You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by Nick Couchman <vn...@apache.org> on 2021/12/10 12:06:48 UTC
Re: HTTPS support for Guacamole
On Thu, Dec 9, 2021 at 10:20 PM Manoj Patil <ma...@gmail.com> wrote:
> Dear,
>
> We implement the Guacamole with XRDP on centos 7.5 with HTTPS please
> confirm the guacamole run over tomcat with https smoothly .
>
>
Yes, Guacamole works fine over HTTPS - this is the recommended
configuration. I use it over HTTPS on a regular basis.
> In my case I not used NGINX i am use tomcat with HTTPS certificate. But I
> see I saw a “network connection is unstable message” in my WAN environment
> so I request to guide us
>
>
I would recommend using HTTPS with Nginx or Apache httpd and not doing it
directly in Tomcat. It's generally easier to configure and easier to secure
(no requirement for root access, etc.). The instances of Guacamole that I
use on a daily basis are used with Nginx. As far as the "Network Connection
is Unstable" message that you receive in this configuration, that indicates
some misconfiguration or resource constraint. Nginx is perfectly capable of
handling this, and there's nothing in Guacamole that would cause this
configuration to fail.
That said, if you have it working with HTTPS configured in Tomcat, and that
is working in your environment, then that is probably fine - so long as
Tomcat is not running as root.
-Nick
Re: HTTPS support for Guacamole
Posted by Manoj Patil <ma...@gmail.com>.
Hello, please update on below doubt
> On 10-Dec-2021, at 7:24 PM, Manoj Patil <ma...@gmail.com> wrote:
>
> Thanks Nick.
>
> I have one another doubt is when I am using a nginx that time I am stop the tomcat which is installed automatically when installed guacamole.
>
> I have install the setup guacamole 1.0+tomcat 8 +xrdp in one machine and this machine is accessible over WAN . But in a day a “Unstable network “ message is flash and disconnect a connection .
>
> This setup is accessible at client side and those network are good but in client side have 10 machines and the “unstable network message “ is not flash all the machine it flash randomly in machines.
>
> I am test same setup of new server at my side for another client which is another state those have also issue.
>
> From 2 days I do a one of setup Xrdp+centos 7 + tomcat 8 , this setup I am accessible through MSTSC web HTML page at same client side and there is no issue of disconnect the server in whole day. From last 2 days this running fine .
>
> So I request you what happen when I am going through the this setup guacamole 1.0+tomcat 8 +xrdp and message is flash “Unstable network”
>
> Please guide us
>
>> On 10-Dec-2021, at 7:03 PM, Nick Couchman <vnick@apache.org <ma...@apache.org>> wrote:
>>
>> On Fri, Dec 10, 2021 at 8:23 AM Manoj Patil <manoj2patil@gmail.com <ma...@gmail.com>> wrote:
>> Okay, but please give me a example of HTTPS of nginx over a domain names
>>
>>
>> I'm not really sure what you mean by "over a domain names"? I've attached the nginx.conf for one of the Guacamole servers that I run. There's really not much to it - it's a pretty standard Nginx configuration. I'm not setting a specific hostname - just using the host name of the server it's running on. Also, instructions for proxying with both httpd and Nginx can be found in the manual:
>>
>> https://guacamole.apache.org/doc/gug/proxying-guacamole.html <https://guacamole.apache.org/doc/gug/proxying-guacamole.html>
>>
>> -Nick
>> <nginx.conf>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org <ma...@guacamole.apache.org>
>> For additional commands, e-mail: user-help@guacamole.apache.org <ma...@guacamole.apache.org>
Re: HTTPS support for Guacamole
Posted by Nick Couchman <ni...@gmail.com>.
On Sat, Dec 18, 2021 at 3:56 AM Manoj Patil <ma...@gmail.com> wrote:
> Thanks,
>
> I will do the setup of Nginx .but I am not too much aware of Nginx so
> kindly help me to configured the Nginx to access the guacamole on web
> through https.
>
>
For configuring SSL/TLS (HTTPS) with Nginx, there are plenty of online
references that you can find. For proxying Guacamole through Nginx
correctly, please see the manual:
https://guacamole.apache.org/doc/gug/proxying-guacamole.html#nginx
-Nick
Re: HTTPS support for Guacamole
Posted by Manoj Patil <ma...@gmail.com>.
Thanks,
I will do the setup of Nginx .but I am not too much aware of Nginx so kindly help me to configured the Nginx to access the guacamole on web through https.
> On 17-Dec-2021, at 11:59 PM, Nick Couchman <vn...@apache.org> wrote:
>
> On Fri, Dec 10, 2021 at 8:54 AM Manoj Patil <manoj2patil@gmail.com <ma...@gmail.com>> wrote:
> Thanks Nick.
>
> I have one another doubt is when I am using a nginx that time I am stop the tomcat which is installed automatically when installed guacamole.
>
>
> Both Tomcat and Nginx are required. Proxying Guacamole through Nginx doesn't get rid of Tomcat, it simply puts Tomcat behind Nginx, so that Nginx can provide HTTPS access and a more standard port than Tomcat, in a more secure fashion than Java. Nginx is also easier to configure SSL/TLS on than Tomcat.
>
> I have install the setup guacamole 1.0+tomcat 8 +xrdp in one machine and this machine is accessible over WAN . But in a day a “Unstable network “ message is flash and disconnect a connection .
>
>
> I think you've posted about this before, and you're going to have to look closely at your environment. These messages indicate that Guacamole-related traffic is not making it from the client machine (web browser) to guacd. This can indicate any number of problems, including misconfiguration, resource issues, or other software that interferes with the communication (e.g. application-aware firewalls, also known as deep-packet inspection). If you only see this issue when you're using Nginx as a proxy, then verify, first, that you've configured Nginx as directed in the manual - most notably, there are some parameters related to buffering that absolutely must be present in order to make the connections stable. If you've configured Nginx correctly, then I would look next for network-related items, like firewalls that are inspecting HTTPS traffic, and make sure that those are not interfering.
>
> If you've verified configuration and network, then look at the components of Guacamole and make sure there are not any resource constraints - CPU, RAM, or network bandwidth.
>
> -Nick
Re: HTTPS support for Guacamole
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Dec 10, 2021 at 8:54 AM Manoj Patil <ma...@gmail.com> wrote:
> Thanks Nick.
>
> I have one another doubt is when I am using a nginx that time I am stop
> the tomcat which is installed automatically when installed guacamole.
>
>
Both Tomcat and Nginx are required. Proxying Guacamole through Nginx
doesn't get rid of Tomcat, it simply puts Tomcat behind Nginx, so that
Nginx can provide HTTPS access and a more standard port than Tomcat, in a
more secure fashion than Java. Nginx is also easier to configure SSL/TLS on
than Tomcat.
> I have install the setup guacamole 1.0+tomcat 8 +xrdp in one machine and
> this machine is accessible over WAN . But in a day a “Unstable network “
> message is flash and disconnect a connection .
>
>
I think you've posted about this before, and you're going to have to look
closely at your environment. These messages indicate that Guacamole-related
traffic is not making it from the client machine (web browser) to guacd.
This can indicate any number of problems, including misconfiguration,
resource issues, or other software that interferes with the communication
(e.g. application-aware firewalls, also known as deep-packet inspection).
If you only see this issue when you're using Nginx as a proxy, then verify,
first, that you've configured Nginx as directed in the manual - most
notably, there are some parameters related to buffering that absolutely
must be present in order to make the connections stable. If you've
configured Nginx correctly, then I would look next for network-related
items, like firewalls that are inspecting HTTPS traffic, and make sure that
those are not interfering.
If you've verified configuration and network, then look at the components
of Guacamole and make sure there are not any resource constraints - CPU,
RAM, or network bandwidth.
-Nick
Re: HTTPS support for Guacamole
Posted by Manoj Patil <ma...@gmail.com>.
Thanks Nick.
I have one another doubt is when I am using a nginx that time I am stop the tomcat which is installed automatically when installed guacamole.
I have install the setup guacamole 1.0+tomcat 8 +xrdp in one machine and this machine is accessible over WAN . But in a day a “Unstable network “ message is flash and disconnect a connection .
This setup is accessible at client side and those network are good but in client side have 10 machines and the “unstable network message “ is not flash all the machine it flash randomly in machines.
I am test same setup of new server at my side for another client which is another state those have also issue.
From 2 days I do a one of setup Xrdp+centos 7 + tomcat 8 , this setup I am accessible through MSTSC web HTML page at same client side and there is no issue of disconnect the server in whole day. From last 2 days this running fine .
So I request you what happen when I am going through the this setup guacamole 1.0+tomcat 8 +xrdp and message is flash “Unstable network”
Please guide us
> On 10-Dec-2021, at 7:03 PM, Nick Couchman <vn...@apache.org> wrote:
>
> On Fri, Dec 10, 2021 at 8:23 AM Manoj Patil <manoj2patil@gmail.com <ma...@gmail.com>> wrote:
> Okay, but please give me a example of HTTPS of nginx over a domain names
>
>
> I'm not really sure what you mean by "over a domain names"? I've attached the nginx.conf for one of the Guacamole servers that I run. There's really not much to it - it's a pretty standard Nginx configuration. I'm not setting a specific hostname - just using the host name of the server it's running on. Also, instructions for proxying with both httpd and Nginx can be found in the manual:
>
> https://guacamole.apache.org/doc/gug/proxying-guacamole.html <https://guacamole.apache.org/doc/gug/proxying-guacamole.html>
>
> -Nick
> <nginx.conf>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@guacamole.apache.org
> For additional commands, e-mail: user-help@guacamole.apache.org
Re: HTTPS support for Guacamole
Posted by Nick Couchman <vn...@apache.org>.
On Fri, Dec 10, 2021 at 8:23 AM Manoj Patil <ma...@gmail.com> wrote:
> Okay, but please give me a example of HTTPS of nginx over a domain names
>
>
I'm not really sure what you mean by "over a domain names"? I've
attached the nginx.conf for one of the Guacamole servers that I run.
There's really not much to it - it's a pretty standard Nginx configuration.
I'm not setting a specific hostname - just using the host name of the
server it's running on. Also, instructions for proxying with both httpd and
Nginx can be found in the manual:
https://guacamole.apache.org/doc/gug/proxying-guacamole.html
-Nick
Re: HTTPS support for Guacamole
Posted by Manoj Patil <ma...@gmail.com>.
Okay, but please give me a example of HTTPS of nginx over a domain names
> On 10-Dec-2021, at 5:36 PM, Nick Couchman <vn...@apache.org> wrote:
>
> On Thu, Dec 9, 2021 at 10:20 PM Manoj Patil <manoj2patil@gmail.com <ma...@gmail.com>> wrote:
> Dear,
>
> We implement the Guacamole with XRDP on centos 7.5 with HTTPS please confirm the guacamole run over tomcat with https smoothly .
>
>
> Yes, Guacamole works fine over HTTPS - this is the recommended configuration. I use it over HTTPS on a regular basis.
>
> In my case I not used NGINX i am use tomcat with HTTPS certificate. But I see I saw a “network connection is unstable message” in my WAN environment so I request to guide us
>
>
> I would recommend using HTTPS with Nginx or Apache httpd and not doing it directly in Tomcat. It's generally easier to configure and easier to secure (no requirement for root access, etc.). The instances of Guacamole that I use on a daily basis are used with Nginx. As far as the "Network Connection is Unstable" message that you receive in this configuration, that indicates some misconfiguration or resource constraint. Nginx is perfectly capable of handling this, and there's nothing in Guacamole that would cause this configuration to fail.
>
> That said, if you have it working with HTTPS configured in Tomcat, and that is working in your environment, then that is probably fine - so long as Tomcat is not running as root.
>
> -Nick