You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by "Richard Gallamore (JIRA)" <ji...@apache.org> on 2017/09/13 03:49:01 UTC
[jira] [Comment Edited] (GUACAMOLE-379) SFTP put requests fail on
rdp and SFTP server
[ https://issues.apache.org/jira/browse/GUACAMOLE-379?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16164106#comment-16164106 ]
Richard Gallamore edited comment on GUACAMOLE-379 at 9/13/17 3:48 AM:
----------------------------------------------------------------------
Ah, yeah I failed to mention that, when guacd is started in trace log_level, there are no errors provided.
I actually finally wised up and checked the browser console and noticed I am receiving http error 413.
{code:java}
POST https://www.private.com/guacamole/api/session/tunnels/d1e93366-a7a6-4c9d…log?token=4C27FBBE17AE167182A3940094EB31C9FDC37BF64B99DE9A061940E1330CD221 413 ()
and
/guacamole/api/session/tunnels/d1e93366-a7a6-4c9d-8f52-06b6e132b015/streams…tio?token=4C27FBBE17AE167182A3940094EB31C9FDC37BF64B99DE9A061940E1330CD221 Failed to load resource: the server responded with a status of 413 ()
{code}
Guacamole is also running on tomcat8 behind nginx which I suspect must be the issue. I am using the following configuration:
{code:java}
http {
include mime.types;
types {
text/plain log;
}
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# don't send the nginx version number in error pages and Server header
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AES256GCM:EDH+AES256GCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve P-521:P-384;
ssl_dhparam /usr/local/etc/ssl/keys/dhparams_4096.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver private 8.8.8.8 8.8.4.4;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
server {
listen 80;
# listen [::]:80;
server_name private.com;
return 301 https://$host$request_uri;
}
server {
listen 443 default_server ssl http2;
# listen [::]:443 default_server ssl http2;
server_name www.private.com;
root /usr/local/www/nginx;
index index.php index.htm index.html;
ssl_certificate omitted;
ssl_certificate_key omitted;
ssl_trusted_certificate omitted;
error_page 500 502 503 504 /50x.html;
location = 50x.html {
root /usr/local/www/nginx-dist;
}
...REMOVED more irrelevant code...
location /guacamole {
add_header X-Frame-Options "";
# proxy_set_header X-Forwarded-Host $host:$server_port;
# proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass http://private:8080/guacamole;
proxy_buffering off;
proxy_http_version 1.1;
access_log off;
}
}
}
{code}
was (Author: ultima1252):
Ah, yeah I failed to mention that, when guacd is started in trace log_level, there are no errors provided.
I actually finally wised up and checked the browser console and noticed I am receiving http error 413. Guacamole is also running on tomcat8 behind nginx which I suspect must be the issue. I am using the following configuration:
{code:java}
http {
include mime.types;
types {
text/plain log;
}
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
# don't send the nginx version number in error pages and Server header
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_ciphers "EECDH+AES256GCM:EDH+AES256GCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve P-521:P-384;
ssl_dhparam /usr/local/etc/ssl/keys/dhparams_4096.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver private 8.8.8.8 8.8.4.4;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
server {
listen 80;
# listen [::]:80;
server_name private.com;
return 301 https://$host$request_uri;
}
server {
listen 443 default_server ssl http2;
# listen [::]:443 default_server ssl http2;
server_name www.private.com;
root /usr/local/www/nginx;
index index.php index.htm index.html;
ssl_certificate omitted;
ssl_certificate_key omitted;
ssl_trusted_certificate omitted;
error_page 500 502 503 504 /50x.html;
location = 50x.html {
root /usr/local/www/nginx-dist;
}
...REMOVED more irrelevant code...
location /guacamole {
add_header X-Frame-Options "";
# proxy_set_header X-Forwarded-Host $host:$server_port;
# proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_pass http://private:8080/guacamole;
proxy_buffering off;
proxy_http_version 1.1;
access_log off;
}
}
}
{code}
> SFTP put requests fail on rdp and SFTP server
> ---------------------------------------------
>
> Key: GUACAMOLE-379
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-379
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole
> Affects Versions: 0.9.13-incubating
> Environment: FreeBSD Current r323109 using 11-STABLE r323103 user land. ZFS file system.
> Reporter: Richard Gallamore
>
> Currently I have attempted to use SFTP with a few different configurations. Most if not 90% of all the configurations I have attempted fail with:
> {quote}
> You do not have permission to upload this file. If you require access, please check your system settings, or check with your system administrator.
> {quote}
> sshd_config: all defaults with this conditional
> {code:none}
> Match User guacamole
> ChrootDirectory /home/guacamole
> X11Forwarding no
> AllowTcpForwarding no
> ForceCommand internal-sftp
> AuthenticationMethods publickey #,keyboard-interactive # using both Methods will fail
> {code}
> This is not a permissions issue,
> {code:none}
> # ls /home/guacamole/home/guacamole
> # echo "put -p /home/guacamole/a /home/guacamole" | sftp -P22 guacamole@private.com
> Enter passphrase for key '/root/.ssh/id_rsa':
> Connected to private.com.
> sftp> put -p /home/guacamole/a /home/guacamole
> Uploading /home/guacamole/a to /home/guacamole/a
> /home/guacamole/a
> # ls /home/guacamole/home/guacamole
> a
> {code}
> Have also tested using rdp drive option and received mostly the same results. Randomly it will work on some files but I have not been able to figure out why. Does not seem to be related to filename or size.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)