On Fri, Apr 8, 2022 at 2:10 AM Tom Lawson <t...@tomlawson.io.invalid> wrote:
> Thanks Ivanmarcus, I’ll take a look. > > Regards auto-updates, nothing is able to automatically update itself > already. > > The containers run in a Debian 11 minimal VM and are launched via a > docker-compose file. Config for both guacamole and guacd are bind mounted > to the containers so that the configs are stored externally to the > container, and an external MySQL database stores the data, with > authentication being done externally with an IDP using OIDC extension. > > The odd part is that even turning SSL off doesn’t work, and rolling back > to known working versions makes no difference. The errors that you're seeing almost look like something is causing problems in the conversation between the end client and guacd, somewhere along the way. The fact that guacd is reporting protocol issues indicates that something is disrupting the protocol stream - could be security software of some sort or just a very unreliable network connection. The message from Tomcat about the SSL error isn't necessarily about Tomcat <-> guacd communication, it could be browser -> Tomcat. Might just take a look at the entire end-to-end connection and make sure there's no indication of lost/missing/mangle packets along the way. Keep in mind that, while Tomcat does help with some of the setup and redirection of the tunnel to guacd, ultimately the tunnel is between the web application running in the user's web browser and guacd. -Nick