I use Apache HTTPD to do this, but the idea is the same. Nginx is pretty light-weight, so might be a better option if all you're doing is the SSL proxying, but Apache works fine, too.
The Apache configuration is pretty simple - set up SSL, then use mod_proxy with either HTTP or AJP protocols to redirect the traffic back to Tomcat. Lots of instructions out there on how to accomplish this. -Nick > On Jun 24, 2016, at 07:23, Bob Henderson <[email protected]> wrote: > > It's worth looking into. Allows easy SSL termination, and a higher level of > security due to minimal firewall/dmz interaction. I've had it running in > production for approx 6 months now, no issues. > > -Bob Henderson- > Technology Coordinator > Robotics Coach > Senior Drama Director > Lake Park Audubon Schools > 218.238.5914 ext 2030 > www.lakeparkaudubon.com > Check us out on Facebook! > >> On Fri, Jun 24, 2016 at 8:16 AM, Clinton Tonge >> <[email protected]> wrote: >> I like this idea…I’m not a pro in this type of application, but I’ll do some >> research. Thanks! >> >> >> Clinton Tonge >> SCADA and Asset Performance >> >> Northwind Solutions >> 1315 North Service Road East, Suite 300 >> Oakville, Ontario L6H 1A7 >> O: 905.829.5757 >> C: 519.835.1315 >> >> <image001.png> >> www.northwindsolutions.com >> >>> On Jun 23, 2016, at 1:51 PM, Bob Henderson <[email protected]> wrote: >>> >>> I'd personally set it up behind an NGINX reverse proxy with ssl termination >>> on the public IP, and just have all users use that? >>> >>> -Bob Henderson- >>> Technology Coordinator >>> Robotics Coach >>> Senior Drama Director >>> Lake Park Audubon Schools >>> 218.238.5914 ext 2030 >>> www.lakeparkaudubon.com >>> Check us out on Facebook! >>> >>>> On Thu, Jun 23, 2016 at 12:47 PM, Clinton Tonge >>>> <[email protected]> wrote: >>>> Is it possible for guacamole to listen on multiple hosts and ports? I >>>> have it currently working without encryption on a private VPN virtual >>>> adapter for my internal users, and I’d also like to have it accessible >>>> with SSL via a public static IP on my server for a few outside users. Or >>>> do I need to setup a second instance to handle this other access method... >>>> >>>> Cheers, >>>> Clint. >>>> >>>> >>>> Clinton Tonge >>>> SCADA and Asset Performance >>>> >>>> Northwind Solutions >>>> 1315 North Service Road East, Suite 300 >>>> Oakville, Ontario L6H 1A7 >>>> O: 905.829.5757 >>>> C: 519.835.1315 >>>> >>>> <image001.png> >>>> www.northwindsolutions.com > == This e-mail may contain SEAKR Engineering (SEAKR) Confidential and Proprietary Information. If this message is not intended for you, you are strictly prohibited from using this message, its contents or attachments in any way. If you have received this message in error, please delete the message from your mailbox. This e-mail may contain export-controlled material and should be handled accordingly.
