Hi, Yes, it is ubuntu 22 LTS. I installed snap version of certbot.
After "$ sudo certbot --apache", there were no files created for "piitpl.co.in-le-ssl" at all, it had file for "000-default-le-ssl", thus i've missed "$ sudo a2ensite piitpl.co.in-le-ssl". https://guacamole.apache.org/doc/gug/reverse-proxy.html#preparing-your-servlet-container According to this, Using Guacamole over AJP is unsupported. Anyway, will try your suggestions. Thanks, On Thursday, 25 May, 2023, 02:41:02 am IST, Shigeki Sawamura <[email protected]> wrote: Hello. I will talk about it assuming that it is an Ubuntu system. I assume you have certbot and python3-certbot-apache installed and run sudo certbot --apache. Then, I think that you will be prompted to enter various things at first, but does /var/log/letsencrypt/letsencrypt.log indicate that it is being processed correctly? After executing the following, does sudo systemctrl status apache2 work without errors? $ sudo systemctl reload apache2 $ sudo certbot --apache $ sudo a2enmod ssl $ sudo a2ensite piitpl.co.in-le-ssl $ sudo systemctl restart apache2 > 2, enabled guacamole.html > 3, disabled 000-default I don't need this, I think it changed automatically. With sudo certbot --apache, the above process will be performed without permission. Instead, sudo a2ensite piitpl.co.in-le-ssl is always required. The domain is tailored for you. Execute sudo certbot --apache and when the process is completed successfully, /etc/letsencrypt/renewal/piitpl.co.in.conf Wasn't it written out to ? Check with sudo certbot renew --dry-run. > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/ teeth, $ sudo vi /var/lib/tomcat9/conf/server.xml and <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" /> <Connector port="8009" protocol="AJP/1.3" redirectPort="8080" enableLookups="false" secretRequired="false" /> is enabled when I've only set this up once, so sorry if I'm wrong. Best Regards, On 2023/05/25 木 午前 02:48, Eby Mani wrote: > Hi, > > Running "certbot --apache" generates the certificate and inserts the ssl > certificate related lines to apache2 sites .conf file and create required > ssl.conf file (e.g. 000-default.conf, 000-default-ssl.conf, etc....) > > Can you explain these lines(i don't see them in documentation) ?. Do i have > to configure anything in guacamole for these ?. > > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/ > > Thanks, > > > On Wednesday, 24 May, 2023, 04:34:40 am IST, Shigeki Sawamura > <[email protected]> wrote: > > > Hello. > > I haven't used Let's Encrypt much, so sorry if I'm off the mark. > > The Apache2 setting at the time of Let's Encrypt remained in the memo that > was set once. > It looks like you did something like this: > > <IfModule mod_ssl.c> > <VirtualHost *:443> > ServerName <DOMAIN> > ServerAlias www.<DOMAIN> > ServerAdmin info@<DOMAIN> > > DocumentRoot /var/www/html > ErrorLog ${APACHE_LOG_DIR}/error.<DOMAIN>.log > CustomLog ${APACHE_LOG_DIR}/access.<DOMAIN>.log combined > > Include /etc/letsencrypt/options-ssl-apache.conf > SSLCertificateFile /etc/letsencrypt/live/piitpl.co.in/fullchain.pem > SSLCertificateKeyFile /etc/letsencrypt/live/piitpl.co.in/privkey.pem > > Proxy Requests off > <Location /guacamole/> > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/ > RequestHeader set X-Forwarded-Proto https > RequestHeader set X-Forwarded-Port 443 > ProxyPreserveHost On > </Location> > <Location /guacamole/websocket-tunnel> > Order allow, deny > Allow from all > ProxyPass ws://localhost:8080/guacamole/websocket-tunnel > ProxyPassReversews://localhost:8080/guacamole/websocket-tunnel > ProxyPreserveHost On > </Location> > </VirtualHost> > </IfModule> > > I hope this helps. > > Best Regards, > > > On 2023/05/23 火 午後 04:22, Eby Mani wrote: > > Are there any proper guide on how to setup guacamole with apache2 https >reverse proxy ?. > > > > I tried setting up guacamole with apache2, with >"https://example-domain-name"; the default ubuntu apache2 webpage would open. > > > > "https:///example-domain-name/guacamole"; will throw some certificate >error. Had to remove apache2 and setup guacamole with ngnix, reverse proxy is >working fine over https !!!!. > > > > my old apache2 config, > > > > 1, /etc/apache2/sites-available/guacamole.html > > 2, enabled guacamole.html > > 3, disabled 000-default > > 4, restarted apache2 > > 5, ran certbot --apache > > 6, restarted guacd, tomcat9 and apache2 > > > > contents of guacamole.html > > > > <VirtualHost *:80> > > ServerName "example-domain-name" > > ServerAlias "example-domain-name" > > > > Redirect permanent / https://example-domain-namee/ ><https://example-domain-namee/> > > </VirtualHost> > > > > <VirtualHost *:443> > > ServerName "example-domain-name" > > ServerAlias "example-domain-name" > > > > <If "%{HTTP_HOST} == 'www.example-domain-name'"> > > Redirect permanent / https://"example-domain-name"/ > > </If> > > > > ErrorLog /var/log/apache2/example-domain-name-error.log > > CustomLog /var/log/apache2/example-domain-name-access.log combined > > > > SSLEngine On > > SSLCertificateFile /etc/letsencrypt/live/piitpl.co.in/fullchain.pem > > SSLCertificateKeyFile /etc/letsencrypt/live/piitpl.co.in/privkey.pem > > > > <Location /guacamole/> > > Order allow,deny > > Allow from all > > ProxyPass http://127.0.0.1:8080/guacamole/ ><http://127.0.0.1:8080/guacamole/> flushpackets=on > > ProxyPassReverse http://127.0.0.1:8080/guacamole/ ><http://127.0.0.1:8080/guacamole/> > > </Location> > > > > <Location /guacamole/websocket-tunnel> > > Order allow,deny > > Allow from all > > ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel > > ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel > > </Location> > > > > </VirtualHost> > > > > > > Thanks, > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] ><mailto:[email protected]> > > For additional commands, e-mail: [email protected] ><mailto:[email protected]> > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > <mailto:[email protected]> > For additional commands, e-mail: [email protected] > <mailto:[email protected]> > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
