I am not talking about HTTPS in relation to accessing the domain/ip via a
browser, this I have setup and working via Nginx.
I am asking about:
1) Encrpytion between guac client and guac server (guacd) via the guacd-ssl
property in guacamole.properties
2) Encryption between Tomcat and Guac, via the server.xml file for tomcat in
a connector tag
2) Encryption for the MariaDB database via the mysql-ssl-* properties in
guacamole.properties (using MariaDB and MariaDB Connector J)
So the gist for above is basically whats the proper approach to each?
"guacd-ssl...Note that if you enable this option, you must also configure
guacd to use SSL via command line options. These options are documented in
the manpage of guacd. You will need an SSL certificate and private key."
Would this mean its nessasary to modify the guacd service (when set to
enabled/auto start) to use certain switches in the commands used to launch
Whats the proper place to put the keys (import to JKS or place in dir, etc)?
Most importantly, how do you confirm this is working once configured?
I know in server.xml I can have a connector set to use TLS/https, etc. Would
I do this on the connector entry for port 8080 (not encrypted by default) or
would I do this as another connector block using another port (like 8443)
and then modify my Ngix config proxy_pass parameters to use 8443 (Ex:
Again, how would I confirm communication was being encrypted properly after
setting this up?