With the help of Daniel Gruno on [email protected], I finally got the
guacamole installation to work. The final VH block is:
<VirtualHost *:4443>
ServerName <FQDN name>
DocumentRoot <directory>
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule "^/guacamole$" "/guacamole/" [R=302]
<Directory "<directory>">
Require all granted
</Directory>
<Location /websocket-tunnel>
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
<Location /guacamole/>
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
SSLEngine on
SSLCertificateFile <certificate location>
SSLCertificateKeyFile <private key location>
</VirtualHost>
Here you need to convert <FQDN name>, <directory>, <certification location> and
<private key location> into values pertinent for the local implementation.
Also, the port associated with the VH block is special in my implementation.
Normally, it would be 443.
Notice several things:
+ It is necessary to use a RewriteRule to turn ""/guacamole" into
"/guacamole/", otherwise Apache gets confused. Furthermore, the rewrite rule
needs the annotation [R=302] "to force a redirect instead of internal rewriting
the filesystem path".
+ The instructions for the <Location> blocks found in:
https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache
are out of date. "Order allow,deny | Allow from all" are no longer considered
up-to-date directives. Thus, the transition to "Require all granted".
Given my experience with trying to get guacamole to work, I would suggest
someone writing a tutorial that gently leads new comers to solutions. The
existing documentation is expert friendly and not really suitable for those of
us who are coming to guacamole for the first time.
> On Dec 19, 2022, at 10:30 AM, Michael Jumper <[email protected]> wrote:
>
> On Mon, Dec 19, 2022, 9:25 AM Dan Nessett <[email protected]
> <mailto:[email protected]>> wrote:
> I am still trying to figure out why guacamole is not working. I looked at the
> journalctl output, but found nothing suspicious (see below for startup
> journal messages). When I look at the output of journalctl after attempting
> to use guacamole from a browser (i.e., http://<server external dns
> name>:<external NAT port>/guacamole), there is nothing in the output from
> tomcat, guacamole or apache.
>
> Can anyone more experienced than I see something that might give a clue what
> is going wrong? The response at the browser when attempting to access
> guacamole is:
>
> Not Found
>
> The requested URL was not found on this server.
>
> Apache/2.4.29 (Ubuntu) Server at <DNS name> Port XXXXX
>
> (I have changed the DNS name and external port number). Is it possible that
> guacamole is getting confused because the internal port seen by apache (i.e.,
> 4443) is not the internal port used by NAT (i.e., 443). Also, is it possible
> that the from address that tomcat sees is 127.0.01 might confuse it when
> responding to the request?
>
> No, this is a response from the Apache web server, not Guacamole or Tomcat.
> Your request is failing within Apache and thus is not reaching either of
> those levels.
>
> You should check your Apache logs and config to determine why your request
> doesn't match your configuration.
>
> - Mike
