You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Dan Nessett <dn...@yahoo.com.INVALID> on 2022/12/18 21:52:13 UTC
I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
I am having trouble configuring Guacamole with Apache. The set up I have is a small network behind a firewall/NAT router (running pfsense). HTTPS requests go to an external address and non-standard port that the router converts using NAT to an internal address and standard port for HTTPS (443). The local machine servicing requests to this internal address/port pair runs SSLH, which is a SSH/HTTPS protocol multiplexor. The SSLH daemon parses the first part of each protocol packet and decides to forward it to either the sshd daemon or the installed apache web server. In the latter case it sends to port 4443, on which apache is listening. I know this works, since I can login to the machine via ssh from an external address and HTTPS requests to the configured virtual machine display properly.
The problem occurs when I attempt to access guacamole with an HTTPS request of: https://<machine dns name>:<external port that NAT translates to 443>/guacamole. This does not work. The file 000-default.conf in /etc/apache/sites-enabled is:
# Comment out the port 80 virtual host block
<IfDefine IgnoreBlockComment>
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
</IfDefine>
<VirtualHost localhost:4443>
ServerName server
DocumentRoot /mnt/raid5/webserver/sites/MOserver
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:4822/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:4822/guacamole/
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
#Require all granted
ProxyPass ws://127.0.0.1:4822/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:4822/guacamole/websocket-tunnel
</Location>
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
I tried to follow the instructions here: https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache
However, the port suggested for guacamole listening (8080) is used by Tomcat, so I changed it to 4822, which is the default port for guacamole.
The configuration file for guacamole is:
# MySQL properties
mysql-hostname: 127.0.0.1
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: xxxxxxxxxx
Before sending a request to guacamole, this is the listening profile of the machine:
dnessett@Mount:/etc/apache2/sites-enabled$ sudo lsof -i -P -n | grep LISTEN
systemd-r 819 systemd-resolve 13u IPv4 18298 0t0 TCP 127.0.0.53:53 (LISTEN)
sslh 970 sslh 3u IPv4 24819 0t0 TCP *:443 (LISTEN)
vsftpd 979 root 3u IPv6 24699 0t0 TCP *:21 (LISTEN)
sslh 1094 sslh 3u IPv4 24819 0t0 TCP *:443 (LISTEN)
java 1095 tomcat 41u IPv6 30012 0t0 TCP *:8080 (LISTEN)
sshd 1115 root 3u IPv4 27938 0t0 TCP *:22 (LISTEN)
sshd 1115 root 4u IPv6 27940 0t0 TCP *:22 (LISTEN)
mysqld 1117 mysql 33u IPv4 23476 0t0 TCP 127.0.0.1:3306 (LISTEN)
apache2 1156 root 4u IPv6 24859 0t0 TCP *:4443 (LISTEN)
guacd 1350 root 4u IPv4 23482 0t0 TCP 127.0.0.1:4822 (LISTEN)
apache2 1831 www-data 4u IPv6 24859 0t0 TCP *:4443 (LISTEN)
apache2 1833 www-data 4u IPv6 24859 0t0 TCP *:4443 (LISTEN)
apache2 1834 www-data 4u IPv6 24859 0t0 TCP *:4443 (LISTEN)
apache2 1835 www-data 4u IPv6 24859 0t0 TCP *:4443 (LISTEN)
apache2 1836 www-data 4u IPv6 24859 0t0 TCP *:4443 (LISTEN)
cupsd 1845 root 6u IPv6 33375 0t0 TCP [::1]:631 (LISTEN)
cupsd 1845 root 7u IPv4 33376 0t0 TCP 127.0.0.1:631 (LISTEN)
dnessett@Mount:/etc/apache2/sites-enabled$
As is clear, tomcat is listening on 8080, apache is listening on 4443, sslh is listening on 443 and guacamole is listening on 4822.
The apache2 status is:
dnessett@Mount:/etc/apache2/sites-enabled$ sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Sun 2022-12-18 13:26:17 MST; 21min ago
Process: 1827 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 971 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
Main PID: 1156 (apache2)
Tasks: 6 (limit: 4915)
CGroup: /system.slice/apache2.service
├─1156 /usr/sbin/apache2 -k start
├─1831 /usr/sbin/apache2 -k start
├─1833 /usr/sbin/apache2 -k start
├─1834 /usr/sbin/apache2 -k start
├─1835 /usr/sbin/apache2 -k start
└─1836 /usr/sbin/apache2 -k start
Dec 18 13:26:12 Mount systemd[1]: Starting The Apache HTTP Server...
Dec 18 13:26:17 Mount systemd[1]: Started The Apache HTTP Server.
Dec 18 13:31:13 Mount systemd[1]: Reloading The Apache HTTP Server.
Dec 18 13:31:13 Mount systemd[1]: Reloaded The Apache HTTP Server.
And guacamole status is:
dnessett@Mount:/etc/apache2/sites-enabled$ sudo systemctl status guacd
● guacd.service - LSB: Guacamole proxy daemon
Loaded: loaded (/etc/init.d/guacd; generated)
Active: active (running) since Sun 2022-12-18 13:26:20 MST; 22min ago
Docs: man:systemd-sysv-generator(8)
Process: 1330 ExecStart=/etc/init.d/guacd start (code=exited, status=0/SUCCESS)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/guacd.service
└─1350 /usr/local/sbin/guacd -p /var/run/guacd.pid
Dec 18 13:26:19 Mount systemd[1]: Starting LSB: Guacamole proxy daemon...
Dec 18 13:26:20 Mount guacd[1332]: Guacamole proxy daemon (guacd) version 1.3.0 started
Dec 18 13:26:20 Mount guacd[1330]: Starting guacd: guacd[1332]: INFO: Guacamole proxy daemon (guacd) version 1.3.0 started
Dec 18 13:26:20 Mount guacd[1330]: SUCCESS
Dec 18 13:26:20 Mount guacd[1350]: Listening on host 127.0.0.1, port 4822
Dec 18 13:26:20 Mount systemd[1]: Started LSB: Guacamole proxy daemon.
I started tcpdump and then sent the following URL to the apache server (through sslh):
https://<external machine dns name>:22553/guacamole <https://server.mountolive.com:22553/guacamole> (22553 is the port that NAT translates to 4430
The tcpdump result was:
dnessett@Mount:~$ !2387
sudo tcpdump -i lo
[sudo] password for dnessett:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
13:52:00.506283 IP localhost.52746 > localhost.4443: Flags [S], seq 3330538823, win 65495, options [mss 65495,sackOK,TS val 2893776088 ecr 0,nop,wscale 7], length 0
13:52:00.506297 IP localhost.4443 > localhost.52746: Flags [S.], seq 1284121790, ack 3330538824, win 65483, options [mss 65495,sackOK,TS val 2893776088 ecr 2893776088,nop,wscale 7], length 0
13:52:00.506310 IP localhost.52746 > localhost.4443: Flags [.], ack 1, win 512, options [nop,nop,TS val 2893776088 ecr 2893776088], length 0
13:52:00.506461 IP localhost.52748 > localhost.4443: Flags [S], seq 2774947261, win 65495, options [mss 65495,sackOK,TS val 2893776088 ecr 0,nop,wscale 7], length 0
13:52:00.507463 IP localhost.44102 > localhost.domain: 189+ [1au] PTR? 1.1.168.192.in-addr.arpa. (53)
13:52:00.507504 IP localhost.domain > localhost.49765: 15030 1/0/1 PTR pfSense.localdomain. (86)
13:52:00.507708 IP localhost.domain > localhost.44102: 189 1/0/1 PTR pfSense.localdomain. (86)
13:52:00.507862 IP localhost.40055 > localhost.domain: 17111+ [1au] PTR? 53.0.0.127.in-addr.arpa. (52)
13:52:00.508152 IP localhost.51341 > localhost.domain: 39632+ [1au] PTR? 27.1.168.192.in-addr.arpa. (54)
13:52:00.508335 IP localhost.51907 > localhost.domain: 8297+ [1au] PTR? 27.1.168.192.in-addr.arpa. (54)
13:52:00.508560 IP localhost.domain > localhost.51341: 39632 2/0/1 PTR Mount., PTR Mount.local. (98)
13:52:00.508866 IP localhost.domain > localhost.51907: 8297 2/0/1 PTR Mount., PTR Mount.local. (98)
13:52:00.509201 IP localhost.52746 > localhost.4443: Flags [P.], seq 1:518, ack 1, win 512, options [nop,nop,TS val 2893776091 ecr 2893776088], length 517
13:52:00.509231 IP localhost.4443 > localhost.52746: Flags [.], ack 518, win 508, options [nop,nop,TS val 2893776091 ecr 2893776091], length 0
13:52:00.509504 IP localhost.52748 > localhost.4443: Flags [P.], seq 2774947262:2774947779, ack 252338501, win 512, options [nop,nop,TS val 2893776091 ecr 2893776088], length 517
13:52:00.509541 IP localhost.4443 > localhost.52748: Flags [.], ack 517, win 508, options [nop,nop,TS val 2893776091 ecr 2893776091], length 0
13:52:00.511236 IP localhost.4443 > localhost.52746: Flags [P.], seq 1:257, ack 518, win 512, options [nop,nop,TS val 2893776093 ecr 2893776091], length 256
13:52:00.511248 IP localhost.52746 > localhost.4443: Flags [.], ack 257, win 510, options [nop,nop,TS val 2893776093 ecr 2893776093], length 0
13:52:00.511558 IP localhost.4443 > localhost.52748: Flags [P.], seq 1:257, ack 517, win 512, options [nop,nop,TS val 2893776093 ecr 2893776091], length 256
13:52:00.511572 IP localhost.52748 > localhost.4443: Flags [.], ack 257, win 510, options [nop,nop,TS val 2893776093 ecr 2893776093], length 0
13:52:00.519467 IP localhost.52748 > localhost.4443: Flags [P.], seq 517:597, ack 257, win 512, options [nop,nop,TS val 2893776101 ecr 2893776093], length 80
13:52:00.519474 IP localhost.52746 > localhost.4443: Flags [P.], seq 518:1370, ack 257, win 512, options [nop,nop,TS val 2893776101 ecr 2893776093], length 852
13:52:00.519681 IP localhost.4443 > localhost.52748: Flags [P.], seq 257:336, ack 597, win 512, options [nop,nop,TS val 2893776101 ecr 2893776101], length 79
13:52:00.519724 IP localhost.4443 > localhost.52746: Flags [P.], seq 257:336, ack 1370, win 512, options [nop,nop,TS val 2893776101 ecr 2893776101], length 79
13:52:00.520139 IP localhost.4443 > localhost.52746: Flags [P.], seq 336:894, ack 1370, win 512, options [nop,nop,TS val 2893776102 ecr 2893776101], length 558
13:52:00.520158 IP localhost.52746 > localhost.4443: Flags [.], ack 894, win 512, options [nop,nop,TS val 2893776102 ecr 2893776101], length 0
13:52:00.553688 IP localhost.52746 > localhost.4443: Flags [P.], seq 1370:2143, ack 894, win 512, options [nop,nop,TS val 2893776135 ecr 2893776101], length 773
13:52:00.562965 IP localhost.52748 > localhost.4443: Flags [.], ack 336, win 512, options [nop,nop,TS val 2893776145 ecr 2893776101], length 0
13:52:00.572809 IP localhost.4443 > localhost.52746: Flags [P.], seq 894:17548, ack 2143, win 512, options [nop,nop,TS val 2893776154 ecr 2893776135], length 16654
13:52:00.614946 IP localhost.52746 > localhost.4443: Flags [.], ack 17548, win 512, options [nop,nop,TS val 2893776197 ecr 2893776154], length 0
13:52:05.577989 IP localhost.4443 > localhost.52746: Flags [P.], seq 17548:17572, ack 2143, win 512, options [nop,nop,TS val 2893781160 ecr 2893776197], length 24
13:52:05.578013 IP localhost.52746 > localhost.4443: Flags [.], ack 17572, win 512, options [nop,nop,TS val 2893781160 ecr 2893781160], length 0
13:52:05.578095 IP localhost.4443 > localhost.52746: Flags [F.], seq 17572, ack 2143, win 512, options [nop,nop,TS val 2893781160 ecr 2893781160], length 0
13:52:05.578155 IP localhost.52746 > localhost.4443: Flags [F.], seq 2143, ack 17573, win 512, options [nop,nop,TS val 2893781160 ecr 2893781160], length 0
13:52:05.578193 IP localhost.4443 > localhost.52746: Flags [.], ack 2144, win 512, options [nop,nop,TS val 2893781160 ecr 2893781160], length 0
^C
35 packets captured
78 packets received by filter
8 packets dropped by kernel
dnessett@Mount:~$
As is apparent, the apache server (listening on 4443) is sending traffic to localhost.52748, not to localhost:4822. This leads me to believe that the Virtual Host in the apache configuration is improperly configured, but, as I said, I was just following the suggested configuration specified by the guacamole tutorial.
If anyone can see the mistake, I would greatly appreciate some help in rectifying it.
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
I have looked everywhere I can imagine and cannot find where “server.xml” is located. According to the official documentation (https://guacamole.apache.org/doc/gug/configuring-guacamole.html) all configuration data for guacamole comes from the directory /etc/guacamole. Yet, there is no “server.xml” in that directory.
> On Dec 18, 2022, at 5:50 PM, Michael Jumper <mj...@apache.org> wrote:
>
> <Connector .../> and <Valve .../> are elements used within Tomcat's server.xml configuration file, not the configuration of the Apache HTTP server.
>
> - Mike
>
>
> On Sun, Dec 18, 2022, 4:46 PM Dan Nessett <dn...@yahoo.com.invalid> wrote:
> OK. I changed the port to which apache proxies to 8080. Here is the resultant VirtualHost block:
>
> <VirtualHost localhost:4443>
> ServerName server
> DocumentRoot /mnt/raid5/webserver/sites/MOserver
> Header always unset X-Frame-Options
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> <Location /guacamole/>
> Order allow,deny
> Allow from all
> ProxyPass http://127.0.0.1:8080/guacamole/ <http://127.0.0.1:8080/guacamole/> flushpackets=on
> ProxyPassReverse http://127.0.0.1:8080/guacamole/ <http://127.0.0.1:8080/guacamole/>
> </Location>
>
> <Location /websocket-tunnel>
> Order allow,deny
> Allow from all
> #Require all granted
> ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel <>
> ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel <>
> </Location>
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="8443" />
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="127.0.0.1"
> remoteIpHeader="x-forwarded-for"
> remoteIpProxiesHeader="x-forwarded-by"
> protocolHeader="x-forwarded-proto" />
>
> SSLEngine on
> SSLCertificateFile /root/.acme.sh/* <http://acme.sh/*>.mountolive.com/fullchain.cer <http://mountolive.com/fullchain.cer>
> SSLCertificateKeyFile /root/.acme.sh/* <http://acme.sh/*>.mountolive.com/*.mountolive.com.key <http://mountolive.com/*.mountolive.com.key>
> </VirtualHost>
>
> Note that I added <Connector> and <Valve> blocks as is directed in the guacamole documentation. I didn’t know if the <Valve> block was necessary, so I added it as a precaution. However, apache2 then threw the following error:
>
> dnessett@Mount:/etc/apache2/sites-enabled$ sudo systemctl status apache2
> ● apache2.service - The Apache HTTP Server
> Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
> Drop-In: /lib/systemd/system/apache2.service.d
> └─apache2-systemd.conf
> Active: failed (Result: exit-code) since Sun 2022-12-18 17:33:38 MST; 30s ago
> Process: 3695 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
> Process: 1827 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
> Process: 3838 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
> Main PID: 3439 (code=exited, status=0/SUCCESS)
>
> Dec 18 17:33:37 Mount systemd[1]: Starting The Apache HTTP Server...
> Dec 18 17:33:37 Mount apachectl[3838]: apache2: Syntax error on line 223 of /etc/apache2/apache2.conf: Syntax error on line 72 of /etc/apache2/sites-enabled/000-default.conf: Expected </Valve> but saw
> Dec 18 17:33:38 Mount apachectl[3838]: Action 'start' failed.
> Dec 18 17:33:38 Mount apachectl[3838]: The Apache error log may have more information.
> Dec 18 17:33:38 Mount systemd[1]: apache2.service: Control process exited, code=exited status=1
> Dec 18 17:33:38 Mount systemd[1]: apache2.service: Failed with result 'exit-code'.
> Dec 18 17:33:38 Mount systemd[1]: Failed to start The Apache HTTP Server
>
>
>> On Dec 18, 2022, at 3:53 PM, Michael Jumper <mjumper@apache.org <ma...@apache.org>> wrote:
>>
>> On Sun, Dec 18, 2022, 1:52 PM Dan Nessett <dnessett@yahoo.com.invalid <ma...@yahoo.com.invalid>> wrote:
>> ...
>>
>> I tried to follow the instructions here: https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache <https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache>
>>
>> You should always look at the current version of the manual unless you have a specific need to look at the version-specific snapshot. The above link is for the 0.9.7 release which is 7 years old.
>>
>> https://guacamole.apache.org/doc/gug/ <https://guacamole.apache.org/doc/gug/>
>>
>> However, the port suggested for guacamole listening (8080) is used by Tomcat, so I changed it to 4822, which is the default port for guacamole.
>>
>> No, this is wrong. Port 4822 is the guacd port and has nothing to do with the webapp. Tomcat indeed should listen on port 8080, and therefore should be the port that Apache forwards its received data to.
>>
>> Overall:
>>
>> Browser <-- HTTPS (443) --> Apache <-- HTTP (8080) --> Tomcat
>>
>> The webapp establishes connections internally to guacd via port 4822 as needed. These are not publicly exposed through Apache any more than connections to the database are publicly exposed.
>>
>> - Mike
>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Michael Jumper <mj...@apache.org>.
Try pointing your browser at ".../guacamole/" instead of ".../guacamole".
It may be that Apache is sensitive to that trailing slash and you need a
rewrite rule.
- Mike
On Mon, Dec 19, 2022 at 1:50 PM Dan Nessett <dn...@yahoo.com.invalid>
wrote:
> Changed to a FQDN:
>
> <VirtualHost *:4443>
> ServerName server.mountolive.com
> DocumentRoot /mnt/raid5/webserver/sites/MOserver
> Header always unset X-Frame-Options
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> <Location /guacamole/>
> Order allow,deny
> Allow from all
> ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
> ProxyPassReverse http://127.0.0.1:8080/guacamole/
> </Location>
>
> <Location /websocket-tunnel>
> Order allow,deny
> Allow from all
> #Require all granted
> ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
> ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
> </Location>
>
> SSLEngine on
> SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
> SSLCertificateKeyFile /root/.
> acme.sh/*.mountolive.com/*.mountolive.com.key
> </VirtualHost>
>
> This does not fix the problem.
>
> > On Dec 19, 2022, at 2:01 PM, Alessandro Sironi <a....@me.com.INVALID>
> wrote:
> >
> >
> > ServerName must be FQDN, so server.mountolive.com and not only server
> > Inviato da iPhone
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
Changed to a FQDN:
<VirtualHost *:4443>
ServerName server.mountolive.com
DocumentRoot /mnt/raid5/webserver/sites/MOserver
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
#Require all granted
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
This does not fix the problem.
> On Dec 19, 2022, at 2:01 PM, Alessandro Sironi <a....@me.com.INVALID> wrote:
>
>
> ServerName must be FQDN, so server.mountolive.com and not only server
> Inviato da iPhone
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Alessandro Sironi <a....@me.com.INVALID>.
ServerName must be FQDN, so server.mountolive.com and not only server
Inviato da iPhone
> Il giorno 19 dic 2022, alle ore 20:43, Dan Nessett
> <dn...@yahoo.com.invalid> ha scritto:
>
>
> It was a good idea, Alessandro, but it didn’t work. I changed the
> VirtualHost block:
>
>
>
>
> <VirtualHost *:4443>
>
> ServerName server
>
> DocumentRoot /mnt/raid5/webserver/sites/MOserver
>
> Header always unset X-Frame-Options
>
>
>
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
>
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
>
>
>
> <Location /guacamole/>
>
> Order allow,deny
>
> Allow from all
>
> ProxyPass <http://127.0.0.1:8080/guacamole/> flushpackets=on
>
> ProxyPassReverse <http://127.0.0.1:8080/guacamole/>
>
> </Location>
>
>
>
>
> <Location /websocket-tunnel>
>
> Order allow,deny
>
> Allow from all
>
> #Require all granted
>
> ProxyPass <ws://127.0.0.1:8080/guacamole/websocket-tunnel>
>
> ProxyPassReverse <ws://127.0.0.1:8080/guacamole/websocket-tunnel>
>
> </Location>
>
>
>
>
> SSLEngine on
>
> SSLCertificateFile
> /root/.acme.sh/*.[mountolive.com/fullchain.cer](http://mountolive.com/fullchain.cer)
>
> SSLCertificateKeyFile
> /root/.acme.sh/*.[mountolive.com/*.mountolive.com.key](http://mountolive.com/*.mountolive.com.key)
>
> </VirtualHost>
>
>
>
>
> I restarted apache and tried to access guacamole, but it generated the same
> Not Found message.
>
>
>
>
>> On Dec 19, 2022, at 12:24 PM, Alessandro Sironi
<[a.sironi@me.com.INVALID](mailto:a.sironi@me.com.INVALID)> wrote:
>>
>>
>
>>
>> Oh, that’s for sure, that’s why I had wrote “ you can change
[guacamole.mountolive.com](http://guacamole.mountolive.com/) with what you
want/like.” I meant exatly this, the “big mistake”, IMHO, is in the
“<VirtualHost localhost:4443>”, here you are autoryzing only “localhost” to
visit that vhost, here why I suggest to use the wildcard.
>>
>> Best regards,
>>
>> Alessandro
>
>
>>
>> Inviato da iPhone
>>
>>
>
>>
>>> Il giorno 19 dic 2022, alle ore 19:32, Dan Nessett
<[dnessett@yahoo.com.invalid](mailto:dnessett@yahoo.com.invalid)> ha scritto:
>
>
>>
>>> Thanks Alessandro. However, I don’t think this will work, since the
ServerName is tied to DNS and the DNS name of the server is:
[server.mountolive.com](http://server.mountolive.com/). There is no DNS record
that would satisfy
[guacamole.mountolive.com](http://guacamole.mountolive.com/).
>>>
>>>
>
>>>
>>> Dan
>
>>>
>>>
>
>>>
>>>> On Dec 19, 2022, at 11:24 AM, Alessandro Sironi
<[a.sironi@me.com.INVALID](mailto:a.sironi@me.com.INVALID)> wrote:
>>>>
>>>>
>
>>>>
>>>> I would try with:
>
> <VirtualHost *:4443>
> ServerName
> [guacamole.mountolive.com](http://guacamole.mountolive.com/)
> ...................
> </VirtualHost>
>
> Where "..................." means to use your actual content, you can change
> [guacamole.mountolive.com](http://guacamole.mountolive.com/) with what you
> want/like.
> Remember to restart apache after you have edit the file.
>
> Best regards,
>
> Alessandro
>
> Il 19/12/2022 19:09, Dan Nessett ha scritto:
>
>>>>
>>>>> Thanks for your reply. In the access log, '127.0.0.1 - -
[19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1” 404’ is a URL not found
error (see below). However, there is nothing in the log to suggest why it
isn’t found. The sites-enabled/000-default.conf file is (leaving out commented
out blocks):
>
> <VirtualHost localhost:4443>
> ServerName server
> DocumentRoot /mnt/raid5/webserver/sites/MOserver
> Header always unset X-Frame-Options
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> <Location /guacamole/>
> Order allow,deny
> Allow from all
> ProxyPass <http://127.0.0.1:8080/guacamole/> flushpackets=on
> ProxyPassReverse <http://127.0.0.1:8080/guacamole/>
> </Location>
>
> <Location /websocket-tunnel>
> Order allow,deny
> Allow from all
> #Require all granted
> ProxyPass <ws://127.0.0.1:8080/guacamole/websocket-tunnel>
> ProxyPassReverse <ws://127.0.0.1:8080/guacamole/websocket-tunnel>
> </Location>
>
> SSLEngine on
> SSLCertificateFile
> /root/.acme.sh/*.[mountolive.com/fullchain.cer](http://mountolive.com/fullchain.cer)
> SSLCertificateKeyFile
> /root/.acme.sh/*.[mountolive.com/*.mountolive.com.key](http://mountolive.com/*.mountolive.com.key)
> </VirtualHost>
>
> Is there anything obvious why apache doesn’t find guacamole?
>
> For completeness, apache is passing the syntax of the config file:
>
> dnessett@Mount:~$ sudo apache2ctl configtest
> Syntax OK
> dnessett@Mount:~$
>
> dnessett@Mount:/var/log/apache2$ ls -al
> total 72
> drwxr-x--- 2 root adm 4096 Dec 19 09:13 .
> drwxrwxr-x 16 root syslog 4096 Dec 19 09:13 ..
> -rw-r----- 1 root adm 1633 Dec 19 10:12 access.log
> -rw-r----- 1 root adm 11678 Dec 18 18:46 access.log.1
> -rw-r----- 1 root adm 3066 Dec 17 18:48 access.log.2.gz
> -rw-r----- 1 root adm 682 Dec 16 16:32 access.log.3.gz
> -rw-r----- 1 root adm 319 Dec 15 22:52 access.log.4.gz
> -rw-r----- 1 root adm 405 Dec 19 09:13 error.log
> -rw-r----- 1 root adm 3822 Dec 19 09:13 error.log.1
> -rw-r----- 1 root adm 2338 Dec 18 13:31 error.log.2.gz
> -rw-r----- 1 root adm 1101 Dec 17 06:09 error.log.3.gz
> -rw-r----- 1 root adm 550 Dec 15 22:53 error.log.4.gz
> -rw-r----- 1 root adm 298 Dec 14 22:18 error.log.5.gz
> -rw-r----- 1 root adm 0 Dec 19 09:13 other_vhosts_access.log
> -rw-r----- 1 root adm 954 Dec 18 14:52 other_vhosts_access.log.1
> -rw-r----- 1 root adm 183 Dec 17 08:34 other_vhosts_access.log.2.gz
> -rw-r----- 1 root adm 203 Dec 16 16:20 other_vhosts_access.log.3.gz
> dnessett@Mount:/var/log/apache2$ cat error.log
> [Mon Dec 19 09:13:02.827821 2022] [ssl:warn] [pid 1196] AH01909:
> server:443:0 server certificate does NOT include an ID which matches the
> server name
> [Mon Dec 19 09:13:02.828265 2022] [mpm_prefork:notice] [pid 1196] AH00163:
> Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal
> operations
> [Mon Dec 19 09:13:02.828279 2022] [core:notice] [pid 1196] AH00094: Command
> line: '/usr/sbin/apache2'
> dnessett@Mount:/var/log/apache2$ cat access.log
> 127.0.0.1 - - [19/Dec/2022:09:58:35 -0700] "GET / HTTP/1.1" 200 5795 "-"
> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:09:58:44 -0700] "GET /phpinfo.php HTTP/1.1" 200
> 29026 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:09:58:55 -0700] "GET /guacamole HTTP/1.1" 404 893
> "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:09:59:15 -0700] "-" 408 335 "-" "-"
> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1" 404
> 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /favicon.ico HTTP/1.1" 304
> 203 "<https://server.mountolive.com:xxxxx/guacamole>" "Mozilla/5.0
> (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 5258 "-" "-"
> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 335 "-" "-"
> 127.0.0.1 - - [19/Dec/2022:10:12:01 -0700] "GET / HTTP/1.1" 200 5795 "-"
> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15
> (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
> 127.0.0.1 - - [19/Dec/2022:10:12:14 -0700] "GET /guacamole HTTP/1.1" 404
> 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
> AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
> dnessett@Mount:/var/log/apache2$ cat other_vhosts_access.log
> dnessett@Mount:/var/log/apache2$
>
> sudo lsof -i -P -n | grep LISTEN
> [sudo] password for dnessett:
> systemd-r 774 systemd-resolve 13u IPv4 17984 0t0 TCP
> 127.0.0.53:53 (LISTEN)
> sslh 986 sslh 3u IPv4 23025 0t0 TCP *:443
> (LISTEN)
> vsftpd 988 root 3u IPv6 22945 0t0 TCP *:21
> (LISTEN)
> sslh 1100 sslh 3u IPv4 23025 0t0 TCP *:443
> (LISTEN)
> sshd 1143 root 3u IPv4 27176 0t0 TCP *:22
> (LISTEN)
> sshd 1143 root 4u IPv6 27178 0t0 TCP *:22
> (LISTEN)
> mysqld 1190 mysql 27u IPv4 27023 0t0 TCP
> 127.0.0.1:3306 (LISTEN)
> apache2 1196 root 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> guacd 1450 root 4u IPv4 27919 0t0 TCP
> 127.0.0.1:4822 (LISTEN)
> apache2 1897 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 1898 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 1899 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 1900 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 1902 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> cupsd 1910 root 6u IPv6 34562 0t0 TCP [::1]:631
> (LISTEN)
> cupsd 1910 root 7u IPv4 34563 0t0 TCP
> 127.0.0.1:631 (LISTEN)
> java 2234 tomcat 41u IPv6 58159 0t0 TCP *:8080
> (LISTEN)
> apache2 2291 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 2292 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 2360 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> dnessett@Mount:~$
>
> Thanks for any help you can give.
>
>
> \---------------------------------------------------------------------
> To unsubscribe, [e-mail: user-unsubscribe@guacamole.apache.org](mailto:user-
> unsubscribe@guacamole.apache.org)
> For additional commands, [e-mail: user-
> help@guacamole.apache.org](mailto:user-help@guacamole.apache.org)
>
>
>>>>
>>>>
> \---------------------------------------------------------------------
> To unsubscribe, [e-mail: user-unsubscribe@guacamole.apache.org](mailto:user-
> unsubscribe@guacamole.apache.org)
> For additional commands, [e-mail: user-
> help@guacamole.apache.org](mailto:user-help@guacamole.apache.org)
>
>
>>>
>>>
>
>
>
>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
It was a good idea, Alessandro, but it didn’t work. I changed the VirtualHost block:
<VirtualHost *:4443>
ServerName server
DocumentRoot /mnt/raid5/webserver/sites/MOserver
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
#Require all granted
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
I restarted apache and tried to access guacamole, but it generated the same Not Found message.
> On Dec 19, 2022, at 12:24 PM, Alessandro Sironi <a....@me.com.INVALID> wrote:
>
> Oh, that’s for sure, that’s why I had wrote “ you can change guacamole.mountolive.com <http://guacamole.mountolive.com/> with what you want/like.” I meant exatly this, the “big mistake”, IMHO, is in the “<VirtualHost localhost:4443>”, here you are autoryzing only “localhost” to visit that vhost, here why I suggest to use the wildcard.
> Best regards,
> Alessandro
>
> Inviato da iPhone
>
>> Il giorno 19 dic 2022, alle ore 19:32, Dan Nessett <dn...@yahoo.com.invalid> ha scritto:
>>
>> Thanks Alessandro. However, I don’t think this will work, since the ServerName is tied to DNS and the DNS name of the server is: server.mountolive.com <http://server.mountolive.com/>. There is no DNS record that would satisfy guacamole.mountolive.com <http://guacamole.mountolive.com/>.
>>
>> Dan
>>
>>> On Dec 19, 2022, at 11:24 AM, Alessandro Sironi <a.sironi@me.com.INVALID <ma...@me.com.INVALID>> wrote:
>>>
>>> I would try with:
>>>
>>> <VirtualHost *:4443>
>>> ServerName guacamole.mountolive.com <http://guacamole.mountolive.com/>
>>> ...................
>>> </VirtualHost>
>>>
>>> Where "..................." means to use your actual content, you can change guacamole.mountolive.com <http://guacamole.mountolive.com/> with what you want/like.
>>> Remember to restart apache after you have edit the file.
>>>
>>> Best regards,
>>>
>>> Alessandro
>>>
>>> Il 19/12/2022 19:09, Dan Nessett ha scritto:
>>>> Thanks for your reply. In the access log, '127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1” 404’ is a URL not found error (see below). However, there is nothing in the log to suggest why it isn’t found. The sites-enabled/000-default.conf file is (leaving out commented out blocks):
>>>>
>>>> <VirtualHost localhost:4443>
>>>> ServerName server
>>>> DocumentRoot /mnt/raid5/webserver/sites/MOserver
>>>> Header always unset X-Frame-Options
>>>>
>>>> ErrorLog ${APACHE_LOG_DIR}/error.log
>>>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>>>>
>>>> <Location /guacamole/>
>>>> Order allow,deny
>>>> Allow from all
>>>> ProxyPass http://127.0.0.1:8080/guacamole/ <http://127.0.0.1:8080/guacamole/> flushpackets=on
>>>> ProxyPassReverse http://127.0.0.1:8080/guacamole/ <http://127.0.0.1:8080/guacamole/>
>>>> </Location>
>>>>
>>>> <Location /websocket-tunnel>
>>>> Order allow,deny
>>>> Allow from all
>>>> #Require all granted
>>>> ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel <ws://127.0.0.1:8080/guacamole/websocket-tunnel>
>>>> ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel <ws://127.0.0.1:8080/guacamole/websocket-tunnel>
>>>> </Location>
>>>>
>>>> SSLEngine on
>>>> SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer <http://mountolive.com/fullchain.cer>
>>>> SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key <http://mountolive.com/*.mountolive.com.key>
>>>> </VirtualHost>
>>>>
>>>> Is there anything obvious why apache doesn’t find guacamole?
>>>>
>>>> For completeness, apache is passing the syntax of the config file:
>>>>
>>>> dnessett@Mount:~$ sudo apache2ctl configtest
>>>> Syntax OK
>>>> dnessett@Mount:~$
>>>>
>>>> dnessett@Mount:/var/log/apache2$ ls -al
>>>> total 72
>>>> drwxr-x--- 2 root adm 4096 Dec 19 09:13 .
>>>> drwxrwxr-x 16 root syslog 4096 Dec 19 09:13 ..
>>>> -rw-r----- 1 root adm 1633 Dec 19 10:12 access.log
>>>> -rw-r----- 1 root adm 11678 Dec 18 18:46 access.log.1
>>>> -rw-r----- 1 root adm 3066 Dec 17 18:48 access.log.2.gz
>>>> -rw-r----- 1 root adm 682 Dec 16 16:32 access.log.3.gz
>>>> -rw-r----- 1 root adm 319 Dec 15 22:52 access.log.4.gz
>>>> -rw-r----- 1 root adm 405 Dec 19 09:13 error.log
>>>> -rw-r----- 1 root adm 3822 Dec 19 09:13 error.log.1
>>>> -rw-r----- 1 root adm 2338 Dec 18 13:31 error.log.2.gz
>>>> -rw-r----- 1 root adm 1101 Dec 17 06:09 error.log.3.gz
>>>> -rw-r----- 1 root adm 550 Dec 15 22:53 error.log.4.gz
>>>> -rw-r----- 1 root adm 298 Dec 14 22:18 error.log.5.gz
>>>> -rw-r----- 1 root adm 0 Dec 19 09:13 other_vhosts_access.log
>>>> -rw-r----- 1 root adm 954 Dec 18 14:52 other_vhosts_access.log.1
>>>> -rw-r----- 1 root adm 183 Dec 17 08:34 other_vhosts_access.log.2.gz
>>>> -rw-r----- 1 root adm 203 Dec 16 16:20 other_vhosts_access.log.3.gz
>>>> dnessett@Mount:/var/log/apache2$ cat error.log
>>>> [Mon Dec 19 09:13:02.827821 2022] [ssl:warn] [pid 1196] AH01909: server:443:0 server certificate does NOT include an ID which matches the server name
>>>> [Mon Dec 19 09:13:02.828265 2022] [mpm_prefork:notice] [pid 1196] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
>>>> [Mon Dec 19 09:13:02.828279 2022] [core:notice] [pid 1196] AH00094: Command line: '/usr/sbin/apache2'
>>>> dnessett@Mount:/var/log/apache2$ cat access.log
>>>> 127.0.0.1 - - [19/Dec/2022:09:58:35 -0700] "GET / HTTP/1.1" 200 5795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>>>> 127.0.0.1 - - [19/Dec/2022:09:58:44 -0700] "GET /phpinfo.php HTTP/1.1" 200 29026 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>>>> 127.0.0.1 - - [19/Dec/2022:09:58:55 -0700] "GET /guacamole HTTP/1.1" 404 893 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>>>> 127.0.0.1 - - [19/Dec/2022:09:59:15 -0700] "-" 408 335 "-" "-"
>>>> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1" 404 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>>>> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /favicon.ico HTTP/1.1" 304 203 "https://server.mountolive.com:xxxxx/guacamole <https://server.mountolive.com:xxxxx/guacamole>" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>>>> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 5258 "-" "-"
>>>> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 335 "-" "-"
>>>> 127.0.0.1 - - [19/Dec/2022:10:12:01 -0700] "GET / HTTP/1.1" 200 5795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
>>>> 127.0.0.1 - - [19/Dec/2022:10:12:14 -0700] "GET /guacamole HTTP/1.1" 404 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
>>>> dnessett@Mount:/var/log/apache2$ cat other_vhosts_access.log
>>>> dnessett@Mount:/var/log/apache2$
>>>>
>>>> sudo lsof -i -P -n | grep LISTEN
>>>> [sudo] password for dnessett:
>>>> systemd-r 774 systemd-resolve 13u IPv4 17984 0t0 TCP 127.0.0.53:53 (LISTEN)
>>>> sslh 986 sslh 3u IPv4 23025 0t0 TCP *:443 (LISTEN)
>>>> vsftpd 988 root 3u IPv6 22945 0t0 TCP *:21 (LISTEN)
>>>> sslh 1100 sslh 3u IPv4 23025 0t0 TCP *:443 (LISTEN)
>>>> sshd 1143 root 3u IPv4 27176 0t0 TCP *:22 (LISTEN)
>>>> sshd 1143 root 4u IPv6 27178 0t0 TCP *:22 (LISTEN)
>>>> mysqld 1190 mysql 27u IPv4 27023 0t0 TCP 127.0.0.1:3306 (LISTEN)
>>>> apache2 1196 root 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>>>> guacd 1450 root 4u IPv4 27919 0t0 TCP 127.0.0.1:4822 (LISTEN)
>>>> apache2 1897 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>>>> apache2 1898 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>>>> apache2 1899 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>>>> apache2 1900 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>>>> apache2 1902 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>>>> cupsd 1910 root 6u IPv6 34562 0t0 TCP [::1]:631 (LISTEN)
>>>> cupsd 1910 root 7u IPv4 34563 0t0 TCP 127.0.0.1:631 (LISTEN)
>>>> java 2234 tomcat 41u IPv6 58159 0t0 TCP *:8080 (LISTEN)
>>>> apache2 2291 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>>>> apache2 2292 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>>>> apache2 2360 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>>>> dnessett@Mount:~$
>>>>
>>>> Thanks for any help you can give.
>>>>
>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org <ma...@guacamole.apache.org>
>>>> For additional commands, e-mail: user-help@guacamole.apache.org <ma...@guacamole.apache.org>
>>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org <ma...@guacamole.apache.org>
>>> For additional commands, e-mail: user-help@guacamole.apache.org <ma...@guacamole.apache.org>
>>>
>>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Alessandro Sironi <a....@me.com.INVALID>.
Oh, that’s for sure, that’s why I had wrote “ you can change
[guacamole.mountolive.com](http://guacamole.mountolive.com) with what you
want/like.” I meant exatly this, the “big mistake”, IMHO, is in the
“<VirtualHost localhost:4443>”, here you are autoryzing only “localhost” to
visit that vhost, here why I suggest to use the wildcard.
Best regards,
Alessandro
Inviato da iPhone
> Il giorno 19 dic 2022, alle ore 19:32, Dan Nessett
> <dn...@yahoo.com.invalid> ha scritto:
>
>
> Thanks Alessandro. However, I don’t think this will work, since the
> ServerName is tied to DNS and the DNS name of the server is:
> [server.mountolive.com](http://server.mountolive.com). There is no DNS
> record that would satisfy
> [guacamole.mountolive.com](http://guacamole.mountolive.com).
>
>
>
>
> Dan
>
>
>
>
>
>> On Dec 19, 2022, at 11:24 AM, Alessandro Sironi
<[a.sironi@me.com.INVALID](mailto:a.sironi@me.com.INVALID)> wrote:
>>
>>
>
>>
>> I would try with:
>
> <VirtualHost *:4443>
> ServerName
> [guacamole.mountolive.com](http://guacamole.mountolive.com)
> ...................
> </VirtualHost>
>
> Where "..................." means to use your actual content, you can change
> [guacamole.mountolive.com](http://guacamole.mountolive.com) with what you
> want/like.
> Remember to restart apache after you have edit the file.
>
> Best regards,
>
> Alessandro
>
> Il 19/12/2022 19:09, Dan Nessett ha scritto:
>
>>
>>> Thanks for your reply. In the access log, '127.0.0.1 - -
[19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1” 404’ is a URL not found
error (see below). However, there is nothing in the log to suggest why it
isn’t found. The sites-enabled/000-default.conf file is (leaving out commented
out blocks):
>
> <VirtualHost localhost:4443>
> ServerName server
> DocumentRoot /mnt/raid5/webserver/sites/MOserver
> Header always unset X-Frame-Options
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> <Location /guacamole/>
> Order allow,deny
> Allow from all
> ProxyPass <http://127.0.0.1:8080/guacamole/> flushpackets=on
> ProxyPassReverse <http://127.0.0.1:8080/guacamole/>
> </Location>
>
> <Location /websocket-tunnel>
> Order allow,deny
> Allow from all
> #Require all granted
> ProxyPass <ws://127.0.0.1:8080/guacamole/websocket-tunnel>
> ProxyPassReverse <ws://127.0.0.1:8080/guacamole/websocket-tunnel>
> </Location>
>
> SSLEngine on
> SSLCertificateFile
> /root/.acme.sh/*.[mountolive.com/fullchain.cer](http://mountolive.com/fullchain.cer)
> SSLCertificateKeyFile
> /root/.acme.sh/*.[mountolive.com/*.mountolive.com.key](http://mountolive.com/*.mountolive.com.key)
> </VirtualHost>
>
> Is there anything obvious why apache doesn’t find guacamole?
>
> For completeness, apache is passing the syntax of the config file:
>
> dnessett@Mount:~$ sudo apache2ctl configtest
> Syntax OK
> dnessett@Mount:~$
>
> dnessett@Mount:/var/log/apache2$ ls -al
> total 72
> drwxr-x--- 2 root adm 4096 Dec 19 09:13 .
> drwxrwxr-x 16 root syslog 4096 Dec 19 09:13 ..
> -rw-r----- 1 root adm 1633 Dec 19 10:12 access.log
> -rw-r----- 1 root adm 11678 Dec 18 18:46 access.log.1
> -rw-r----- 1 root adm 3066 Dec 17 18:48 access.log.2.gz
> -rw-r----- 1 root adm 682 Dec 16 16:32 access.log.3.gz
> -rw-r----- 1 root adm 319 Dec 15 22:52 access.log.4.gz
> -rw-r----- 1 root adm 405 Dec 19 09:13 error.log
> -rw-r----- 1 root adm 3822 Dec 19 09:13 error.log.1
> -rw-r----- 1 root adm 2338 Dec 18 13:31 error.log.2.gz
> -rw-r----- 1 root adm 1101 Dec 17 06:09 error.log.3.gz
> -rw-r----- 1 root adm 550 Dec 15 22:53 error.log.4.gz
> -rw-r----- 1 root adm 298 Dec 14 22:18 error.log.5.gz
> -rw-r----- 1 root adm 0 Dec 19 09:13 other_vhosts_access.log
> -rw-r----- 1 root adm 954 Dec 18 14:52 other_vhosts_access.log.1
> -rw-r----- 1 root adm 183 Dec 17 08:34 other_vhosts_access.log.2.gz
> -rw-r----- 1 root adm 203 Dec 16 16:20 other_vhosts_access.log.3.gz
> dnessett@Mount:/var/log/apache2$ cat error.log
> [Mon Dec 19 09:13:02.827821 2022] [ssl:warn] [pid 1196] AH01909:
> server:443:0 server certificate does NOT include an ID which matches the
> server name
> [Mon Dec 19 09:13:02.828265 2022] [mpm_prefork:notice] [pid 1196] AH00163:
> Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal
> operations
> [Mon Dec 19 09:13:02.828279 2022] [core:notice] [pid 1196] AH00094: Command
> line: '/usr/sbin/apache2'
> dnessett@Mount:/var/log/apache2$ cat access.log
> 127.0.0.1 - - [19/Dec/2022:09:58:35 -0700] "GET / HTTP/1.1" 200 5795 "-"
> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML,
> like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:09:58:44 -0700] "GET /phpinfo.php HTTP/1.1" 200
> 29026 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:09:58:55 -0700] "GET /guacamole HTTP/1.1" 404 893
> "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:09:59:15 -0700] "-" 408 335 "-" "-"
> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1" 404
> 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36
> (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /favicon.ico HTTP/1.1" 304
> 203 "<https://server.mountolive.com:xxxxx/guacamole>" "Mozilla/5.0
> (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 5258 "-" "-"
> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 335 "-" "-"
> 127.0.0.1 - - [19/Dec/2022:10:12:01 -0700] "GET / HTTP/1.1" 200 5795 "-"
> "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15
> (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
> 127.0.0.1 - - [19/Dec/2022:10:12:14 -0700] "GET /guacamole HTTP/1.1" 404
> 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)
> AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
> dnessett@Mount:/var/log/apache2$ cat other_vhosts_access.log
> dnessett@Mount:/var/log/apache2$
>
> sudo lsof -i -P -n | grep LISTEN
> [sudo] password for dnessett:
> systemd-r 774 systemd-resolve 13u IPv4 17984 0t0 TCP
> 127.0.0.53:53 (LISTEN)
> sslh 986 sslh 3u IPv4 23025 0t0 TCP *:443
> (LISTEN)
> vsftpd 988 root 3u IPv6 22945 0t0 TCP *:21
> (LISTEN)
> sslh 1100 sslh 3u IPv4 23025 0t0 TCP *:443
> (LISTEN)
> sshd 1143 root 3u IPv4 27176 0t0 TCP *:22
> (LISTEN)
> sshd 1143 root 4u IPv6 27178 0t0 TCP *:22
> (LISTEN)
> mysqld 1190 mysql 27u IPv4 27023 0t0 TCP
> 127.0.0.1:3306 (LISTEN)
> apache2 1196 root 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> guacd 1450 root 4u IPv4 27919 0t0 TCP
> 127.0.0.1:4822 (LISTEN)
> apache2 1897 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 1898 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 1899 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 1900 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 1902 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> cupsd 1910 root 6u IPv6 34562 0t0 TCP [::1]:631
> (LISTEN)
> cupsd 1910 root 7u IPv4 34563 0t0 TCP
> 127.0.0.1:631 (LISTEN)
> java 2234 tomcat 41u IPv6 58159 0t0 TCP *:8080
> (LISTEN)
> apache2 2291 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 2292 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> apache2 2360 www-data 4u IPv6 25965 0t0 TCP *:4443
> (LISTEN)
> dnessett@Mount:~$
>
> Thanks for any help you can give.
>
>
> \---------------------------------------------------------------------
> To unsubscribe, [e-mail: user-unsubscribe@guacamole.apache.org](mailto:user-
> unsubscribe@guacamole.apache.org)
> For additional commands, [e-mail: user-
> help@guacamole.apache.org](mailto:user-help@guacamole.apache.org)
>
>
>>
>>
> \---------------------------------------------------------------------
> To unsubscribe, [e-mail: user-unsubscribe@guacamole.apache.org](mailto:user-
> unsubscribe@guacamole.apache.org)
> For additional commands, [e-mail: user-
> help@guacamole.apache.org](mailto:user-help@guacamole.apache.org)
>
>
>
>
>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
Thanks Alessandro. However, I don’t think this will work, since the ServerName is tied to DNS and the DNS name of the server is: server.mountolive.com <http://server.mountolive.com/>. There is no DNS record that would satisfy guacamole.mountolive.com <http://guacamole.mountolive.com/>.
Dan
> On Dec 19, 2022, at 11:24 AM, Alessandro Sironi <a....@me.com.INVALID> wrote:
>
> I would try with:
>
> <VirtualHost *:4443>
> ServerName guacamole.mountolive.com
> ...................
> </VirtualHost>
>
> Where "..................." means to use your actual content, you can change guacamole.mountolive.com with what you want/like.
> Remember to restart apache after you have edit the file.
>
> Best regards,
>
> Alessandro
>
> Il 19/12/2022 19:09, Dan Nessett ha scritto:
>> Thanks for your reply. In the access log, '127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1” 404’ is a URL not found error (see below). However, there is nothing in the log to suggest why it isn’t found. The sites-enabled/000-default.conf file is (leaving out commented out blocks):
>>
>> <VirtualHost localhost:4443>
>> ServerName server
>> DocumentRoot /mnt/raid5/webserver/sites/MOserver
>> Header always unset X-Frame-Options
>>
>> ErrorLog ${APACHE_LOG_DIR}/error.log
>> CustomLog ${APACHE_LOG_DIR}/access.log combined
>>
>> <Location /guacamole/>
>> Order allow,deny
>> Allow from all
>> ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
>> ProxyPassReverse http://127.0.0.1:8080/guacamole/
>> </Location>
>>
>> <Location /websocket-tunnel>
>> Order allow,deny
>> Allow from all
>> #Require all granted
>> ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
>> ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
>> </Location>
>>
>> SSLEngine on
>> SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
>> SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
>> </VirtualHost>
>>
>> Is there anything obvious why apache doesn’t find guacamole?
>>
>> For completeness, apache is passing the syntax of the config file:
>>
>> dnessett@Mount:~$ sudo apache2ctl configtest
>> Syntax OK
>> dnessett@Mount:~$
>>
>> dnessett@Mount:/var/log/apache2$ ls -al
>> total 72
>> drwxr-x--- 2 root adm 4096 Dec 19 09:13 .
>> drwxrwxr-x 16 root syslog 4096 Dec 19 09:13 ..
>> -rw-r----- 1 root adm 1633 Dec 19 10:12 access.log
>> -rw-r----- 1 root adm 11678 Dec 18 18:46 access.log.1
>> -rw-r----- 1 root adm 3066 Dec 17 18:48 access.log.2.gz
>> -rw-r----- 1 root adm 682 Dec 16 16:32 access.log.3.gz
>> -rw-r----- 1 root adm 319 Dec 15 22:52 access.log.4.gz
>> -rw-r----- 1 root adm 405 Dec 19 09:13 error.log
>> -rw-r----- 1 root adm 3822 Dec 19 09:13 error.log.1
>> -rw-r----- 1 root adm 2338 Dec 18 13:31 error.log.2.gz
>> -rw-r----- 1 root adm 1101 Dec 17 06:09 error.log.3.gz
>> -rw-r----- 1 root adm 550 Dec 15 22:53 error.log.4.gz
>> -rw-r----- 1 root adm 298 Dec 14 22:18 error.log.5.gz
>> -rw-r----- 1 root adm 0 Dec 19 09:13 other_vhosts_access.log
>> -rw-r----- 1 root adm 954 Dec 18 14:52 other_vhosts_access.log.1
>> -rw-r----- 1 root adm 183 Dec 17 08:34 other_vhosts_access.log.2.gz
>> -rw-r----- 1 root adm 203 Dec 16 16:20 other_vhosts_access.log.3.gz
>> dnessett@Mount:/var/log/apache2$ cat error.log
>> [Mon Dec 19 09:13:02.827821 2022] [ssl:warn] [pid 1196] AH01909: server:443:0 server certificate does NOT include an ID which matches the server name
>> [Mon Dec 19 09:13:02.828265 2022] [mpm_prefork:notice] [pid 1196] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
>> [Mon Dec 19 09:13:02.828279 2022] [core:notice] [pid 1196] AH00094: Command line: '/usr/sbin/apache2'
>> dnessett@Mount:/var/log/apache2$ cat access.log
>> 127.0.0.1 - - [19/Dec/2022:09:58:35 -0700] "GET / HTTP/1.1" 200 5795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>> 127.0.0.1 - - [19/Dec/2022:09:58:44 -0700] "GET /phpinfo.php HTTP/1.1" 200 29026 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>> 127.0.0.1 - - [19/Dec/2022:09:58:55 -0700] "GET /guacamole HTTP/1.1" 404 893 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>> 127.0.0.1 - - [19/Dec/2022:09:59:15 -0700] "-" 408 335 "-" "-"
>> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1" 404 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /favicon.ico HTTP/1.1" 304 203 "https://server.mountolive.com:xxxxx/guacamole" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
>> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 5258 "-" "-"
>> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 335 "-" "-"
>> 127.0.0.1 - - [19/Dec/2022:10:12:01 -0700] "GET / HTTP/1.1" 200 5795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
>> 127.0.0.1 - - [19/Dec/2022:10:12:14 -0700] "GET /guacamole HTTP/1.1" 404 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
>> dnessett@Mount:/var/log/apache2$ cat other_vhosts_access.log
>> dnessett@Mount:/var/log/apache2$
>>
>> sudo lsof -i -P -n | grep LISTEN
>> [sudo] password for dnessett:
>> systemd-r 774 systemd-resolve 13u IPv4 17984 0t0 TCP 127.0.0.53:53 (LISTEN)
>> sslh 986 sslh 3u IPv4 23025 0t0 TCP *:443 (LISTEN)
>> vsftpd 988 root 3u IPv6 22945 0t0 TCP *:21 (LISTEN)
>> sslh 1100 sslh 3u IPv4 23025 0t0 TCP *:443 (LISTEN)
>> sshd 1143 root 3u IPv4 27176 0t0 TCP *:22 (LISTEN)
>> sshd 1143 root 4u IPv6 27178 0t0 TCP *:22 (LISTEN)
>> mysqld 1190 mysql 27u IPv4 27023 0t0 TCP 127.0.0.1:3306 (LISTEN)
>> apache2 1196 root 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>> guacd 1450 root 4u IPv4 27919 0t0 TCP 127.0.0.1:4822 (LISTEN)
>> apache2 1897 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>> apache2 1898 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>> apache2 1899 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>> apache2 1900 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>> apache2 1902 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>> cupsd 1910 root 6u IPv6 34562 0t0 TCP [::1]:631 (LISTEN)
>> cupsd 1910 root 7u IPv4 34563 0t0 TCP 127.0.0.1:631 (LISTEN)
>> java 2234 tomcat 41u IPv6 58159 0t0 TCP *:8080 (LISTEN)
>> apache2 2291 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>> apache2 2292 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>> apache2 2360 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
>> dnessett@Mount:~$
>>
>> Thanks for any help you can give.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
>> For additional commands, e-mail: user-help@guacamole.apache.org
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Alessandro Sironi <a....@me.com.INVALID>.
I would try with:
<VirtualHost *:4443>
ServerName guacamole.mountolive.com
...................
</VirtualHost>
Where "..................." means to use your actual content, you can
change guacamole.mountolive.com with what you want/like.
Remember to restart apache after you have edit the file.
Best regards,
Alessandro
Il 19/12/2022 19:09, Dan Nessett ha scritto:
> Thanks for your reply. In the access log, '127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1” 404’ is a URL not found error (see below). However, there is nothing in the log to suggest why it isn’t found. The sites-enabled/000-default.conf file is (leaving out commented out blocks):
>
> <VirtualHost localhost:4443>
> ServerName server
> DocumentRoot /mnt/raid5/webserver/sites/MOserver
> Header always unset X-Frame-Options
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> <Location /guacamole/>
> Order allow,deny
> Allow from all
> ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
> ProxyPassReverse http://127.0.0.1:8080/guacamole/
> </Location>
>
> <Location /websocket-tunnel>
> Order allow,deny
> Allow from all
> #Require all granted
> ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
> ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
> </Location>
>
> SSLEngine on
> SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
> SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
> </VirtualHost>
>
> Is there anything obvious why apache doesn’t find guacamole?
>
> For completeness, apache is passing the syntax of the config file:
>
> dnessett@Mount:~$ sudo apache2ctl configtest
> Syntax OK
> dnessett@Mount:~$
>
> dnessett@Mount:/var/log/apache2$ ls -al
> total 72
> drwxr-x--- 2 root adm 4096 Dec 19 09:13 .
> drwxrwxr-x 16 root syslog 4096 Dec 19 09:13 ..
> -rw-r----- 1 root adm 1633 Dec 19 10:12 access.log
> -rw-r----- 1 root adm 11678 Dec 18 18:46 access.log.1
> -rw-r----- 1 root adm 3066 Dec 17 18:48 access.log.2.gz
> -rw-r----- 1 root adm 682 Dec 16 16:32 access.log.3.gz
> -rw-r----- 1 root adm 319 Dec 15 22:52 access.log.4.gz
> -rw-r----- 1 root adm 405 Dec 19 09:13 error.log
> -rw-r----- 1 root adm 3822 Dec 19 09:13 error.log.1
> -rw-r----- 1 root adm 2338 Dec 18 13:31 error.log.2.gz
> -rw-r----- 1 root adm 1101 Dec 17 06:09 error.log.3.gz
> -rw-r----- 1 root adm 550 Dec 15 22:53 error.log.4.gz
> -rw-r----- 1 root adm 298 Dec 14 22:18 error.log.5.gz
> -rw-r----- 1 root adm 0 Dec 19 09:13 other_vhosts_access.log
> -rw-r----- 1 root adm 954 Dec 18 14:52 other_vhosts_access.log.1
> -rw-r----- 1 root adm 183 Dec 17 08:34 other_vhosts_access.log.2.gz
> -rw-r----- 1 root adm 203 Dec 16 16:20 other_vhosts_access.log.3.gz
> dnessett@Mount:/var/log/apache2$ cat error.log
> [Mon Dec 19 09:13:02.827821 2022] [ssl:warn] [pid 1196] AH01909: server:443:0 server certificate does NOT include an ID which matches the server name
> [Mon Dec 19 09:13:02.828265 2022] [mpm_prefork:notice] [pid 1196] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
> [Mon Dec 19 09:13:02.828279 2022] [core:notice] [pid 1196] AH00094: Command line: '/usr/sbin/apache2'
> dnessett@Mount:/var/log/apache2$ cat access.log
> 127.0.0.1 - - [19/Dec/2022:09:58:35 -0700] "GET / HTTP/1.1" 200 5795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:09:58:44 -0700] "GET /phpinfo.php HTTP/1.1" 200 29026 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:09:58:55 -0700] "GET /guacamole HTTP/1.1" 404 893 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:09:59:15 -0700] "-" 408 335 "-" "-"
> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1" 404 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /favicon.ico HTTP/1.1" 304 203 "https://server.mountolive.com:xxxxx/guacamole" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 5258 "-" "-"
> 127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 335 "-" "-"
> 127.0.0.1 - - [19/Dec/2022:10:12:01 -0700] "GET / HTTP/1.1" 200 5795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
> 127.0.0.1 - - [19/Dec/2022:10:12:14 -0700] "GET /guacamole HTTP/1.1" 404 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
> dnessett@Mount:/var/log/apache2$ cat other_vhosts_access.log
> dnessett@Mount:/var/log/apache2$
>
> sudo lsof -i -P -n | grep LISTEN
> [sudo] password for dnessett:
> systemd-r 774 systemd-resolve 13u IPv4 17984 0t0 TCP 127.0.0.53:53 (LISTEN)
> sslh 986 sslh 3u IPv4 23025 0t0 TCP *:443 (LISTEN)
> vsftpd 988 root 3u IPv6 22945 0t0 TCP *:21 (LISTEN)
> sslh 1100 sslh 3u IPv4 23025 0t0 TCP *:443 (LISTEN)
> sshd 1143 root 3u IPv4 27176 0t0 TCP *:22 (LISTEN)
> sshd 1143 root 4u IPv6 27178 0t0 TCP *:22 (LISTEN)
> mysqld 1190 mysql 27u IPv4 27023 0t0 TCP 127.0.0.1:3306 (LISTEN)
> apache2 1196 root 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
> guacd 1450 root 4u IPv4 27919 0t0 TCP 127.0.0.1:4822 (LISTEN)
> apache2 1897 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
> apache2 1898 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
> apache2 1899 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
> apache2 1900 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
> apache2 1902 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
> cupsd 1910 root 6u IPv6 34562 0t0 TCP [::1]:631 (LISTEN)
> cupsd 1910 root 7u IPv4 34563 0t0 TCP 127.0.0.1:631 (LISTEN)
> java 2234 tomcat 41u IPv6 58159 0t0 TCP *:8080 (LISTEN)
> apache2 2291 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
> apache2 2292 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
> apache2 2360 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
> dnessett@Mount:~$
>
> Thanks for any help you can give.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
Thanks for your reply. In the access log, '127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1” 404’ is a URL not found error (see below). However, there is nothing in the log to suggest why it isn’t found. The sites-enabled/000-default.conf file is (leaving out commented out blocks):
<VirtualHost localhost:4443>
ServerName server
DocumentRoot /mnt/raid5/webserver/sites/MOserver
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
#Require all granted
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
Is there anything obvious why apache doesn’t find guacamole?
For completeness, apache is passing the syntax of the config file:
dnessett@Mount:~$ sudo apache2ctl configtest
Syntax OK
dnessett@Mount:~$
dnessett@Mount:/var/log/apache2$ ls -al
total 72
drwxr-x--- 2 root adm 4096 Dec 19 09:13 .
drwxrwxr-x 16 root syslog 4096 Dec 19 09:13 ..
-rw-r----- 1 root adm 1633 Dec 19 10:12 access.log
-rw-r----- 1 root adm 11678 Dec 18 18:46 access.log.1
-rw-r----- 1 root adm 3066 Dec 17 18:48 access.log.2.gz
-rw-r----- 1 root adm 682 Dec 16 16:32 access.log.3.gz
-rw-r----- 1 root adm 319 Dec 15 22:52 access.log.4.gz
-rw-r----- 1 root adm 405 Dec 19 09:13 error.log
-rw-r----- 1 root adm 3822 Dec 19 09:13 error.log.1
-rw-r----- 1 root adm 2338 Dec 18 13:31 error.log.2.gz
-rw-r----- 1 root adm 1101 Dec 17 06:09 error.log.3.gz
-rw-r----- 1 root adm 550 Dec 15 22:53 error.log.4.gz
-rw-r----- 1 root adm 298 Dec 14 22:18 error.log.5.gz
-rw-r----- 1 root adm 0 Dec 19 09:13 other_vhosts_access.log
-rw-r----- 1 root adm 954 Dec 18 14:52 other_vhosts_access.log.1
-rw-r----- 1 root adm 183 Dec 17 08:34 other_vhosts_access.log.2.gz
-rw-r----- 1 root adm 203 Dec 16 16:20 other_vhosts_access.log.3.gz
dnessett@Mount:/var/log/apache2$ cat error.log
[Mon Dec 19 09:13:02.827821 2022] [ssl:warn] [pid 1196] AH01909: server:443:0 server certificate does NOT include an ID which matches the server name
[Mon Dec 19 09:13:02.828265 2022] [mpm_prefork:notice] [pid 1196] AH00163: Apache/2.4.29 (Ubuntu) OpenSSL/1.1.1 configured -- resuming normal operations
[Mon Dec 19 09:13:02.828279 2022] [core:notice] [pid 1196] AH00094: Command line: '/usr/sbin/apache2'
dnessett@Mount:/var/log/apache2$ cat access.log
127.0.0.1 - - [19/Dec/2022:09:58:35 -0700] "GET / HTTP/1.1" 200 5795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
127.0.0.1 - - [19/Dec/2022:09:58:44 -0700] "GET /phpinfo.php HTTP/1.1" 200 29026 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
127.0.0.1 - - [19/Dec/2022:09:58:55 -0700] "GET /guacamole HTTP/1.1" 404 893 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
127.0.0.1 - - [19/Dec/2022:09:59:15 -0700] "-" 408 335 "-" "-"
127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /guacamole HTTP/1.1" 404 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
127.0.0.1 - - [19/Dec/2022:10:06:19 -0700] "GET /favicon.ico HTTP/1.1" 304 203 "https://server.mountolive.com:xxxxx/guacamole" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36"
127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 5258 "-" "-"
127.0.0.1 - - [19/Dec/2022:10:06:39 -0700] "-" 408 335 "-" "-"
127.0.0.1 - - [19/Dec/2022:10:12:01 -0700] "GET / HTTP/1.1" 200 5795 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
127.0.0.1 - - [19/Dec/2022:10:12:14 -0700] "GET /guacamole HTTP/1.1" 404 5816 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.0 Safari/605.1.15"
dnessett@Mount:/var/log/apache2$ cat other_vhosts_access.log
dnessett@Mount:/var/log/apache2$
sudo lsof -i -P -n | grep LISTEN
[sudo] password for dnessett:
systemd-r 774 systemd-resolve 13u IPv4 17984 0t0 TCP 127.0.0.53:53 (LISTEN)
sslh 986 sslh 3u IPv4 23025 0t0 TCP *:443 (LISTEN)
vsftpd 988 root 3u IPv6 22945 0t0 TCP *:21 (LISTEN)
sslh 1100 sslh 3u IPv4 23025 0t0 TCP *:443 (LISTEN)
sshd 1143 root 3u IPv4 27176 0t0 TCP *:22 (LISTEN)
sshd 1143 root 4u IPv6 27178 0t0 TCP *:22 (LISTEN)
mysqld 1190 mysql 27u IPv4 27023 0t0 TCP 127.0.0.1:3306 (LISTEN)
apache2 1196 root 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
guacd 1450 root 4u IPv4 27919 0t0 TCP 127.0.0.1:4822 (LISTEN)
apache2 1897 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
apache2 1898 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
apache2 1899 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
apache2 1900 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
apache2 1902 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
cupsd 1910 root 6u IPv6 34562 0t0 TCP [::1]:631 (LISTEN)
cupsd 1910 root 7u IPv4 34563 0t0 TCP 127.0.0.1:631 (LISTEN)
java 2234 tomcat 41u IPv6 58159 0t0 TCP *:8080 (LISTEN)
apache2 2291 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
apache2 2292 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
apache2 2360 www-data 4u IPv6 25965 0t0 TCP *:4443 (LISTEN)
dnessett@Mount:~$
Thanks for any help you can give.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
With the help of Daniel Gruno on users@http.apache.org, I finally got the guacamole installation to work. The final VH block is:
<VirtualHost *:4443>
ServerName <FQDN name>
DocumentRoot <directory>
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule "^/guacamole$" "/guacamole/" [R=302]
<Directory "<directory>">
Require all granted
</Directory>
<Location /websocket-tunnel>
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
<Location /guacamole/>
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
SSLEngine on
SSLCertificateFile <certificate location>
SSLCertificateKeyFile <private key location>
</VirtualHost>
Here you need to convert <FQDN name>, <directory>, <certification location> and <private key location> into values pertinent for the local implementation. Also, the port associated with the VH block is special in my implementation. Normally, it would be 443.
Notice several things:
+ It is necessary to use a RewriteRule to turn ""/guacamole" into "/guacamole/", otherwise Apache gets confused. Furthermore, the rewrite rule needs the annotation [R=302] "to force a redirect instead of internal rewriting the filesystem path".
+ The instructions for the <Location> blocks found in:
https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache
are out of date. "Order allow,deny | Allow from all" are no longer considered up-to-date directives. Thus, the transition to "Require all granted".
Given my experience with trying to get guacamole to work, I would suggest someone writing a tutorial that gently leads new comers to solutions. The existing documentation is expert friendly and not really suitable for those of us who are coming to guacamole for the first time.
> On Dec 19, 2022, at 10:30 AM, Michael Jumper <mj...@apache.org> wrote:
>
> On Mon, Dec 19, 2022, 9:25 AM Dan Nessett <dnessett@yahoo.com.invalid <ma...@yahoo.com.invalid>> wrote:
> I am still trying to figure out why guacamole is not working. I looked at the journalctl output, but found nothing suspicious (see below for startup journal messages). When I look at the output of journalctl after attempting to use guacamole from a browser (i.e., http://<server external dns name>:<external NAT port>/guacamole), there is nothing in the output from tomcat, guacamole or apache.
>
> Can anyone more experienced than I see something that might give a clue what is going wrong? The response at the browser when attempting to access guacamole is:
>
> Not Found
>
> The requested URL was not found on this server.
>
> Apache/2.4.29 (Ubuntu) Server at <DNS name> Port XXXXX
>
> (I have changed the DNS name and external port number). Is it possible that guacamole is getting confused because the internal port seen by apache (i.e., 4443) is not the internal port used by NAT (i.e., 443). Also, is it possible that the from address that tomcat sees is 127.0.01 might confuse it when responding to the request?
>
> No, this is a response from the Apache web server, not Guacamole or Tomcat. Your request is failing within Apache and thus is not reaching either of those levels.
>
> You should check your Apache logs and config to determine why your request doesn't match your configuration.
>
> - Mike
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
Thanks very much for the help. I now get past the auth failure and get a black screen. However, that is a VNC server problem, not a guacamole problem.
Regards,
Dan
> On Dec 22, 2022, at 5:04 PM, Michael Jumper <mj...@apache.org> wrote:
>
> On Thu, Dec 22, 2022, 3:48 PM Dan Nessett <dn...@yahoo.com.invalid> wrote:
> Thanks for the help. I have deleted the “hostname …” material from guacamole.properties and deleted user-mapping.xml. I restarted both apache and vncserver@1.service <ma...@1.service>. I then attempted to connect to the VNC service, but experienced similar results:
>
> Dec 22 16:24:24 Mount guacd[1312]: Creating new client for protocol "vnc"
> ...
> Dec 22 16:24:24 Mount guacd[7491]: VNC connection failed: Authentication failed
>
> This indicates that the credentials specified in your connection are incorrect.
>
> As I stated in my previous email, I don’t know if the username and password associated with the VNC connection should be the guacamole user and pw, the vnc user and pw or the user on the remote host’s username and password.
>
> The credentials in the connection parameters of a connection are the credentials that should be given to the remote desktop server, in this case your VNC server. Whatever details you would provide to a traditional remote desktop client, those are the details you provide to a Guacamole connection.
>
> VNC servers usually use just a password (no username). Some accept both a username and a password. You will need to know how you configured your VNC server.
>
> - Mike
>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Michael Jumper <mj...@apache.org>.
On Thu, Dec 22, 2022, 3:48 PM Dan Nessett <dn...@yahoo.com.invalid>
wrote:
> Thanks for the help. I have deleted the “hostname …” material from
> guacamole.properties and deleted user-mapping.xml. I restarted both apache
> and vncserver@1.service. I then attempted to connect to the VNC service,
> but experienced similar results:
>
> Dec 22 16:24:24 Mount guacd[1312]: Creating new client for protocol "vnc"
> ...
> Dec 22 16:24:24 Mount guacd[7491]: VNC connection failed: Authentication
> failed
>
This indicates that the credentials specified in your connection are
incorrect.
As I stated in my previous email, I don’t know if the username and password
> associated with the VNC connection should be the guacamole user and pw, the
> vnc user and pw or the user on the remote host’s username and password.
>
The credentials in the connection parameters of a connection are the
credentials that should be given to the remote desktop server, in this case
your VNC server. Whatever details you would provide to a traditional remote
desktop client, those are the details you provide to a Guacamole connection.
VNC servers usually use just a password (no username). Some accept both a
username and a password. You will need to know how you configured your VNC
server.
- Mike
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
Thanks for the help. I have deleted the “hostname …” material from guacamole.properties and deleted user-mapping.xml. I restarted both apache and vncserver@1.service <ma...@1.service>. I then attempted to connect to the VNC service, but experienced similar results:
Dec 22 16:24:24 Mount guacd[1312]: Creating new client for protocol "vnc"
Dec 22 16:24:24 Mount guacd[1312]: Connection ID is "$54197cc4-d180-4cea-b87b-8692d796a46b"
Dec 22 16:24:24 Mount guacd[7491]: Cursor rendering: local
Dec 22 16:24:24 Mount guacd[7491]: User "@43ac8895-c254-47e7-9b7c-1ce132ae6a2b" joined connection "$54197cc4-d180-4cea-b87b-8692d796a46b" (1 users now present)
Dec 22 16:24:24 Mount tomcat9[4413]: 16:24:24.489 [http-nio-8080-exec-4] INFO o.a.g.tunnel.TunnelRequestService - User "dnessett" connected to connection "2".
Dec 22 16:24:24 Mount tomcat9[4413]: 16:24:24.489 [http-nio-8080-exec-4] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.
Dec 22 16:24:24 Mount guacd[7491]: VNC server supports protocol version 3.8 (viewer 3.8)
Dec 22 16:24:24 Mount guacd[7491]: We have 2 security types to read
Dec 22 16:24:24 Mount guacd[7491]: 0) Received security type 2
Dec 22 16:24:24 Mount guacd[7491]: Selecting security type 2 (0/2 in the list)
Dec 22 16:24:24 Mount guacd[7491]: 1) Received security type 16
Dec 22 16:24:24 Mount guacd[7491]: Selected Security Scheme 2
Dec 22 16:24:24 Mount guacd[7491]: VNC connection failed: Authentication failed
Dec 22 16:24:24 Mount guacd[7491]: Unable to connect to VNC server.
Dec 22 16:24:24 Mount guacd[7491]: User "@43ac8895-c254-47e7-9b7c-1ce132ae6a2b" disconnected (0 users remain)
Dec 22 16:24:24 Mount guacd[7491]: Last user of connection "$54197cc4-d180-4cea-b87b-8692d796a46b" disconnected
Dec 22 16:24:24 Mount guacd[1312]: Connection "$54197cc4-d180-4cea-b87b-8692d796a46b" removed.
Dec 22 16:24:39 Mount tomcat9[4413]: 16:24:39.554 [http-nio-8080-exec-9] INFO o.a.g.tunnel.TunnelRequestService - User "dnessett" disconnected from connection "2". Duration: 15065 milliseconds
Dec 22 16:24:39 Mount tomcat9[4413]: 16:24:39.559 [http-nio-8080-exec-9] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Connection to guacd timed out.
The only log that seems to have information about the attempted guard -> VNC server connection attempt is syslog.
As I stated in my previous email, I don’t know if the username and password associated with the VNC connection should be the guacamole user and pw, the vnc user and pw or the user on the remote host’s username and password.
> On Dec 22, 2022, at 2:25 PM, Michael Jumper <mj...@apache.org> wrote:
>
> On Thu, Dec 22, 2022 at 1:12 PM Dan Nessett <dn...@yahoo.com.invalid> wrote:
> Now that I have apache configured properly, I am trying to get guacamole to connect to a vnc server (tightvnc) running on the remote machine. Here is the listen toplogy:
> ...
> This shows that tightvnc is listening on 5901, guacd is listening on 4822, and tomcat on 8080.
>
> In /etc/guacamole, the guacamole properties are:
>
> # MySQL properties
> mysql-hostname: 127.0.0.1
> mysql-port: 3306
> mysql-database: guacamole_db
> mysql-username: guacamole_user
> mysql-password: xxxxxxxxxxxxx
>
> This looks fine but ...
>
> hostname: 127.0.0.1
> port: 5901
> color-depth: 8
>
> None of these are properties - they are connection parameters. Placing these parameters here as if they were properties will have no effect.
>
> And user-mapping.xml is:
>
> You should not use "user-mapping.xml" if you are using a MySQL database. If you have a database set up, then that's all you need to use and the "user-mapping.xml" file is no longer needed. You are actually maintaining two distinct accounts by doing this, and this will lead to further confusion.
>
> The "user-mapping.xml" file and the database are two separate and independent authentication mechanisms. Defining a user within "user-mapping.xml" AND within the database via the UI will mean that you have two distinct accounts: one with the credentials noted in the XML that will have access to only the connections defined in the XML, and another with the credentials defined via the admin UI that will have access only to the connections you have granted in the UI.
>
> If the VNC connection itself is not working when you attempt to use it, the thing to check would be the guacd logs. These should be in syslog (or systemd's "journalctl" tool). If the VNC connection is being successfully established but is being rejected by the VNC server due to auth, check your VNC server's logs.
>
> - Mike
>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Michael Jumper <mj...@apache.org>.
On Thu, Dec 22, 2022 at 1:12 PM Dan Nessett <dn...@yahoo.com.invalid>
wrote:
> Now that I have apache configured properly, I am trying to get guacamole
> to connect to a vnc server (tightvnc) running on the remote machine. Here
> is the listen toplogy:
> ...
> This shows that tightvnc is listening on 5901, guacd is listening on 4822,
> and tomcat on 8080.
>
> In /etc/guacamole, the guacamole properties are:
>
> # MySQL properties
> mysql-hostname: 127.0.0.1
> mysql-port: 3306
> mysql-database: guacamole_db
> mysql-username: guacamole_user
> mysql-password: xxxxxxxxxxxxx
>
This looks fine but ...
> hostname: 127.0.0.1
> port: 5901
> color-depth: 8
>
None of these are properties - they are connection parameters. Placing
these parameters here as if they were properties will have no effect.
And user-mapping.xml is:
>
You should not use "user-mapping.xml" if you are using a MySQL database. If
you have a database set up, then that's all you need to use and the
"user-mapping.xml" file is no longer needed. You are actually maintaining
two distinct accounts by doing this, and this will lead to further
confusion.
The "user-mapping.xml" file and the database are two separate and
independent authentication mechanisms. Defining a user within
"user-mapping.xml" AND within the database via the UI will mean that you
have two distinct accounts: one with the credentials noted in the XML that
will have access to only the connections defined in the XML, and another
with the credentials defined via the admin UI that will have access only to
the connections you have granted in the UI.
If the VNC connection itself is not working when you attempt to use it, the
thing to check would be the guacd logs. These should be in syslog (or
systemd's "journalctl" tool). If the VNC connection is being successfully
established but is being rejected by the VNC server due to auth, check your
VNC server's logs.
- Mike
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
Now that I have apache configured properly, I am trying to get guacamole to connect to a vnc server (tightvnc) running on the remote machine. Here is the listen toplogy:
[sudo] password for dnessett:
systemd-r 761 systemd-resolve 13u IPv4 21740 0t0 TCP 127.0.0.53:53 (LISTEN)
cupsd 841 root 6u IPv6 21239 0t0 TCP [::1]:631 (LISTEN)
cupsd 841 root 7u IPv4 21240 0t0 TCP 127.0.0.1:631 (LISTEN)
sslh 1013 sslh 3u IPv4 22309 0t0 TCP *:443 (LISTEN)
vsftpd 1034 root 3u IPv6 22988 0t0 TCP *:21 (LISTEN)
sslh 1065 sslh 3u IPv4 22309 0t0 TCP *:443 (LISTEN)
sshd 1120 root 3u IPv4 26823 0t0 TCP *:22 (LISTEN)
sshd 1120 root 4u IPv6 26825 0t0 TCP *:22 (LISTEN)
mysqld 1159 mysql 27u IPv4 25725 0t0 TCP 127.0.0.1:3306 (LISTEN)
guacd 1312 root 4u IPv4 23546 0t0 TCP 127.0.0.1:4822 (LISTEN)
java 4413 tomcat 41u IPv6 50060 0t0 TCP *:8080 (LISTEN)
Xtightvnc 5990 dnessett 0u IPv4 59523 0t0 TCP *:6001 (LISTEN)
Xtightvnc 5990 dnessett 3u IPv4 59525 0t0 TCP *:5901 (LISTEN)
apache2 6163 root 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6164 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6165 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6166 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6167 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6168 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6173 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6175 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6176 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6193 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
apache2 6320 www-data 4u IPv6 57230 0t0 TCP *:4443 (LISTEN)
This shows that tightvnc is listening on 5901, guacd is listening on 4822, and tomcat on 8080.
In /etc/guacamole, the guacamole properties are:
# MySQL properties
mysql-hostname: 127.0.0.1
mysql-port: 3306
mysql-database: guacamole_db
mysql-username: guacamole_user
mysql-password: xxxxxxxxxxxxx
hostname: 127.0.0.1
port: 5901
color-depth: 8
And user-mapping.xml is:
<user-mapping>
<!-- Per-user authentication and config information -->
<authorize
username="dnessett"
password="xxxxxxxxxx"
<!-- First authorized connection -->
<connection name="localhost">
<protocol>vnc</protocol>
<param name="hostname">localhost</param>
<param name="port">5901</param>
<param name="password">VNCPASS</param>
</connection>
</authorize>
</user-mapping
The username and password are copied to the connection settings when I create/modify the connection for a user I created using https://server.mountolive.com:22553/guacamole. The connection settings are shown in the attached screenshot.
Note that the user on the remote machine I am attempting to login to is also called dnessett. I am perhaps getting confused between the guacd user and the remote machine user.
Anyway, syslog indicates an authentication failure (I have elided syslog messages not pertaining to the guacd problem):
Dec 22 13:40:37 Mount guacd[1312]: Creating new client for protocol "vnc"
Dec 22 13:40:37 Mount guacd[1312]: Connection ID is "$bb639d6b-2dde-4dd6-9b98-f2a9d676f896"
Dec 22 13:40:37 Mount guacd[6306]: Cursor rendering: local
Dec 22 13:40:37 Mount guacd[6306]: User "@52065c88-03c8-4e6d-b71b-8178c5b5f5e7" joined connection "$bb639d6b-2dde-4dd6-9b98-f2a9d676f896" (1 users now present)
Dec 22 13:40:37 Mount guacd[6306]: VNC server supports protocol version 3.8 (viewer 3.8)
Dec 22 13:40:37 Mount guacd[6306]: We have 2 security types to read
Dec 22 13:40:37 Mount guacd[6306]: 0) Received security type 2
Dec 22 13:40:37 Mount guacd[6306]: Selecting security type 2 (0/2 in the list)
Dec 22 13:40:37 Mount guacd[6306]: 1) Received security type 16
Dec 22 13:40:37 Mount tomcat9[4413]: 13:40:37.623 [http-nio-8080-exec-8] INFO o.a.g.tunnel.TunnelRequestService - User "dnessett" connected to connection "2".
Dec 22 13:40:37 Mount tomcat9[4413]: 13:40:37.624 [http-nio-8080-exec-8] INFO o.a.g.t.h.RestrictedGuacamoleHTTPTunnelServlet - Using HTTP tunnel (not WebSocket). Performance may be sub-optimal.
Dec 22 13:40:37 Mount guacd[6306]: Selected Security Scheme 2
...
Dec 22 13:40:37 Mount guacd[6306]: VNC connection failed: Authentication failed
...
Dec 22 13:40:37 Mount guacd[6306]: Unable to connect to VNC server.
...
Dec 22 13:40:37 Mount guacd[6306]: User "@52065c88-03c8-4e6d-b71b-8178c5b5f5e7" disconnected (0 users remain)
Dec 22 13:40:37 Mount guacd[6306]: Last user of connection "$bb639d6b-2dde-4dd6-9b98-f2a9d676f896" disconnected
Dec 22 13:40:37 Mount guacd[1312]: Connection "$bb639d6b-2dde-4dd6-9b98-f2a9d676f896" removed.
Dec 22 13:40:52 Mount tomcat9[4413]: 13:40:52.700 [http-nio-8080-exec-6] INFO o.a.g.tunnel.TunnelRequestService - User "dnessett" disconnected from connection "2". Duration: 15076 milliseconds
Dec 22 13:40:52 Mount tomcat9[4413]: 13:40:52.705 [http-nio-8080-exec-6] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: Connection to guacd timed out.
Also note that guacamole is not using websockets, but is using an http tunnel. However, the apache VH block specifies:
<VirtualHost *:4443>
ServerName server.mountolive.com
DocumentRoot /mnt/raid5/webserver/sites/MOserver
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteRule "^/guacamole$" "/guacamole/" [R=302]
<Directory "/mnt/raid5/webserver/sites/MOserver">
Require all granted
</Directory>
<Location /guacamole/>
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
<Location /websocket-tunnel>
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
[Note that I put the two <Location> blocks in the right order, as given in the mod_proxy instructions]
I am getting really confused about how to configure the correct authentication information. Do I supply the username and password of the user on the remote machine in user-mapping.xml and the connection setup or do I supply the guacamole username and password?
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Michael Jumper <mj...@apache.org>.
On Mon, Dec 19, 2022, 9:25 AM Dan Nessett <dn...@yahoo.com.invalid>
wrote:
> I am still trying to figure out why guacamole is not working. I looked at
> the journalctl output, but found nothing suspicious (see below for startup
> journal messages). When I look at the output of journalctl after attempting
> to use guacamole from a browser (i.e., http://<server external dns
> name>:<external NAT port>/guacamole), there is nothing in the output from
> tomcat, guacamole or apache.
>
> Can anyone more experienced than I see something that might give a clue
> what is going wrong? The response at the browser when attempting to access
> guacamole is:
>
> Not Found
>
> The requested URL was not found on this server.
> ------------------------------
> Apache/2.4.29 (Ubuntu) Server at <DNS name> Port XXXXX
> (I have changed the DNS name and external port number). Is it possible
> that guacamole is getting confused because the internal port seen by apache
> (i.e., 4443) is not the internal port used by NAT (i.e., 443). Also, is it
> possible that the from address that tomcat sees is 127.0.01 might confuse
> it when responding to the request?
>
No, this is a response from the Apache web server, not Guacamole or Tomcat.
Your request is failing within Apache and thus is not reaching either of
those levels.
You should check your Apache logs and config to determine why your request
doesn't match your configuration.
- Mike
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
I am still trying to figure out why guacamole is not working. I looked at the journalctl output, but found nothing suspicious (see below for startup journal messages). When I look at the output of journalctl after attempting to use guacamole from a browser (i.e., http://<server external dns name>:<external NAT port>/guacamole), there is nothing in the output from tomcat, guacamole or apache.
Can anyone more experienced than I see something that might give a clue what is going wrong? The response at the browser when attempting to access guacamole is:
Not Found
The requested URL was not found on this server.
Apache/2.4.29 (Ubuntu) Server at <DNS name> Port XXXXX
(I have changed the DNS name and external port number). Is it possible that guacamole is getting confused because the internal port seen by apache (i.e., 4443) is not the internal port used by NAT (i.e., 443). Also, is it possible that the from address that tomcat sees is 127.0.01 might confuse it when responding to the request?
Journalctl output:
Dec 19 09:54:31 Mount tomcat9[2234]: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
Dec 19 09:54:32 Mount tomcat9[2234]: Match [Server/Service/Engine/Host/Valve] failed to set property [remoteIpProxiesHeader] to [x-forwarded-by]
Dec 19 09:54:32 Mount tomcat9[2234]: Server version name: Apache Tomcat/9.0.16 (Ubuntu)
Dec 19 09:54:32 Mount tomcat9[2234]: Server built: Mar 29 2022 15:05:11 UTC
Dec 19 09:54:32 Mount tomcat9[2234]: Server version number: 9.0.16.0
Dec 19 09:54:32 Mount tomcat9[2234]: OS Name: Linux
Dec 19 09:54:32 Mount tomcat9[2234]: OS Version: 4.15.0-200-generic
Dec 19 09:54:32 Mount tomcat9[2234]: Architecture: i386
Dec 19 09:54:32 Mount tomcat9[2234]: Java Home: /usr/lib/jvm/java-11-openjdk-i386
Dec 19 09:54:32 Mount tomcat9[2234]: JVM Version: 11.0.17+8-post-Ubuntu-1ubuntu218.04
Dec 19 09:54:32 Mount tomcat9[2234]: JVM Vendor: Ubuntu
Dec 19 09:54:32 Mount tomcat9[2234]: CATALINA_BASE: /var/lib/tomcat9
Dec 19 09:54:32 Mount tomcat9[2234]: CATALINA_HOME: /usr/share/tomcat9
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Djava.util.logging.config.file=/var/lib/tomcat9/conf/logging.properties
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Djava.awt.headless=true
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -XX:+UseG1GC
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Dignore.endorsed.dirs=
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Dcatalina.base=/var/lib/tomcat9
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Dcatalina.home=/usr/share/tomcat9
Dec 19 09:54:32 Mount tomcat9[2234]: Command line argument: -Djava.io.tmpdir=/tmp
Dec 19 09:54:32 Mount tomcat9[2234]: Loaded APR based Apache Tomcat Native library [1.2.21] using APR version [1.6.3].
Dec 19 09:54:32 Mount tomcat9[2234]: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true].
Dec 19 09:54:32 Mount tomcat9[2234]: APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
Dec 19 09:54:32 Mount tomcat9[2234]: OpenSSL successfully initialized [OpenSSL 1.1.1 11 Sep 2018]
Dec 19 09:54:32 Mount tomcat9[2234]: Initializing ProtocolHandler ["http-nio-8080"]
Dec 19 09:54:32 Mount tomcat9[2234]: Server initialization in [1,056] milliseconds
Dec 19 09:54:32 Mount tomcat9[2234]: Starting service [Catalina]
Dec 19 09:54:32 Mount tomcat9[2234]: Starting Servlet engine: [Apache Tomcat/9.0.16 (Ubuntu)]
Dec 19 09:54:32 Mount tomcat9[2234]: Deploying deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml]
Dec 19 09:54:32 Mount tomcat9[2234]: The path attribute with value [/manager] in deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml] has been ignored
Dec 19 09:54:34 Mount tomcat9[2234]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Dec 19 09:54:34 Mount tomcat9[2234]: Deployment of deployment descriptor [/etc/tomcat9/Catalina/localhost/manager.xml] has finished in [1,843] ms
Dec 19 09:54:34 Mount tomcat9[2234]: Deploying deployment descriptor [/etc/tomcat9/Catalina/localhost/host-manager.xml]
Dec 19 09:54:34 Mount tomcat9[2234]: The path attribute with value [/host-manager] in deployment descriptor [/etc/tomcat9/Catalina/localhost/host-manager.xml] has been ignored
Dec 19 09:54:35 Mount tomcat9[2234]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Dec 19 09:54:35 Mount tomcat9[2234]: Deployment of deployment descriptor [/etc/tomcat9/Catalina/localhost/host-manager.xml] has finished in [1,029] ms
Dec 19 09:54:35 Mount tomcat9[2234]: Deploying web application archive [/var/lib/tomcat9/webapps/guacamole.war]
Dec 19 09:54:38 Mount tomcat9[2234]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Dec 19 09:54:38 Mount tomcat9[2234]: 09:54:38.315 [main] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
Dec 19 09:54:38 Mount tomcat9[2234]: 09:54:38.441 [main] INFO o.a.g.rest.auth.HashTokenSessionMap - Sessions will expire after 60 minutes of inactivity.
Dec 19 09:54:38 Mount tomcat9[2234]: 09:54:38.673 [main] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
Dec 19 09:54:40 Mount tomcat9[2234]: 09:54:40.421 [main] INFO o.a.g.extension.ExtensionModule - Extension "MySQL Authentication" loaded.
Dec 19 09:54:40 Mount tomcat9[2234]: 09:54:40.424 [main] INFO o.a.g.environment.LocalEnvironment - GUACAMOLE_HOME is "/etc/guacamole".
Dec 19 09:54:40 Mount tomcat9[2234]: 09:54:40.584 [main] INFO o.a.g.t.w.WebSocketTunnelModule - Loading JSR-356 WebSocket support...
Dec 19 09:54:41 Mount tomcat9[2234]: Registering org.apache.guacamole.rest.RESTExceptionMapper as a provider class
Dec 19 09:54:41 Mount tomcat9[2234]: Registering org.apache.guacamole.rest.extension.ExtensionRESTService as a root resource class
Dec 19 09:54:41 Mount tomcat9[2234]: Registering org.apache.guacamole.rest.language.LanguageRESTService as a root resource class
Dec 19 09:54:41 Mount tomcat9[2234]: Registering org.apache.guacamole.rest.patch.PatchRESTService as a root resource class
Dec 19 09:54:41 Mount tomcat9[2234]: Registering org.apache.guacamole.rest.auth.TokenRESTService as a root resource class
Dec 19 09:54:41 Mount tomcat9[2234]: Registering org.apache.guacamole.rest.session.SessionRESTService as a root resource class
Dec 19 09:54:41 Mount tomcat9[2234]: Registering org.codehaus.jackson.jaxrs.JacksonJsonProvider as a provider class
Dec 19 09:54:41 Mount tomcat9[2234]: Initiating Jersey application, version 'Jersey: 1.17.1 02/28/2013 12:47 PM'
Dec 19 09:54:41 Mount tomcat9[2234]: Binding org.apache.guacamole.rest.RESTExceptionMapper to GuiceManagedComponentProvider with the scope "Singleton"
Dec 19 09:54:41 Mount tomcat9[2234]: Binding org.codehaus.jackson.jaxrs.JacksonJsonProvider to GuiceManagedComponentProvider with the scope "Singleton"
Dec 19 09:54:42 Mount tomcat9[2234]: Binding org.apache.guacamole.rest.extension.ExtensionRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
Dec 19 09:54:42 Mount tomcat9[2234]: Binding org.apache.guacamole.rest.language.LanguageRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
Dec 19 09:54:42 Mount tomcat9[2234]: Binding org.apache.guacamole.rest.patch.PatchRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
Dec 19 09:54:42 Mount tomcat9[2234]: Binding org.apache.guacamole.rest.auth.TokenRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
Dec 19 09:54:42 Mount tomcat9[2234]: Binding org.apache.guacamole.rest.session.SessionRESTService to GuiceManagedComponentProvider with the scope "PerRequest"
Dec 19 09:54:42 Mount tomcat9[2234]: WebjarsServlet initialization completed
Dec 19 09:54:42 Mount tomcat9[2234]: Deployment of web application archive [/var/lib/tomcat9/webapps/guacamole.war] has finished in [6,444] ms
Dec 19 09:54:42 Mount tomcat9[2234]: Deploying web application directory [/var/lib/tomcat9/webapps/ROOT]
Dec 19 09:54:43 Mount tomcat9[2234]: At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
Dec 19 09:54:43 Mount tomcat9[2234]: Deployment of web application directory [/var/lib/tomcat9/webapps/ROOT] has finished in [1,042] ms
Dec 19 09:54:43 Mount tomcat9[2234]: Starting ProtocolHandler ["http-nio-8080"]
Dec 19 09:54:43 Mount tomcat9[2234]: Server startup in [10,492] milliseconds
(END)
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
Sorry. I got confused. I found the tomcat server.xml file, added the <Valve entry and modified the existing <Connector port="8080" protocol="HTTP/1.1” entry to contain URIEncoding="UTF-8”. I removed the <Valve and <Connector entrees from the VirtualHost block. I then restarted apache2 and tomcat9, and guacd. Still no luck.
If possible, could you suggest logs that I might look in to isolate the problem?
>
> <Connector .../> and <Valve .../> are elements used within Tomcat's server.xml configuration file, not the configuration of the Apache HTTP server.
>
> - Mike
>
>
> On Sun, Dec 18, 2022, 4:46 PM Dan Nessett <dn...@yahoo.com.invalid> wrote:
> OK. I changed the port to which apache proxies to 8080. Here is the resultant VirtualHost block:
>
> <VirtualHost localhost:4443>
> ServerName server
> DocumentRoot /mnt/raid5/webserver/sites/MOserver
> Header always unset X-Frame-Options
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> <Location /guacamole/>
> Order allow,deny
> Allow from all
> ProxyPass http://127.0.0.1:8080/guacamole/ <http://127.0.0.1:8080/guacamole/> flushpackets=on
> ProxyPassReverse http://127.0.0.1:8080/guacamole/ <http://127.0.0.1:8080/guacamole/>
> </Location>
>
> <Location /websocket-tunnel>
> Order allow,deny
> Allow from all
> #Require all granted
> ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel <>
> ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel <>
> </Location>
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="8443" />
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="127.0.0.1"
> remoteIpHeader="x-forwarded-for"
> remoteIpProxiesHeader="x-forwarded-by"
> protocolHeader="x-forwarded-proto" />
>
> SSLEngine on
> SSLCertificateFile /root/.acme.sh/* <http://acme.sh/*>.mountolive.com/fullchain.cer <http://mountolive.com/fullchain.cer>
> SSLCertificateKeyFile /root/.acme.sh/* <http://acme.sh/*>.mountolive.com/*.mountolive.com.key <http://mountolive.com/*.mountolive.com.key>
> </VirtualHost>
>
> Note that I added <Connector> and <Valve> blocks as is directed in the guacamole documentation. I didn’t know if the <Valve> block was necessary, so I added it as a precaution. However, apache2 then threw the following error:
>
> dnessett@Mount:/etc/apache2/sites-enabled$ sudo systemctl status apache2
> ● apache2.service - The Apache HTTP Server
> Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
> Drop-In: /lib/systemd/system/apache2.service.d
> └─apache2-systemd.conf
> Active: failed (Result: exit-code) since Sun 2022-12-18 17:33:38 MST; 30s ago
> Process: 3695 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
> Process: 1827 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
> Process: 3838 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
> Main PID: 3439 (code=exited, status=0/SUCCESS)
>
> Dec 18 17:33:37 Mount systemd[1]: Starting The Apache HTTP Server...
> Dec 18 17:33:37 Mount apachectl[3838]: apache2: Syntax error on line 223 of /etc/apache2/apache2.conf: Syntax error on line 72 of /etc/apache2/sites-enabled/000-default.conf: Expected </Valve> but saw
> Dec 18 17:33:38 Mount apachectl[3838]: Action 'start' failed.
> Dec 18 17:33:38 Mount apachectl[3838]: The Apache error log may have more information.
> Dec 18 17:33:38 Mount systemd[1]: apache2.service: Control process exited, code=exited status=1
> Dec 18 17:33:38 Mount systemd[1]: apache2.service: Failed with result 'exit-code'.
> Dec 18 17:33:38 Mount systemd[1]: Failed to start The Apache HTTP Server
>
>
>> On Dec 18, 2022, at 3:53 PM, Michael Jumper <mjumper@apache.org <ma...@apache.org>> wrote:
>>
>> On Sun, Dec 18, 2022, 1:52 PM Dan Nessett <dnessett@yahoo.com.invalid <ma...@yahoo.com.invalid>> wrote:
>> ...
>>
>> I tried to follow the instructions here: https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache <https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache>
>>
>> You should always look at the current version of the manual unless you have a specific need to look at the version-specific snapshot. The above link is for the 0.9.7 release which is 7 years old.
>>
>> https://guacamole.apache.org/doc/gug/ <https://guacamole.apache.org/doc/gug/>
>>
>> However, the port suggested for guacamole listening (8080) is used by Tomcat, so I changed it to 4822, which is the default port for guacamole.
>>
>> No, this is wrong. Port 4822 is the guacd port and has nothing to do with the webapp. Tomcat indeed should listen on port 8080, and therefore should be the port that Apache forwards its received data to.
>>
>> Overall:
>>
>> Browser <-- HTTPS (443) --> Apache <-- HTTP (8080) --> Tomcat
>>
>> The webapp establishes connections internally to guacd via port 4822 as needed. These are not publicly exposed through Apache any more than connections to the database are publicly exposed.
>>
>> - Mike
>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Michael Jumper <mj...@apache.org>.
<Connector .../> and <Valve .../> are elements used within Tomcat's
server.xml configuration file, not the configuration of the Apache HTTP
server.
- Mike
On Sun, Dec 18, 2022, 4:46 PM Dan Nessett <dn...@yahoo.com.invalid>
wrote:
> OK. I changed the port to which apache proxies to 8080. Here is the
> resultant VirtualHost block:
>
> <VirtualHost localhost:4443>
> ServerName server
> DocumentRoot /mnt/raid5/webserver/sites/MOserver
> Header always unset X-Frame-Options
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> <Location /guacamole/>
> Order allow,deny
> Allow from all
> ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
> ProxyPassReverse http://127.0.0.1:8080/guacamole/
> </Location>
>
> <Location /websocket-tunnel>
> Order allow,deny
> Allow from all
> #Require all granted
> ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
> ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
> </Location>
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="8443" />
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="127.0.0.1"
> remoteIpHeader="x-forwarded-for"
> remoteIpProxiesHeader="x-forwarded-by"
> protocolHeader="x-forwarded-proto" />
>
> SSLEngine on
> SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
> SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
> </VirtualHost>
>
> Note that I added <Connector> and <Valve> blocks as is directed in the
> guacamole documentation. I didn’t know if the <Valve> block was necessary,
> so I added it as a precaution. However, apache2 then threw the following
> error:
>
> dnessett@Mount:/etc/apache2/sites-enabled$ sudo systemctl status apache2
> ● apache2.service - The Apache HTTP Server
> Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor
> preset: enabled)
> Drop-In: /lib/systemd/system/apache2.service.d
> └─apache2-systemd.conf
> Active: failed (Result: exit-code) since Sun 2022-12-18 17:33:38 MST;
> 30s ago
> Process: 3695 ExecStop=/usr/sbin/apachectl stop (code=exited,
> status=1/FAILURE)
> Process: 1827 ExecReload=/usr/sbin/apachectl graceful (code=exited,
> status=0/SUCCESS)
> Process: 3838 ExecStart=/usr/sbin/apachectl start (code=exited,
> status=1/FAILURE)
> Main PID: 3439 (code=exited, status=0/SUCCESS)
>
> Dec 18 17:33:37 Mount systemd[1]: Starting The Apache HTTP Server...
> Dec 18 17:33:37 Mount apachectl[3838]: apache2: Syntax error on line 223
> of /etc/apache2/apache2.conf: Syntax error on line 72 of
> /etc/apache2/sites-enabled/000-default.conf: Expected </Valve> but saw
> Dec 18 17:33:38 Mount apachectl[3838]: Action 'start' failed.
> Dec 18 17:33:38 Mount apachectl[3838]: The Apache error log may have more
> information.
> Dec 18 17:33:38 Mount systemd[1]: apache2.service: Control process exited,
> code=exited status=1
> Dec 18 17:33:38 Mount systemd[1]: apache2.service: Failed with result
> 'exit-code'.
> Dec 18 17:33:38 Mount systemd[1]: Failed to start The Apache HTTP Server
>
>
> On Dec 18, 2022, at 3:53 PM, Michael Jumper <mj...@apache.org> wrote:
>
> On Sun, Dec 18, 2022, 1:52 PM Dan Nessett <dn...@yahoo.com.invalid>
> wrote:
>
>> ...
>>
>> I tried to follow the instructions here:
>> https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache
>>
>
> You should always look at the current version of the manual unless you
> have a specific need to look at the version-specific snapshot. The above
> link is for the 0.9.7 release which is 7 years old.
>
> https://guacamole.apache.org/doc/gug/
>
> However, the port suggested for guacamole listening (8080) is used by
>> Tomcat, so I changed it to 4822, which is the default port for guacamole.
>>
>
> No, this is wrong. Port 4822 is the guacd port and has nothing to do with
> the webapp. Tomcat indeed should listen on port 8080, and therefore should
> be the port that Apache forwards its received data to.
>
> Overall:
>
> Browser <-- HTTPS (443) --> Apache <-- HTTP (8080) --> Tomcat
>
> The webapp establishes connections internally to guacd via port 4822 as
> needed. These are not publicly exposed through Apache any more than
> connections to the database are publicly exposed.
>
> - Mike
>
>
>
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Dan Nessett <dn...@yahoo.com.INVALID>.
OK. I changed the port to which apache proxies to 8080. Here is the resultant VirtualHost block:
<VirtualHost localhost:4443>
ServerName server
DocumentRoot /mnt/raid5/webserver/sites/MOserver
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
#Require all granted
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile /root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
Note that I added <Connector> and <Valve> blocks as is directed in the guacamole documentation. I didn’t know if the <Valve> block was necessary, so I added it as a precaution. However, apache2 then threw the following error:
dnessett@Mount:/etc/apache2/sites-enabled$ sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Sun 2022-12-18 17:33:38 MST; 30s ago
Process: 3695 ExecStop=/usr/sbin/apachectl stop (code=exited, status=1/FAILURE)
Process: 1827 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
Process: 3838 ExecStart=/usr/sbin/apachectl start (code=exited, status=1/FAILURE)
Main PID: 3439 (code=exited, status=0/SUCCESS)
Dec 18 17:33:37 Mount systemd[1]: Starting The Apache HTTP Server...
Dec 18 17:33:37 Mount apachectl[3838]: apache2: Syntax error on line 223 of /etc/apache2/apache2.conf: Syntax error on line 72 of /etc/apache2/sites-enabled/000-default.conf: Expected </Valve> but saw
Dec 18 17:33:38 Mount apachectl[3838]: Action 'start' failed.
Dec 18 17:33:38 Mount apachectl[3838]: The Apache error log may have more information.
Dec 18 17:33:38 Mount systemd[1]: apache2.service: Control process exited, code=exited status=1
Dec 18 17:33:38 Mount systemd[1]: apache2.service: Failed with result 'exit-code'.
Dec 18 17:33:38 Mount systemd[1]: Failed to start The Apache HTTP Server
> On Dec 18, 2022, at 3:53 PM, Michael Jumper <mj...@apache.org> wrote:
>
> On Sun, Dec 18, 2022, 1:52 PM Dan Nessett <dn...@yahoo.com.invalid> wrote:
> ...
>
> I tried to follow the instructions here: https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache <https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache>
>
> You should always look at the current version of the manual unless you have a specific need to look at the version-specific snapshot. The above link is for the 0.9.7 release which is 7 years old.
>
> https://guacamole.apache.org/doc/gug/ <https://guacamole.apache.org/doc/gug/>
>
> However, the port suggested for guacamole listening (8080) is used by Tomcat, so I changed it to 4822, which is the default port for guacamole.
>
> No, this is wrong. Port 4822 is the guacd port and has nothing to do with the webapp. Tomcat indeed should listen on port 8080, and therefore should be the port that Apache forwards its received data to.
>
> Overall:
>
> Browser <-- HTTPS (443) --> Apache <-- HTTP (8080) --> Tomcat
>
> The webapp establishes connections internally to guacd via port 4822 as needed. These are not publicly exposed through Apache any more than connections to the database are publicly exposed.
>
> - Mike
Re: I seem to be misconfiguring guacamole (or apache virtual host for guacamole), can anyone help?
Posted by Michael Jumper <mj...@apache.org>.
On Sun, Dec 18, 2022, 1:52 PM Dan Nessett <dn...@yahoo.com.invalid>
wrote:
> ...
>
> I tried to follow the instructions here:
> https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache
>
You should always look at the current version of the manual unless you have
a specific need to look at the version-specific snapshot. The above link is
for the 0.9.7 release which is 7 years old.
https://guacamole.apache.org/doc/gug/
However, the port suggested for guacamole listening (8080) is used by
> Tomcat, so I changed it to 4822, which is the default port for guacamole.
>
No, this is wrong. Port 4822 is the guacd port and has nothing to do with
the webapp. Tomcat indeed should listen on port 8080, and therefore should
be the port that Apache forwards its received data to.
Overall:
Browser <-- HTTPS (443) --> Apache <-- HTTP (8080) --> Tomcat
The webapp establishes connections internally to guacd via port 4822 as
needed. These are not publicly exposed through Apache any more than
connections to the database are publicly exposed.
- Mike