I am attempting to get guacamole working with apache. I have been working with the guacamole users, but they now tell me that I have an apache2 configuration problem. So, I am trying to get some help from apache2 users.
The set up I have is a small network behind a firewall/NAT router (running pfsense). HTTPS requests go to an external address and non-standard port that the router converts using NAT to an internal address and standard port for HTTPS (443). The local machine servicing requests to this internal address/port pair runs SSLH, which is a SSH/HTTPS protocol multiplexor. The SSLH daemon parses the first part of each protocol packet and decides to forward it to either the sshd daemon or the installed apache web server. In the latter case it sends to port 4443, on which apache is listening. I know this works, since I can login to the machine via ssh from an external address and HTTPS requests to the configured virtual machine display properly, e.g., https://<machine dns name>:<external port that NAT translates to 443>/phpinfo.php
The problem occurs when I attempt to access guacamole with an HTTPS request of: https://<machine dns name>:<external port that NAT translates to 443>/guacamole. This does not work. The file 000-default.conf in /etc/apache/sites-enabled is:
# Comment out the port 80 virtual host block
<IfDefine IgnoreBlockComment>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
</IfDefine>
<VirtualHost *:4443>
ServerName <machine dns name>
DocumentRoot /mnt/raid5/webserver/sites/MOserver
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
#Require all granted
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Since web page URLs work properly, the only thing I can imagine is causing a problem are the two <Location> blocks that contain ProxyPass and ProxyPassReverse entries. I am completely unfamilar with these and would appreciate some help with the apache2 configuration that is supposed to enable guacamole communication.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
The set up I have is a small network behind a firewall/NAT router (running pfsense). HTTPS requests go to an external address and non-standard port that the router converts using NAT to an internal address and standard port for HTTPS (443). The local machine servicing requests to this internal address/port pair runs SSLH, which is a SSH/HTTPS protocol multiplexor. The SSLH daemon parses the first part of each protocol packet and decides to forward it to either the sshd daemon or the installed apache web server. In the latter case it sends to port 4443, on which apache is listening. I know this works, since I can login to the machine via ssh from an external address and HTTPS requests to the configured virtual machine display properly, e.g., https://<machine dns name>:<external port that NAT translates to 443>/phpinfo.php
The problem occurs when I attempt to access guacamole with an HTTPS request of: https://<machine dns name>:<external port that NAT translates to 443>/guacamole. This does not work. The file 000-default.conf in /etc/apache/sites-enabled is:
# Comment out the port 80 virtual host block
<IfDefine IgnoreBlockComment>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
</IfDefine>
<VirtualHost *:4443>
ServerName <machine dns name>
DocumentRoot /mnt/raid5/webserver/sites/MOserver
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
#Require all granted
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Since web page URLs work properly, the only thing I can imagine is causing a problem are the two <Location> blocks that contain ProxyPass and ProxyPassReverse entries. I am completely unfamilar with these and would appreciate some help with the apache2 configuration that is supposed to enable guacamole communication.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org