Re: Access to login page with HTTPS

Sun, 18 Feb 2024 06:43:13 -0800 

 OK, thanks Nick.I'll see what I should do with the links you sent me.For now I 
thank you.Bye.


    Il domenica 18 febbraio 2024 alle ore 13:32:57 CET, Nick Couchman 
<[email protected]> ha scritto:  
 
 On Sun, Feb 18, 2024 at 3:21 AM Andrea Miconi 
<[email protected]> wrote:

I've made some progress.
I configured ha-proxy in my small personal laboratory.Listening to 0.0.0.0:443 
and calling IP-LAN:8080
Now if I type https://MyDomain.TLD/guacamole on a PC on the Internet, the 
Guacamole login page appears.
However, I still have doubts.
I now call the service with HTTPS and see the padlock marking the certificate 
with Let's Encrypt.However, I would like there to be the redirect from 80 to 
443, but I think this is a problem with how the certificate is generated in the 
firewall.


This is entirely possible, but depends on what you're using for a reverse 
proxy. Here are a couple of quick references for Nginx, Apache httpd, and 
HAProxy:https://serversforhackers.com/c/redirect-http-to-https-nginx
https://www.ssl.com/how-to/redirect-http-to-https-with-apache/
https://www.haproxy.com/blog/redirect-http-to-https-with-haproxy
 
Furthermore, I didn't understand if I should also install the certificate on 
the PC on which guacamole runs.I generated a certificate for *.mydomain.tld and 
therefore it is also valid for the PC, but I don't know how to bring the 
certificate here.
If I solve it I would have access to Guacamole via HTTPS also from the LAN and 
not just from the Internet.
However, this is also not a HA Proxy problem.


If you're running the reverse-proxy for the Internet on a different system from 
where Guacamole is installed, and want the HTTPS configuration with that 
wildcard certificate in both places, then you'd need to install the certificate 
on that system, as well. However, you don't need just the generated 
certificate, you also need the private key that you used for that certificate. 
Once you have that pair, you can copy them to the system where Guacamole is 
installed and use them on it, as well.
As far as how to configure HTTPS on that system, it all depends on how you want 
to do that. You could:* Install HAProxy on that system, as well, and configure 
it with the same certificate.* Install Nginx or Apache httpd and configure one 
of them as a reverse proxy using that certificate.* Install the certificate 
into Tomcat and configure Tomcat for HTTPS, as long as you're okay with it 
running on the non-standard port numbers. I still don't recommend this approach.
-Nick

Reply via email to