole/ { >> proxy_pass http://remote.aslanfrench.work:8080/guacamole/; >> proxy_buffering off; >> proxy_http_version 1.1; >> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; >> proxy_set_header Upgrade $http_upgrade; >> proxy_set_header Connection $http_connection; >> # access_log off; >> } >> } >> >> ``` >> > > That conf is based off of the nextcloud conf I'm using and the official > Guac manual. > > I successfully can access the root page commented out from any external > computer so I know that the proxy is at least working on some level > correctly. > > Generally speaking though that's something I'm kind of confused about? I > don't know anything about tomcat. The way the nginx proxy works is pretty > self explanatory I feel with most stuff. Nextcloud is PHP. so you just > point the nextcloud conf towards /var/www/Nextcloud and the index.php does > the rest. But what is the guacamole conf in the nginx supposed to be > pointing towards? "Where" in my filesystem is Guac located? I know "where" > nextcloud is located but I don't get how that works with Guac. Is that the > .war file? That's the guac webapp I guess? How does the nginx know where > that is located if I don't specify that anywhere in the conf file? It > apparently does since I can access guac's front locally (though maybe > that's not quite right since it's not accessible externally) > > WIth Tomcat, the WAR files you deploy get unpacked into Tomcat's webapps directory. So, if, for example, you were to download Tomcat from the website and install it in /opt/tomcat, the webapps directory is, by default, /opt/tomcat/webapps, and you deploy your guacamole.war file as /opt/tomcat/webapps/guacamole.war. If you give it a couple of seconds after deploying and look in the /opt/tomcat/webapps directory, you'll see an /opt/tomcat/webapps/guacamole directory, which is where Tomcat has unzipped the WAR file and is, essentially, the "where" of the Guacamole files. This is where the JS files exist that the browser will download to run the browser-side components of Guacamole Client, and where some of the Java classes that Tomcat will load will be deployed. However, it differs a little from how you run Nginx + PHP for Nextcloud, in that Tomcat is what's actually doing all of the processing for HTTP requests - it loads and runs all of the Java classes, provides the REST API, the Guacamole tunnel, etc. When you configure the Nginx proxy for Guacamole (Tomcat), the only thing you're doing is having Nginx redirect traffic to a specific URL (/guacamole, but default) to the Tomcat server and back. The primary reason for this is to be able to configure HTTPS (Nginx can do the translation between HTTPS and HTTP), and to centralize access to multiple services running on the same server (Nextcloud and Guacamole, for example). However, in this case, Nginx isn't looking at the local Guacamole install directory in the same way that it is when running a PHP application - it is just sending the HTTP requests on to Tomcat, and doing the minimal translation required to convert URLs from what the client requests to what Tomcat serves, and back, again. > Anyway, lots of questions here, and I def would appreciate any > troubleshooting tips anyone could provide. > No problem, we're happy to help you work through getting it set up and answer any questions. The logs - in this case, Tomcat logs (catalina.out, or syslog, wherever Tomcat is configured to log by default) are going to be helpful in getting things working - they may give some clues as to why Guacamole is "stalling" on login. -Nick >
