Thanks for your answers.
Now I'm using guacamole in a LAN and I don't need a reverse proxy.When I have
finished the configuration and everything is OK, I will connect from the
Internet using the reverse proxy on the firewall (OPNsense with HA Proxy).
If you assure me that it is already sufficient, then I will leave HTTP.Instead
I would like to know if I can use another port from the Internet and let
HAProxy redirect to 8080.
Il venerdì 16 febbraio 2024 alle ore 12:53:42 CET, Nick Couchman
<[email protected]> ha scritto:
I agree with both Alessandro and Robert's advice to just go ahead and install
a reverse proxy. There are several issues with running https directly in Tomcat
- one of them is that you either have to a) choose a port above 1024 for the
HTTPS traffic and then use port redirection magic to move standard port 443
traffic to that port, or b) run Tomcat in such a way that it has the privileges
to open port 443 itself. In the past, running Tomcat with privileges to operate
on the standard HTTPS port (443) meant running it as root, which is a Bad Idea;
however, there are some changes to at least Linux, maybe even some of the BSDs,
recently, that allow you to set a capability for the Tomcat user to open
privileged ports without having to elevate to root.
The thing is, the above are just the things you have to do to get Tomcat to
even listen or process traffic on 443, and you haven't even set up the private
key/certificate, yet. You're really better off just installing either Nginx or
httpd and going that route.
-Nick
On Fri, Feb 16, 2024 at 6:06 AM Alessandro Sironi <[email protected]>
wrote:
Hi Andrea,
it would be better to not expose directly Tomcat to internet, instead, you
sohould use a reverse proxy such as NGINX or Apache and land there over HTTPS.
Regards,
Alessandro
Il 16/02/2024 11:47, Andrea Miconi ha scritto:
I'm new to guacamole and now I can access the login page with HTTP.
I want to access it with HTTPS instead, but I can't figure out what I should
do. Reading online I found a suggestion to install Nginx as a reverse proxy,
but I would like to avoid it.
Shouldn't it be enough to activate https on Tomcat? How to do it?
