On Thu, Jan 4, 2024 at 8:14 AM Per-Erik Gustafsson < perre.gustafs...@gmail.com> wrote:
> Hi, > > > We have used Guacamole in Docker containers since September 2022 and now > we noticed that session to xrdp backend gets reset occasionally. > > I do not have numbers on the frequency of this problem. > > > Where could the problem be? > > > Our setup consist of Nginx reverse proxies, Guacamole and Guacd in Docker > containers where we get sessions resets occasionally. > > > The setup: > > DMZ: Nginx nr 1, proxies over https to > > Virtualmachine containing: > > Nginx/Docker reverse proxy tls endpoint > > Postgresql/Docker > > Authorization app/Flask running in Docker > > Guacamole/Docker > > Guacd/Docker > > > This is run with Docker compose, with a default docker network > > Guacamole images are version 1.4.0 > > > Guacd connects to other virtual machines on the same physical host over > RDP to Xrdp. > > We have abt 100 defined users, of which only a small fraction are > simultaneously active. > > > This setup has worked fine until now when a user told us that his session > gets reset/cancelled every now and then. > > > This time the user had started the work in the xrdp session and then put > the browser window to side and continued other tasks. After a while the > session was reset. > I suspect that one of two things is going on, here: * When the browser window gets "put to the side," the browser or O/S is attempting to optimize performance by "sleeping" the tabs, and doesn't keep the communication active, which results in guacd believing that the client has left the connection. I think we've seen this in a couple of places, before, with inactive tabs in some browsers (Safari and Chrome, maybe?). * Something in the DMZ firewall is keeping track of connectivity and believes that the connection is idle, so it shuts down the communication. A lot of "next gen" firewalls do this as a security and/or bandwidth optimization feature. -Nick
