You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by bsavard <bs...@zmartests.com> on 2017/03/07 17:14:10 UTC
WebSockets enablement issue --> SSL Scanning issue
Hi,
I have a working setup using GUAC 0.9.9 / Apache 2.4.23 / Tomcat 7.0.52 /
Ubuntu Server 14.04 / Java 1.7.0_121 to access a VM running Windows 7 (RDP
connection).
I'm having issue with user connecting with an Anti-Virus like Bitdefender or
Kaspersky which do SSL Scanning. When disabling this option, it works fine.
I read in a post that if WebSockets are used, this is no longer an issue.
If I look in Tomcat access log, I see a bunch of /tunnel?write and
/tunnel?read during an active connection. Which, I think, indicate me that
I'm not using a WebSocket. Right?
The traffic is (proxy) going through Apache but even if I bypass it, still
no WebSocket.
I build my own Guacamole application using the below tutorial and I'm
wondering if this is not the source of the problem. Is WebSocket working if
I do this?
https://guacamole.incubator.apache.org/doc/gug/writing-you-own-guacamole-app.html
I reviewed my configuration many times, and tried different things but still
no success. Any help will be welcome.
Thanks,
--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/WebSockets-enablement-issue-SSL-Scanning-issue-tp524.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
Re: WebSockets enablement issue --> SSL Scanning issue
Posted by bsavard <bs...@zmartests.com>.
Thanks Mike. This is exactly the confirmation and information I was looking
for. I will give it a try and let you know how it goes. Also, I will be
pleased to contribute and enhance the tutorial to make it WebSocket ready.
Thanks again.
Bruno Savard
--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/WebSockets-enablement-issue-SSL-Scanning-issue-tp524p629.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
Re: WebSockets enablement issue --> SSL Scanning issue
Posted by Mike Jumper <mi...@guac-dev.org>.
The tutorial hasn't been updated with respect to WebSocket, and still only
describes how to set up the HTTP tunnel. If you want to add WebSocket
support to your Guacamole-driven application, you will need to add an
implementation of GuacamoleWebSocketTunnelEndpoint (the WebSocket anology
to GuacamoleHTTPTunnelServlet):
http://guacamole.incubator.apache.org/doc/guacamole-common/org/apache/guacamole/websocket/GuacamoleWebSocketTunnelEndpoint.html
Beware that Java support for WebSockets is different from servlets. If
you're already experienced with using Java servlets, WebSocket endpoints
will have bit of a learning curve. Definitely give it a shot and let us
know if you run into any trouble while you do. Perhaps we can use that
feedback to update the tutorial.
By the way, the dev@ mailing list is a better place for development
discussion, rather than the Nabble interface to the user@ list:
http://guacamole.incubator.apache.org/support/#mailing-lists
- Mike
On Tue, Mar 21, 2017 at 2:02 PM, bsavard <bs...@zmartests.com> wrote:
> I tried again using a vanilla setup with the tutorial and I'm still getting
> the same issue. No WebSocket.
>
> With the Tutorial, I'm getting the following sequence in tomcat access log.
> "GET /tutorial/index.html HTTP/1.1" 304 -
> "POST /tutorial/tunnel?connect HTTP/1.1" 200 36
> "POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c
> HTTP/1.1"
> 200 -
> "GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:0
> HTTP/1.1"
> 200 639
> "POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c
> HTTP/1.1"
> 200 -
> "GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:1
> HTTP/1.1"
> 200 8217
> "GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:2
> HTTP/1.1"
> 200 23377
> "POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c
> HTTP/1.1"
> 200 -
> "POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c
> HTTP/1.1"
> 200 -
> ....
>
>
> With Guacamole Client, I'm getting the following sequence, which clearly
> show that we are using websocket (last line).
> "GET /guacamole/ HTTP/1.1" 304 -
> "GET /guacamole/app.css?v=0.9.9 HTTP/1.1" 200 44382
> "GET /guacamole/app.js?v=0.9.9 HTTP/1.1" 200 656348
> "GET
> /guacamole/api/languages?token=3215a5e3e4c4106cefd6bc6bd47e6d
> 7d09171136ba3c9e93d8ca6d8
> HTTP/1.1" 200 115
> "GET /guacamole/translations/en.json HTTP/1.1" 200 33115
> "POST /guacamole/api/tokens HTTP/1.1" 200 168
> "DELETE
> /guacamole/api/tokens/3215a5e3e4c4106cefd6bc6bd47e6d
> 7d09171136ba3c9e93d8ca6d8
> HTTP/1.1" 404 74
> "GET
> /guacamole/api/data/default/connectionGroups/ROOT/tree?token=
> bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe
> HTTP/1.1" 200 266
> "POST /guacamole/api/tokens HTTP/1.1" 200 168
> "GET
> /guacamole/api/data/default/connections/xxxxxxxx?token=
> bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe
> HTTP/1.1" 200 147
> "HEAD /guacamole/app/element/templates/blank.html HTTP/1.1" 200 -
> "HEAD /guacamole/app/element/templates/blank.html HTTP/1.1" 200 -
> "GET
> /guacamole/api/data/default/users/xxxxxxxx/permissions?token=
> bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe
> HTTP/1.1" 200 188
> "GET
> /guacamole/websocket-tunnel?token=bc03bd7a4ff3499c7e72247795cb54
> b7c485c27b0e9fc34805157fe&GUAC_DATA_SOURCE=default&GUAC_
> ID=xxxxxxxx&GUAC_TYPE=c&GUAC_WIDTH=1238&GUAC_HEIGHT=800&
> GUAC_DPI=114&GUAC_IMAGE=image%2Fjpeg&GUAC_IMAGE=image%2Fpng
> HTTP/1.1" 101 -
>
>
>
>
> --
> View this message in context: http://apache-guacamole-
> incubating-users.2363388.n4.nabble.com/WebSockets-
> enablement-issue-SSL-Scanning-issue-tp524p625.html
> Sent from the Apache Guacamole (incubating) - Users mailing list archive
> at Nabble.com.
>
Re: WebSockets enablement issue --> SSL Scanning issue
Posted by bsavard <bs...@zmartests.com>.
I tried again using a vanilla setup with the tutorial and I'm still getting
the same issue. No WebSocket.
With the Tutorial, I'm getting the following sequence in tomcat access log.
"GET /tutorial/index.html HTTP/1.1" 304 -
"POST /tutorial/tunnel?connect HTTP/1.1" 200 36
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1"
200 -
"GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:0 HTTP/1.1"
200 639
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1"
200 -
"GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:1 HTTP/1.1"
200 8217
"GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:2 HTTP/1.1"
200 23377
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1"
200 -
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1"
200 -
....
With Guacamole Client, I'm getting the following sequence, which clearly
show that we are using websocket (last line).
"GET /guacamole/ HTTP/1.1" 304 -
"GET /guacamole/app.css?v=0.9.9 HTTP/1.1" 200 44382
"GET /guacamole/app.js?v=0.9.9 HTTP/1.1" 200 656348
"GET
/guacamole/api/languages?token=3215a5e3e4c4106cefd6bc6bd47e6d7d09171136ba3c9e93d8ca6d8
HTTP/1.1" 200 115
"GET /guacamole/translations/en.json HTTP/1.1" 200 33115
"POST /guacamole/api/tokens HTTP/1.1" 200 168
"DELETE
/guacamole/api/tokens/3215a5e3e4c4106cefd6bc6bd47e6d7d09171136ba3c9e93d8ca6d8
HTTP/1.1" 404 74
"GET
/guacamole/api/data/default/connectionGroups/ROOT/tree?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe
HTTP/1.1" 200 266
"POST /guacamole/api/tokens HTTP/1.1" 200 168
"GET
/guacamole/api/data/default/connections/xxxxxxxx?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe
HTTP/1.1" 200 147
"HEAD /guacamole/app/element/templates/blank.html HTTP/1.1" 200 -
"HEAD /guacamole/app/element/templates/blank.html HTTP/1.1" 200 -
"GET
/guacamole/api/data/default/users/xxxxxxxx/permissions?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe
HTTP/1.1" 200 188
"GET
/guacamole/websocket-tunnel?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe&GUAC_DATA_SOURCE=default&GUAC_ID=xxxxxxxx&GUAC_TYPE=c&GUAC_WIDTH=1238&GUAC_HEIGHT=800&GUAC_DPI=114&GUAC_IMAGE=image%2Fjpeg&GUAC_IMAGE=image%2Fpng
HTTP/1.1" 101 -
--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/WebSockets-enablement-issue-SSL-Scanning-issue-tp524p625.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
Re: WebSockets enablement issue --> SSL Scanning issue
Posted by bsavard <bs...@zmartests.com>.
I did some extra testing and I confirm that my setup is ok to support
WebSockets. If I use the guacamole-client (guacamole.war), I see that I'm
using WebSockets and no more issues with Anti-Virus.
I tried to copy my custom-client files over the guacamole-client setup, and
same issue. No WebSockets.
So it really come down to my custom-client app that I built based on the
tutorial.
So, I would like to know if the tutorial-client app is suppose to support
WebSockets. If yes, then I made a mistake and I will find out. If not, how
can I enable it?
Thanks,
--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/WebSockets-enablement-issue-SSL-Scanning-issue-tp524p531.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.