Hello Shigeki,
When using your apache2 .conf, configtest fails.
Invalid command 'RequestHeader', perhaps misspelled or defined by a module not
included in the server configuration
Action 'configtest' failed.
Thanks,
On Thursday, 25 May, 2023, 11:43:38 am IST, Shigeki Sawamura
<[email protected]> wrote:
Hello.
If you have "000-default-le-ssl", try "$ sudo a2ensite 000-default-le-ssl".
I believe Guacamole supports AJP.
I have built 8 Guacamole servers from 1.3.0 to 1.5.1 so far, but they are all
accessed by AJP via Apache2.
Best Regards,
On 2023/05/25 木 午後 02:33, Eby Mani wrote:
> Hi,
>
> Yes, it is ubuntu 22 LTS. I installed snap version of certbot.
>
> After "$ sudo certbot --apache", there were no files created for
> "piitpl.co.in-le-ssl" at all, it had file for "000-default-le-ssl", thus i've
> missed "$ sudo a2ensite piitpl.co.in-le-ssl".
>
> https://guacamole.apache.org/doc/gug/reverse-proxy.html#preparing-your-servlet-container
> According to this, Using Guacamole over AJP is unsupported.
>
> Anyway, will try your suggestions.
>
> Thanks,
>
> On Thursday, 25 May, 2023, 02:41:02 am IST, Shigeki Sawamura
> <[email protected]> wrote:
>
>
> Hello.
>
> I will talk about it assuming that it is an Ubuntu system.
>
> I assume you have certbot and python3-certbot-apache installed and run sudo
> certbot --apache.
> Then, I think that you will be prompted to enter various things at first, but
> does /var/log/letsencrypt/letsencrypt.log indicate that it is being processed
> correctly?
>
> After executing the following, does sudo systemctrl status apache2 work
> without errors?
> $ sudo systemctl reload apache2
> $ sudo certbot --apache
> $ sudo a2enmod ssl
> $ sudo a2ensite piitpl.co.in-le-ssl
> $ sudo systemctl restart apache2
>
> > 2, enabled guacamole.html
> > 3, disabled 000-default
>
> I don't need this, I think it changed automatically.
> With sudo certbot --apache, the above process will be performed without
> permission.
> Instead, sudo a2ensite piitpl.co.in-le-ssl is always required.
> The domain is tailored for you.
>
> Execute sudo certbot --apache and when the process is completed successfully,
> /etc/letsencrypt/renewal/piitpl.co.in.conf
> Wasn't it written out to ?
> Check with sudo certbot renew --dry-run.
>
> > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on
> > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/
> teeth,
> $ sudo vi /var/lib/tomcat9/conf/server.xml
> and
> <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" />
> <Connector port="8009" protocol="AJP/1.3" redirectPort="8080"
> enableLookups="false" secretRequired="false" />
> is enabled when
>
> I've only set this up once, so sorry if I'm wrong.
>
> Best Regards,
>
>
> On 2023/05/25 木 午前 02:48, Eby Mani wrote:
> > Hi,
> >
> > Running "certbot --apache" generates the certificate and inserts the ssl
>certificate related lines to apache2 sites .conf file and create required
>ssl.conf file (e.g. 000-default.conf, 000-default-ssl.conf, etc....)
> >
> > Can you explain these lines(i don't see them in documentation) ?. Do i
>have to configure anything in guacamole for these ?.
> >
> > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on
> > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/
> >
> > Thanks,
> >
> >
> > On Wednesday, 24 May, 2023, 04:34:40 am IST, Shigeki Sawamura
><[email protected] <mailto:[email protected]>> wrote:
> >
> >
> > Hello.
> >
> > I haven't used Let's Encrypt much, so sorry if I'm off the mark.
> >
> > The Apache2 setting at the time of Let's Encrypt remained in the memo that
>was set once.
> > It looks like you did something like this:
> >
> > <IfModule mod_ssl.c>
> > <VirtualHost *:443>
> > ServerName <DOMAIN>
> > ServerAlias www.<DOMAIN>
> > ServerAdmin info@<DOMAIN>
> >
> > DocumentRoot /var/www/html
> > ErrorLog ${APACHE_LOG_DIR}/error.<DOMAIN>.log
> > CustomLog ${APACHE_LOG_DIR}/access.<DOMAIN>.log combined
> >
> > Include /etc/letsencrypt/options-ssl-apache.conf
> > SSLCertificateFile /etc/letsencrypt/live/piitpl.co.in/fullchain.pem
> > SSLCertificateKeyFile /etc/letsencrypt/live/piitpl.co.in/privkey.pem
> >
> > Proxy Requests off
> > <Location /guacamole/>
> > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on
> > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/
> > RequestHeader set X-Forwarded-Proto https
> > RequestHeader set X-Forwarded-Port 443
> > ProxyPreserveHost On
> > </Location>
> > <Location /guacamole/websocket-tunnel>
> > Order allow, deny
> > Allow from all
> > ProxyPass ws://localhost:8080/guacamole/websocket-tunnel
> > ProxyPassReversews://localhost:8080/guacamole/websocket-tunnel
> > ProxyPreserveHost On
> > </Location>
> > </VirtualHost>
> > </IfModule>
> >
> > I hope this helps.
> >
> > Best Regards,
> >
> >
> > On 2023/05/23 火 午後 04:22, Eby Mani wrote:
> > > Are there any proper guide on how to setup guacamole with apache2 https
>reverse proxy ?.
> > >
> > > I tried setting up guacamole with apache2, with
>"https://example-domain-name"; the default ubuntu apache2 webpage would open.
> > >
> > > "https:///example-domain-name/guacamole"; will throw some certificate
>error. Had to remove apache2 and setup guacamole with ngnix, reverse proxy is
>working fine over https !!!!.
> > >
> > > my old apache2 config,
> > >
> > > 1, /etc/apache2/sites-available/guacamole.html
> > > 2, enabled guacamole.html
> > > 3, disabled 000-default
> > > 4, restarted apache2
> > > 5, ran certbot --apache
> > > 6, restarted guacd, tomcat9 and apache2
> > >
> > > contents of guacamole.html
> > >
> > > <VirtualHost *:80>
> > > ServerName "example-domain-name"
> > > ServerAlias "example-domain-name"
> > >
> > > Redirect permanent / https://example-domain-namee/
><https://example-domain-namee/> <https://example-domain-namee/
><https://example-domain-namee/>>
> > > </VirtualHost>
> > >
> > > <VirtualHost *:443>
> > > ServerName "example-domain-name"
> > > ServerAlias "example-domain-name"
> > >
> > > <If "%{HTTP_HOST} == 'www.example-domain-name'">
> > > Redirect permanent / https://"example-domain-name"/
> > > </If>
> > >
> > > ErrorLog /var/log/apache2/example-domain-name-error.log
> > > CustomLog /var/log/apache2/example-domain-name-access.log combined
> > >
> > > SSLEngine On
> > > SSLCertificateFile /etc/letsencrypt/live/piitpl.co.in/fullchain.pem
> > > SSLCertificateKeyFile
>/etc/letsencrypt/live/piitpl.co.in/privkey.pem
> > >
> > > <Location /guacamole/>
> > > Order allow,deny
> > > Allow from all
> > > ProxyPass http://127.0.0.1:8080/guacamole/
><http://127.0.0.1:8080/guacamole/> <http://127.0.0.1:8080/guacamole/
><http://127.0.0.1:8080/guacamole/>> flushpackets=on
> > > ProxyPassReverse http://127.0.0.1:8080/guacamole/
><http://127.0.0.1:8080/guacamole/> <http://127.0.0.1:8080/guacamole/
><http://127.0.0.1:8080/guacamole/>>
> > > </Location>
> > >
> > > <Location /guacamole/websocket-tunnel>
> > > Order allow,deny
> > > Allow from all
> > > ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
> > > ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
> > > </Location>
> > >
> > > </VirtualHost>
> > >
> > >
> > > Thanks,
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: [email protected]
><mailto:[email protected]>
><mailto:[email protected]>
> > > For additional commands, e-mail: [email protected]
><mailto:[email protected]> <mailto:[email protected]>
> >
> > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
><mailto:[email protected]>
><mailto:[email protected]>
> > For additional commands, e-mail: [email protected]
><mailto:[email protected]> <mailto:[email protected]>
>
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> <mailto:[email protected]>
> For additional commands, e-mail: [email protected]
> <mailto:[email protected]>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
