Guacamole and reverse Proxy

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Guacamole and reverse Proxy

Dirk Laurenz

Hello,

 

I make my first steps with guacamole and it’s great! Locally it’s working perfectly.

Now I try to expose it to the internet in order to use it remotely.

 

So I configured apache as an reverse proxy. That works fine so far, but I’m not able to start any session.

Logging to the web interface works fine. But as soon as I start an rdp session or ssh session they don’t work.

 

Locally they work.

 

Here’s my apache config:

 

<VirtualHost *:443>

DocumentRoot /var/www/vpn.somedom.com

ServerAdmin webmaster@localhost

ErrorLog /var/log/apache2/vpn.somedom.com_error.log

CustomLog /var/log/apache2/vpn.somedom.com_access.log combined

RewriteEngine on

RewriteCond %{SERVER_NAME} =roundcube.somedom.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

SSLEngine on

SSLProxyEngine on

<Directory "/var/www/vpn.somedom.com">

allow from all

Options None

Require all granted

</Directory>

ServerName vpn.somedom.com

 

                  <Location /guacamole/>

                                 Order allow,deny

                                 Allow from all

                                 ProxyPass http://localhost:8080/guacamole/ flushpackets=on

          ProxyPassReverse http://localhost:8080/guacamole/

      </Location>

 

                <Location /guacamole/websocket-tunnel>

                               Order allow,deny

                               Allow from all

         ProxyPass ws://localhost:8080/guacamole/websocket-tunnel

         ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel

     </Location>

 

     Header always unset X-Frame-Options

 

 

 

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/vpn.somedom.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/vpn.somedom.com/privkey.pem

</VirtualHost>

 

This what I see in the logs: (ssh)

 

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User "xxx" connected to connection "xxx".

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

 

And RDP

 

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.393 [http-nio-8080-exec-6] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".

Okt 22 23:57:35 webmail01 guacd[1536]: Creating new client for protocol "rdp"

Okt 22 23:57:35 webmail01 guacd[1536]: Connection ID is "$be247aff-2218-4279-8aa6-fda852e6a056"

Okt 22 23:57:35 webmail01 guacd[1740]: No security mode specified. Defaulting to security mode negotiation with server.

Okt 22 23:57:35 webmail01 guacd[1740]: Resize method: none

Okt 22 23:57:35 webmail01 guacd[1740]: User "@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" joined connection "$be247aff-2218-4279-8aa6-fda852e6a056" (1 users now present)

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "dlaurenz" connected to connection "JD01".

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "base"

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "de-de-qwertz"

Okt 22 23:57:35 webmail01 guacd[1740]: Connected to RDPDR 1.13 as client 0x0003

Okt 22 23:58:07 webmail01 guacd[1740]: RDP server closed connection: Manually logged off.

Okt 22 23:58:07 webmail01 guacd[1740]: Internal RDP client disconnected

Okt 22 23:58:08 webmail01 guacd[1740]: User "@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" disconnected (0 users remain)

Okt 22 23:58:08 webmail01 guacd[1740]: Last user of connection "$be247aff-2218-4279-8aa6-fda852e6a056" disconnected

Okt 22 23:58:08 webmail01 guacd[1536]: Connection "$be247aff-2218-4279-8aa6-fda852e6a056" removed.

Okt 22 23:58:09 webmail01 tomcat9[1543]: 23:58:09.055 [http-nio-8080-exec-9] INFO  o.a.g.tunnel.TunnelRequestService - User "dlaurenz" disconnected from connection "JD01". Duration: 33605 milliseconds

Okt 22 23:58:09 webmail01 tomcat9[1543]: 23:58:09.215 [http-nio-8080-exec-10] WARN  o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: No such tunnel.

Okt 22 23:58:09 webmail01 tomcat9[1543]: 23:58:09.284 [http-nio-8080-exec-4] WARN  o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request rejected: No such tunnel.

 

What I see in the webinterface is:

 

Connection Disconnected…. And then I can retry

 

What am I missing?

 

Regards, Dirk

 

 

Reply | Threaded
Open this post in threaded view
|

Re: Guacamole and reverse Proxy

Ghost_Knight
Hmm, looks fine to me with a quick glance over, are mod_proxy and
mod_proxy_wstunnel both installed and enabled?




--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

AW: Guacamole and reverse Proxy

Dirk Laurenz
Yes, they are loaded:

root@webmail01:~# apache2ctl -t -D DUMP_MODULES
Loaded Modules:
 core_module (static)
 so_module (static)
 watchdog_module (static)
 http_module (static)
 log_config_module (static)
 logio_module (static)
 version_module (static)
 unixd_module (static)
 access_compat_module (shared)
 alias_module (shared)
 auth_basic_module (shared)
 authn_core_module (shared)
 authn_file_module (shared)
 authz_core_module (shared)
 authz_host_module (shared)
 authz_user_module (shared)
 autoindex_module (shared)
 deflate_module (shared)
 dir_module (shared)
 env_module (shared)
 filter_module (shared)
 headers_module (shared)
 mime_module (shared)
 mpm_prefork_module (shared)
 negotiation_module (shared)
 php7_module (shared)
 proxy_module (shared)
 proxy_http_module (shared)
 proxy_wstunnel_module (shared)
 reqtimeout_module (shared)
 rewrite_module (shared)
 setenvif_module (shared)
 socache_shmcb_module (shared)
 ssl_module (shared)
 status_module (shared)

Must be something with apache.. I configured portforwarding in parallel
which works seamlessly. But I want to uses apache ssl engine, cause I have
some other websites already runinng

-----Ursprüngliche Nachricht-----
Von: Ghost_Knight <[hidden email]>
Gesendet: Freitag, 23. Oktober 2020 01:34
An: [hidden email]
Betreff: Re: Guacamole and reverse Proxy

Hmm, looks fine to me with a quick glance over, are mod_proxy and
mod_proxy_wstunnel both installed and enabled?




--
Sent from:
http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]



---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Guacamole and reverse Proxy

vnick
In reply to this post by Dirk Laurenz
On Thu, Oct 22, 2020 at 6:21 PM Dirk Laurenz <[hidden email]> wrote:

Hello,

 

I make my first steps with guacamole and it’s great! Locally it’s working perfectly.

Now I try to expose it to the internet in order to use it remotely.

 

So I configured apache as an reverse proxy. That works fine so far, but I’m not able to start any session.

Logging to the web interface works fine. But as soon as I start an rdp session or ssh session they don’t work.

 

Locally they work.

 

Here’s my apache config:

 

<VirtualHost *:443>

DocumentRoot /var/www/vpn.somedom.com

ServerAdmin webmaster@localhost

ErrorLog /var/log/apache2/vpn.somedom.com_error.log

CustomLog /var/log/apache2/vpn.somedom.com_access.log combined

RewriteEngine on

RewriteCond %{SERVER_NAME} =roundcube.somedom.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

SSLEngine on

SSLProxyEngine on

<Directory "/var/www/vpn.somedom.com">

allow from all

Options None

Require all granted

</Directory>

ServerName vpn.somedom.com

 

                  <Location /guacamole/>

                                 Order allow,deny

                                 Allow from all

                                 ProxyPass http://localhost:8080/guacamole/ flushpackets=on

          ProxyPassReverse http://localhost:8080/guacamole/

      </Location>

 

                <Location /guacamole/websocket-tunnel>

                               Order allow,deny

                               Allow from all

         ProxyPass ws://localhost:8080/guacamole/websocket-tunnel

         ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel

     </Location>

 

     Header always unset X-Frame-Options

 

 

 

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/vpn.somedom.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/vpn.somedom.com/privkey.pem

</VirtualHost>

 

This what I see in the logs: (ssh)

 

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User "xxx" connected to connection "xxx".

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

 

And RDP

 

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.393 [http-nio-8080-exec-6] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".

Okt 22 23:57:35 webmail01 guacd[1536]: Creating new client for protocol "rdp"

Okt 22 23:57:35 webmail01 guacd[1536]: Connection ID is "$be247aff-2218-4279-8aa6-fda852e6a056"

Okt 22 23:57:35 webmail01 guacd[1740]: No security mode specified. Defaulting to security mode negotiation with server.

Okt 22 23:57:35 webmail01 guacd[1740]: Resize method: none

Okt 22 23:57:35 webmail01 guacd[1740]: User "@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" joined connection "$be247aff-2218-4279-8aa6-fda852e6a056" (1 users now present)

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "dlaurenz" connected to connection "JD01".

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "base"

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "de-de-qwertz"

Okt 22 23:57:35 webmail01 guacd[1740]: Connected to RDPDR 1.13 as client 0x0003

Okt 22 23:58:07 webmail01 guacd[1740]: RDP server closed connection: Manually logged off.

Okt 22 23:58:07 webmail01 guacd[1740]: Internal RDP client disconnected


This indicates that the RDP server has, for some reason or another, closed the connection.  Are you able to successfully connect to this server with identical parameters from a standard RDP client?

-Nick
Reply | Threaded
Open this post in threaded view
|

AW: Guacamole and reverse Proxy

Dirk Laurenz

My Setup is as follows

 

 

Webmail01 running tomcat with guacamole on port 8080

Apache 2 on same machine listening on 443….

 

Connecting to guacamole directly on port 8080, fine!

Connecting to apache, not working

Connecting directly to rdp client, working

 

Von: Nick Couchman <[hidden email]>
Gesendet: Freitag, 23. Oktober 2020 14:26
An: [hidden email]
Betreff: Re: Guacamole and reverse Proxy

 

On Thu, Oct 22, 2020 at 6:21 PM Dirk Laurenz <[hidden email]> wrote:

Hello,

 

I make my first steps with guacamole and it’s great! Locally it’s working perfectly.

Now I try to expose it to the internet in order to use it remotely.

 

So I configured apache as an reverse proxy. That works fine so far, but I’m not able to start any session.

Logging to the web interface works fine. But as soon as I start an rdp session or ssh session they don’t work.

 

Locally they work.

 

Here’s my apache config:

 

<VirtualHost *:443>

DocumentRoot /var/www/vpn.somedom.com

ServerAdmin webmaster@localhost

ErrorLog /var/log/apache2/vpn.somedom.com_error.log

CustomLog /var/log/apache2/vpn.somedom.com_access.log combined

RewriteEngine on

RewriteCond %{SERVER_NAME} =roundcube.somedom.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

SSLEngine on

SSLProxyEngine on

<Directory "/var/www/vpn.somedom.com">

allow from all

Options None

Require all granted

</Directory>

ServerName vpn.somedom.com

 

                  <Location /guacamole/>

                                 Order allow,deny

                                 Allow from all

                                 ProxyPass http://localhost:8080/guacamole/ flushpackets=on

          ProxyPassReverse http://localhost:8080/guacamole/

      </Location>

 

                <Location /guacamole/websocket-tunnel>

                               Order allow,deny

                               Allow from all

         ProxyPass ws://localhost:8080/guacamole/websocket-tunnel

         ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel

     </Location>

 

     Header always unset X-Frame-Options

 

 

 

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/vpn.somedom.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/vpn.somedom.com/privkey.pem

</VirtualHost>

 

This what I see in the logs: (ssh)

 

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User "xxx" connected to connection "xxx".

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

 

And RDP

 

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.393 [http-nio-8080-exec-6] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".

Okt 22 23:57:35 webmail01 guacd[1536]: Creating new client for protocol "rdp"

Okt 22 23:57:35 webmail01 guacd[1536]: Connection ID is "$be247aff-2218-4279-8aa6-fda852e6a056"

Okt 22 23:57:35 webmail01 guacd[1740]: No security mode specified. Defaulting to security mode negotiation with server.

Okt 22 23:57:35 webmail01 guacd[1740]: Resize method: none

Okt 22 23:57:35 webmail01 guacd[1740]: User "@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" joined connection "$be247aff-2218-4279-8aa6-fda852e6a056" (1 users now present)

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "dlaurenz" connected to connection "JD01".

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "base"

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "de-de-qwertz"

Okt 22 23:57:35 webmail01 guacd[1740]: Connected to RDPDR 1.13 as client 0x0003

Okt 22 23:58:07 webmail01 guacd[1740]: RDP server closed connection: Manually logged off.

Okt 22 23:58:07 webmail01 guacd[1740]: Internal RDP client disconnected

 

This indicates that the RDP server has, for some reason or another, closed the connection.  Are you able to successfully connect to this server with identical parameters from a standard RDP client?

 

-Nick

Reply | Threaded
Open this post in threaded view
|

AW: Guacamole and reverse Proxy

Dirk Laurenz
In reply to this post by vnick

More over i nated the tomcat  port directly to the internet.. works fine… it seems to be something between tomcat and apache

 

Von: Nick Couchman <[hidden email]>
Gesendet: Freitag, 23. Oktober 2020 14:26
An: [hidden email]
Betreff: Re: Guacamole and reverse Proxy

 

On Thu, Oct 22, 2020 at 6:21 PM Dirk Laurenz <[hidden email]> wrote:

Hello,

 

I make my first steps with guacamole and it’s great! Locally it’s working perfectly.

Now I try to expose it to the internet in order to use it remotely.

 

So I configured apache as an reverse proxy. That works fine so far, but I’m not able to start any session.

Logging to the web interface works fine. But as soon as I start an rdp session or ssh session they don’t work.

 

Locally they work.

 

Here’s my apache config:

 

<VirtualHost *:443>

DocumentRoot /var/www/vpn.somedom.com

ServerAdmin webmaster@localhost

ErrorLog /var/log/apache2/vpn.somedom.com_error.log

CustomLog /var/log/apache2/vpn.somedom.com_access.log combined

RewriteEngine on

RewriteCond %{SERVER_NAME} =roundcube.somedom.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

SSLEngine on

SSLProxyEngine on

<Directory "/var/www/vpn.somedom.com">

allow from all

Options None

Require all granted

</Directory>

ServerName vpn.somedom.com

 

                  <Location /guacamole/>

                                 Order allow,deny

                                 Allow from all

                                 ProxyPass http://localhost:8080/guacamole/ flushpackets=on

          ProxyPassReverse http://localhost:8080/guacamole/

      </Location>

 

                <Location /guacamole/websocket-tunnel>

                               Order allow,deny

                               Allow from all

         ProxyPass ws://localhost:8080/guacamole/websocket-tunnel

         ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel

     </Location>

 

     Header always unset X-Frame-Options

 

 

 

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/vpn.somedom.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/vpn.somedom.com/privkey.pem

</VirtualHost>

 

This what I see in the logs: (ssh)

 

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User "xxx" connected to connection "xxx".

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

 

And RDP

 

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.393 [http-nio-8080-exec-6] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".

Okt 22 23:57:35 webmail01 guacd[1536]: Creating new client for protocol "rdp"

Okt 22 23:57:35 webmail01 guacd[1536]: Connection ID is "$be247aff-2218-4279-8aa6-fda852e6a056"

Okt 22 23:57:35 webmail01 guacd[1740]: No security mode specified. Defaulting to security mode negotiation with server.

Okt 22 23:57:35 webmail01 guacd[1740]: Resize method: none

Okt 22 23:57:35 webmail01 guacd[1740]: User "@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" joined connection "$be247aff-2218-4279-8aa6-fda852e6a056" (1 users now present)

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "dlaurenz" connected to connection "JD01".

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "base"

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "de-de-qwertz"

Okt 22 23:57:35 webmail01 guacd[1740]: Connected to RDPDR 1.13 as client 0x0003

Okt 22 23:58:07 webmail01 guacd[1740]: RDP server closed connection: Manually logged off.

Okt 22 23:58:07 webmail01 guacd[1740]: Internal RDP client disconnected

 

This indicates that the RDP server has, for some reason or another, closed the connection.  Are you able to successfully connect to this server with identical parameters from a standard RDP client?

 

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: Guacamole and reverse Proxy

mjumper
Administrator
In reply to this post by Dirk Laurenz
Is there anything in your Apache error logs after Apache is restarted? Or after an attempt to connect fails?

- Mike


On Fri, Oct 23, 2020, 13:11 Dirk Laurenz <[hidden email]> wrote:

My Setup is as follows

 

 

Webmail01 running tomcat with guacamole on port 8080

Apache 2 on same machine listening on 443….

 

Connecting to guacamole directly on port 8080, fine!

Connecting to apache, not working

Connecting directly to rdp client, working

 

Von: Nick Couchman <[hidden email]>
Gesendet: Freitag, 23. Oktober 2020 14:26
An: [hidden email]
Betreff: Re: Guacamole and reverse Proxy

 

On Thu, Oct 22, 2020 at 6:21 PM Dirk Laurenz <[hidden email]> wrote:

Hello,

 

I make my first steps with guacamole and it’s great! Locally it’s working perfectly.

Now I try to expose it to the internet in order to use it remotely.

 

So I configured apache as an reverse proxy. That works fine so far, but I’m not able to start any session.

Logging to the web interface works fine. But as soon as I start an rdp session or ssh session they don’t work.

 

Locally they work.

 

Here’s my apache config:

 

<VirtualHost *:443>

DocumentRoot /var/www/vpn.somedom.com

ServerAdmin webmaster@localhost

ErrorLog /var/log/apache2/vpn.somedom.com_error.log

CustomLog /var/log/apache2/vpn.somedom.com_access.log combined

RewriteEngine on

RewriteCond %{SERVER_NAME} =roundcube.somedom.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

SSLEngine on

SSLProxyEngine on

<Directory "/var/www/vpn.somedom.com">

allow from all

Options None

Require all granted

</Directory>

ServerName vpn.somedom.com

 

                  <Location /guacamole/>

                                 Order allow,deny

                                 Allow from all

                                 ProxyPass http://localhost:8080/guacamole/ flushpackets=on

          ProxyPassReverse http://localhost:8080/guacamole/

      </Location>

 

                <Location /guacamole/websocket-tunnel>

                               Order allow,deny

                               Allow from all

         ProxyPass ws://localhost:8080/guacamole/websocket-tunnel

         ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel

     </Location>

 

     Header always unset X-Frame-Options

 

 

 

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/vpn.somedom.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/vpn.somedom.com/privkey.pem

</VirtualHost>

 

This what I see in the logs: (ssh)

 

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User "xxx" connected to connection "xxx".

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

 

And RDP

 

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.393 [http-nio-8080-exec-6] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".

Okt 22 23:57:35 webmail01 guacd[1536]: Creating new client for protocol "rdp"

Okt 22 23:57:35 webmail01 guacd[1536]: Connection ID is "$be247aff-2218-4279-8aa6-fda852e6a056"

Okt 22 23:57:35 webmail01 guacd[1740]: No security mode specified. Defaulting to security mode negotiation with server.

Okt 22 23:57:35 webmail01 guacd[1740]: Resize method: none

Okt 22 23:57:35 webmail01 guacd[1740]: User "@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" joined connection "$be247aff-2218-4279-8aa6-fda852e6a056" (1 users now present)

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "dlaurenz" connected to connection "JD01".

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "base"

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "de-de-qwertz"

Okt 22 23:57:35 webmail01 guacd[1740]: Connected to RDPDR 1.13 as client 0x0003

Okt 22 23:58:07 webmail01 guacd[1740]: RDP server closed connection: Manually logged off.

Okt 22 23:58:07 webmail01 guacd[1740]: Internal RDP client disconnected

 

This indicates that the RDP server has, for some reason or another, closed the connection.  Are you able to successfully connect to this server with identical parameters from a standard RDP client?

 

-Nick

Reply | Threaded
Open this post in threaded view
|

AW: Guacamole and reverse Proxy

Dirk Laurenz

Hi, i make a clean run this evening (clear logs before test)….

 

Von: Mike Jumper <[hidden email]>
Gesendet: Freitag, 23. Oktober 2020 22:21
An: [hidden email]
Betreff: Re: Guacamole and reverse Proxy

 

Is there anything in your Apache error logs after Apache is restarted? Or after an attempt to connect fails?

 

- Mike

 

On Fri, Oct 23, 2020, 13:11 Dirk Laurenz <[hidden email]> wrote:

My Setup is as follows

 

 

Webmail01 running tomcat with guacamole on port 8080

Apache 2 on same machine listening on 443….

 

Connecting to guacamole directly on port 8080, fine!

Connecting to apache, not working

Connecting directly to rdp client, working

 

Von: Nick Couchman <[hidden email]>
Gesendet: Freitag, 23. Oktober 2020 14:26
An: [hidden email]
Betreff: Re: Guacamole and reverse Proxy

 

On Thu, Oct 22, 2020 at 6:21 PM Dirk Laurenz <[hidden email]> wrote:

Hello,

 

I make my first steps with guacamole and it’s great! Locally it’s working perfectly.

Now I try to expose it to the internet in order to use it remotely.

 

So I configured apache as an reverse proxy. That works fine so far, but I’m not able to start any session.

Logging to the web interface works fine. But as soon as I start an rdp session or ssh session they don’t work.

 

Locally they work.

 

Here’s my apache config:

 

<VirtualHost *:443>

DocumentRoot /var/www/vpn.somedom.com

ServerAdmin webmaster@localhost

ErrorLog /var/log/apache2/vpn.somedom.com_error.log

CustomLog /var/log/apache2/vpn.somedom.com_access.log combined

RewriteEngine on

RewriteCond %{SERVER_NAME} =roundcube.somedom.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

SSLEngine on

SSLProxyEngine on

<Directory "/var/www/vpn.somedom.com">

allow from all

Options None

Require all granted

</Directory>

ServerName vpn.somedom.com

 

                  <Location /guacamole/>

                                 Order allow,deny

                                 Allow from all

                                 ProxyPass http://localhost:8080/guacamole/ flushpackets=on

          ProxyPassReverse http://localhost:8080/guacamole/

      </Location>

 

                <Location /guacamole/websocket-tunnel>

                               Order allow,deny

                               Allow from all

         ProxyPass ws://localhost:8080/guacamole/websocket-tunnel

         ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel

     </Location>

 

     Header always unset X-Frame-Options

 

 

 

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/vpn.somedom.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/vpn.somedom.com/privkey.pem

</VirtualHost>

 

This what I see in the logs: (ssh)

 

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User "xxx" connected to connection "xxx".

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

 

And RDP

 

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.393 [http-nio-8080-exec-6] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".

Okt 22 23:57:35 webmail01 guacd[1536]: Creating new client for protocol "rdp"

Okt 22 23:57:35 webmail01 guacd[1536]: Connection ID is "$be247aff-2218-4279-8aa6-fda852e6a056"

Okt 22 23:57:35 webmail01 guacd[1740]: No security mode specified. Defaulting to security mode negotiation with server.

Okt 22 23:57:35 webmail01 guacd[1740]: Resize method: none

Okt 22 23:57:35 webmail01 guacd[1740]: User "@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" joined connection "$be247aff-2218-4279-8aa6-fda852e6a056" (1 users now present)

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "dlaurenz" connected to connection "JD01".

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "base"

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "de-de-qwertz"

Okt 22 23:57:35 webmail01 guacd[1740]: Connected to RDPDR 1.13 as client 0x0003

Okt 22 23:58:07 webmail01 guacd[1740]: RDP server closed connection: Manually logged off.

Okt 22 23:58:07 webmail01 guacd[1740]: Internal RDP client disconnected

 

This indicates that the RDP server has, for some reason or another, closed the connection.  Are you able to successfully connect to this server with identical parameters from a standard RDP client?

 

-Nick

Reply | Threaded
Open this post in threaded view
|

AW: Guacamole and reverse Proxy

Dirk Laurenz

Don’t know why – it’s running, didn’t change anything. Thanks for the help

 

Von: Dirk Laurenz <[hidden email]>
Gesendet: Samstag, 24. Oktober 2020 10:44
An: [hidden email]
Betreff: AW: Guacamole and reverse Proxy

 

Hi, i make a clean run this evening (clear logs before test)….

 

Von: Mike Jumper <[hidden email]>
Gesendet: Freitag, 23. Oktober 2020 22:21
An: [hidden email]
Betreff: Re: Guacamole and reverse Proxy

 

Is there anything in your Apache error logs after Apache is restarted? Or after an attempt to connect fails?

 

- Mike

 

On Fri, Oct 23, 2020, 13:11 Dirk Laurenz <[hidden email]> wrote:

My Setup is as follows

 

 

Webmail01 running tomcat with guacamole on port 8080

Apache 2 on same machine listening on 443….

 

Connecting to guacamole directly on port 8080, fine!

Connecting to apache, not working

Connecting directly to rdp client, working

 

Von: Nick Couchman <[hidden email]>
Gesendet: Freitag, 23. Oktober 2020 14:26
An: [hidden email]
Betreff: Re: Guacamole and reverse Proxy

 

On Thu, Oct 22, 2020 at 6:21 PM Dirk Laurenz <[hidden email]> wrote:

Hello,

 

I make my first steps with guacamole and it’s great! Locally it’s working perfectly.

Now I try to expose it to the internet in order to use it remotely.

 

So I configured apache as an reverse proxy. That works fine so far, but I’m not able to start any session.

Logging to the web interface works fine. But as soon as I start an rdp session or ssh session they don’t work.

 

Locally they work.

 

Here’s my apache config:

 

<VirtualHost *:443>

DocumentRoot /var/www/vpn.somedom.com

ServerAdmin webmaster@localhost

ErrorLog /var/log/apache2/vpn.somedom.com_error.log

CustomLog /var/log/apache2/vpn.somedom.com_access.log combined

RewriteEngine on

RewriteCond %{SERVER_NAME} =roundcube.somedom.com

RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

SSLEngine on

SSLProxyEngine on

<Directory "/var/www/vpn.somedom.com">

allow from all

Options None

Require all granted

</Directory>

ServerName vpn.somedom.com

 

                  <Location /guacamole/>

                                 Order allow,deny

                                 Allow from all

                                 ProxyPass http://localhost:8080/guacamole/ flushpackets=on

          ProxyPassReverse http://localhost:8080/guacamole/

      </Location>

 

                <Location /guacamole/websocket-tunnel>

                               Order allow,deny

                               Allow from all

         ProxyPass ws://localhost:8080/guacamole/websocket-tunnel

         ProxyPassReverse ws://localhost:8080/guacamole/websocket-tunnel

     </Location>

 

     Header always unset X-Frame-Options

 

 

 

Include /etc/letsencrypt/options-ssl-apache.conf

SSLCertificateFile /etc/letsencrypt/live/vpn.somedom.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/vpn.somedom.com/privkey.pem

</VirtualHost>

 

This what I see in the logs: (ssh)

 

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User "xxx" connected to connection "xxx".

Okt 22 23:51:55 webmail01 tomcat9[1543]: 23:51:55.508 [http-nio-8080-exec-2] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

 

And RDP

 

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.393 [http-nio-8080-exec-6] INFO  o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".

Okt 22 23:57:35 webmail01 guacd[1536]: Creating new client for protocol "rdp"

Okt 22 23:57:35 webmail01 guacd[1536]: Connection ID is "$be247aff-2218-4279-8aa6-fda852e6a056"

Okt 22 23:57:35 webmail01 guacd[1740]: No security mode specified. Defaulting to security mode negotiation with server.

Okt 22 23:57:35 webmail01 guacd[1740]: Resize method: none

Okt 22 23:57:35 webmail01 guacd[1740]: User "@558cf0b5-f56f-4ae5-ac9a-442c48107e7e" joined connection "$be247aff-2218-4279-8aa6-fda852e6a056" (1 users now present)

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "dlaurenz" connected to connection "JD01".

Okt 22 23:57:35 webmail01 tomcat9[1543]: 23:57:35.450 [http-nio-8080-exec-6] INFO  o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "base"

Okt 22 23:57:35 webmail01 guacd[1740]: Loading keymap "de-de-qwertz"

Okt 22 23:57:35 webmail01 guacd[1740]: Connected to RDPDR 1.13 as client 0x0003

Okt 22 23:58:07 webmail01 guacd[1740]: RDP server closed connection: Manually logged off.

Okt 22 23:58:07 webmail01 guacd[1740]: Internal RDP client disconnected

 

This indicates that the RDP server has, for some reason or another, closed the connection.  Are you able to successfully connect to this server with identical parameters from a standard RDP client?

 

-Nick

Reply | Threaded
Open this post in threaded view
|

Re: Guacamole and reverse Proxy

Gerardo
In reply to this post by Dirk Laurenz
Hi,

im using guacamole with more than 1k of users,  i started using apache as
reverse proxy but i do not recomend you.

finally im sing haproxy and just works like a charm.  

use websocket without any extra conf and you can balance all your nodes.

using apache as reverse proxy you loss a lot of performance.


Regards



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Guacamole and reverse Proxy

Adrian Owen
Hi,

Would you be kind enough to send your sever specification for your 1K users

Cores, Ram, Disks etc. Is recording  enabled?


Useful info for many users.

Thanks, Adrian

-----Original Message-----
From: Gerardo [mailto:[hidden email]]
Sent: 29 October 2020 14:24
To: [hidden email]
Subject: Re: Guacamole and reverse Proxy

Hi,

im using guacamole with more than 1k of users,  i started using apache as reverse proxy but i do not recomend you.

finally im sing haproxy and just works like a charm.  

use websocket without any extra conf and you can balance all your nodes.

using apache as reverse proxy you loss a lot of performance.


Regards



--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]