Hello. I will talk about it assuming that it is an Ubuntu system.
I assume you have certbot and python3-certbot-apache installed and run sudo certbot --apache. Then, I think that you will be prompted to enter various things at first, but does /var/log/letsencrypt/letsencrypt.log indicate that it is being processed correctly? After executing the following, does sudo systemctrl status apache2 work without errors? $ sudo systemctl reload apache2 $ sudo certbot --apache $ sudo a2enmod ssl $ sudo a2ensite piitpl.co.in-le-ssl $ sudo systemctl restart apache2 > 2, enabled guacamole.html > 3, disabled 000-default I don't need this, I think it changed automatically. With sudo certbot --apache, the above process will be performed without permission. Instead, sudo a2ensite piitpl.co.in-le-ssl is always required. The domain is tailored for you. Execute sudo certbot --apache and when the process is completed successfully, /etc/letsencrypt/renewal/piitpl.co.in.conf Wasn't it written out to ? Check with sudo certbot renew --dry-run. > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/ teeth, $ sudo vi /var/lib/tomcat9/conf/server.xml and <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8080" enableLookups="false" secretRequired="false" /> is enabled when I've only set this up once, so sorry if I'm wrong. Best Regards, On 2023/05/25 木 午前 02:48, Eby Mani wrote:
Hi, Running "certbot --apache" generates the certificate and inserts the ssl certificate related lines to apache2 sites .conf file and create required ssl.conf file (e.g. 000-default.conf, 000-default-ssl.conf, etc....) Can you explain these lines(i don't see them in documentation) ?. Do i have to configure anything in guacamole for these ?. ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on ProxyPassReverse ajp://127.0.0.1:8009/guacamole/ Thanks, On Wednesday, 24 May, 2023, 04:34:40 am IST, Shigeki Sawamura <[email protected]> wrote: Hello. I haven't used Let's Encrypt much, so sorry if I'm off the mark. The Apache2 setting at the time of Let's Encrypt remained in the memo that was set once. It looks like you did something like this: <IfModule mod_ssl.c> <VirtualHost *:443> ServerName <DOMAIN> ServerAlias www.<DOMAIN> ServerAdmin info@<DOMAIN> DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.<DOMAIN>.log CustomLog ${APACHE_LOG_DIR}/access.<DOMAIN>.log combined Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/piitpl.co.in/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/piitpl.co.in/privkey.pem Proxy Requests off <Location /guacamole/> ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on ProxyPassReverse ajp://127.0.0.1:8009/guacamole/ RequestHeader set X-Forwarded-Proto https RequestHeader set X-Forwarded-Port 443 ProxyPreserveHost On </Location> <Location /guacamole/websocket-tunnel> Order allow, deny Allow from all ProxyPass ws://localhost:8080/guacamole/websocket-tunnel ProxyPassReversews://localhost:8080/guacamole/websocket-tunnel ProxyPreserveHost On </Location> </VirtualHost> </IfModule> I hope this helps. Best Regards, On 2023/05/23 火 午後 04:22, Eby Mani wrote: > Are there any proper guide on how to setup guacamole with apache2 https reverse proxy ?. > > I tried setting up guacamole with apache2, with "https://example-domain-name"; the default ubuntu apache2 webpage would open. > > "https:///example-domain-name/guacamole"; will throw some certificate error. Had to remove apache2 and setup guacamole with ngnix, reverse proxy is working fine over https !!!!. > > my old apache2 config, > > 1, /etc/apache2/sites-available/guacamole.html > 2, enabled guacamole.html > 3, disabled 000-default > 4, restarted apache2 > 5, ran certbot --apache > 6, restarted guacd, tomcat9 and apache2 > > contents of guacamole.html > > <VirtualHost *:80> > ServerName "example-domain-name" > ServerAlias "example-domain-name" > > Redirect permanent / https://example-domain-namee/ <https://example-domain-namee/> > </VirtualHost> > > <VirtualHost *:443> > ServerName "example-domain-name" > ServerAlias "example-domain-name" > > <If "%{HTTP_HOST} == 'www.example-domain-name'"> > Redirect permanent / https://"example-domain-name"/ > </If> > > ErrorLog /var/log/apache2/example-domain-name-error.log > CustomLog /var/log/apache2/example-domain-name-access.log combined > > SSLEngine On > SSLCertificateFile /etc/letsencrypt/live/piitpl.co.in/fullchain.pem > SSLCertificateKeyFile /etc/letsencrypt/live/piitpl.co.in/privkey.pem > > <Location /guacamole/> > Order allow,deny > Allow from all > ProxyPass http://127.0.0.1:8080/guacamole/ <http://127.0.0.1:8080/guacamole/> flushpackets=on > ProxyPassReverse http://127.0.0.1:8080/guacamole/ <http://127.0.0.1:8080/guacamole/> > </Location> > > <Location /guacamole/websocket-tunnel> > Order allow,deny > Allow from all > ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel > ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel > </Location> > > </VirtualHost> > > > Thanks, > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] <mailto:[email protected]> > For additional commands, e-mail: [email protected] <mailto:[email protected]> > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] <mailto:[email protected]> For additional commands, e-mail: [email protected] <mailto:[email protected]>
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
