You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Dedalus21 <ja...@gmail.com> on 2021/05/02 13:39:36 UTC
502 Proxy Error Using SSL and Chrome
I have been using the same Apache Reverse Proxy settings, as instructed in
the Guacamole Manuel, since 2018 with Guacamole version 0.9.14. And things
have worked flawlessly. Since the end of 2020, sporadically with different
users, Chrome is unable to connect to Guacamole via SSL. Only Chrome is
showing a 502 Proxy Error, other browsers still connect without error.
Chrome's error:
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request
Reason: Error reading from remote server
My setup: My Reverse Proxy in on my DMZ (subnet 192.168.100.0/24) proxying
connections to the Guacamole Server on a trusted subnet 192.168.5.0/24.
Again, this setup has worked perfectly since July 2018 until now, and I only
have problems with Chrome.
I upgraded my Guacamole server (Ubuntu Server 20.04, Apache Tomcat 9 and
Guacamole 1.3.0) but still receive the same error with chrome. I tried
using a Nginx reverse proxy instead and still have the same problem - using
ssl all browsers I've tried connect except for Chrome.
This leads me to believe that my Tomcat settings may be missing something
and that Chrome has implemented stricter policies for the user's protection
and is exploiting a setting I may have missed that other browsers allow.
Again, Tomcat is set up as per the Guacamole manual.
Any thoughts? I have googled extensively and am unable to correct this. Is
no one else having this issue?
--
Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
For additional commands, e-mail: user-help@guacamole.apache.org
Re: 502 Proxy Error Using SSL and Chrome
Posted by Nick Couchman <vn...@apache.org>.
On Sun, May 2, 2021 at 9:39 AM Dedalus21 <ja...@gmail.com> wrote:
> I have been using the same Apache Reverse Proxy settings, as instructed in
> the Guacamole Manuel, since 2018 with Guacamole version 0.9.14. And things
> have worked flawlessly. Since the end of 2020, sporadically with different
> users, Chrome is unable to connect to Guacamole via SSL. Only Chrome is
> showing a 502 Proxy Error, other browsers still connect without error.
> Chrome's error:
> The proxy server received an invalid response from an upstream server.
> The proxy server could not handle the request
> Reason: Error reading from remote server
>
>
I'm not really sure how this could be Chrome-specific. I'm trying to
remember if I've ever seen such an error be browser-dependent, and I really
don't think I have. The only scenarios where this makes sense are:
1) If Chrome has a Proxy Server configuration that differs from the other
browsers and the proxy server (not reverse proxy) is causing issues, or
2) If the Proxy and/or Tomcat servers are doing any sort of filtering based
on User Agent.
3) Something network-based in between the browser and the httpd/Nginx
server is interfering - something with Deep Packet Inspection or the like
on the network.
That said, if nothing has changed in your setup in a couple of years, then
those don't really make sense.
> My setup: My Reverse Proxy in on my DMZ (subnet 192.168.100.0/24) proxying
> connections to the Guacamole Server on a trusted subnet 192.168.5.0/24.
> Again, this setup has worked perfectly since July 2018 until now, and I
> only
> have problems with Chrome.
>
> I upgraded my Guacamole server (Ubuntu Server 20.04, Apache Tomcat 9 and
> Guacamole 1.3.0) but still receive the same error with chrome. I tried
> using a Nginx reverse proxy instead and still have the same problem - using
> ssl all browsers I've tried connect except for Chrome.
>
> This leads me to believe that my Tomcat settings may be missing something
> and that Chrome has implemented stricter policies for the user's protection
> and is exploiting a setting I may have missed that other browsers allow.
> Again, Tomcat is set up as per the Guacamole manual.
>
>
Yeah, seems like something in Tomcat or between Tomcat and the Reverse
Proxy is not working properly. What do the logs say - both Tomcat and
Reverse Proxy (httpd and/or Nginx)?
-Nick