Jump to content
Taddeusz

[Support] jasonbean - Apache Guacamole

332 posts in this topic Last Reply

Recommended Posts

Thanks for new images!

but i have a question about Windows RDP connection. i have two nearly identical Win10 VMs, and i have configured Guac connections to them without password stored on Guac. one VM works like expected - on connection it just displays login dialog and asks for password, but second VM just disconnects immediately with message "The remote desktop server is currently unreachable. If the problem persists, please notify your system administrator, or check your system logs." when i enter a user password in guac, then it works - it connects to VM without asking a password.  

 

on tomcat\catalina.log a see the following..

 

19:43:14.959 [http-nio-8080-exec-2] INFO  o.a.g.tunnel.TunnelRequestService - User "uldise" connected to connection "5".
Exception in thread "Thread-15" 19:43:15.006 [http-nio-8080-exec-6] INFO  o.a.g.tunnel.TunnelRequestService - User "uldise" disconnected from connection "5". Duration: 46 milliseconds
java.lang.IllegalStateException: Message will not be sent because the WebSocket session has been closed
	at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.writeMessagePart(WsRemoteEndpointImplBase.java:425)
	at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:309)
	at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendMessageBlock(WsRemoteEndpointImplBase.java:250)
	at org.apache.tomcat.websocket.WsRemoteEndpointImplBase.sendString(WsRemoteEndpointImplBase.java:191)
	at org.apache.tomcat.websocket.WsRemoteEndpointBasic.sendText(WsRemoteEndpointBasic.java:37)
	at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.sendInstruction(GuacamoleWebSocketTunnelEndpoint.java:152)
	at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint.access$200(GuacamoleWebSocketTunnelEndpoint.java:53)
	at org.apache.guacamole.websocket.GuacamoleWebSocketTunnelEndpoint$2.run(GuacamoleWebSocketTunnelEndpoint.java:253)

 any ideas?

 

EDIT: got it working - just recreated a connection and it started to work...

Edited by uldise

Share this post


Link to post

I'm glad you got it working. I've found that the most likely explanation is that the hostname gets put into the Guacamole Proxy Parameters section rather than the correct Parameters section.

Share this post


Link to post

I have been trying to get this up and running and I believe I have bypassed my initial concern.  I loaded the docker and was unable to connect through to one of my virtual machines.  The last time I had this working was before Unraid implemented docker by docker IP allocations.  I tried to mimic this by setting the network type for this docker to Bridge; magically it all worked and I am able to connect to my virtual machines now.

 

What I have to figure out now is how to make it work with Letsencrypt so I can reverse proxy it.

Share this post


Link to post
20 minutes ago, bambino53 said:

I have been trying to get this up and running and I believe I have bypassed my initial concern.  I loaded the docker and was unable to connect through to one of my virtual machines.  The last time I had this working was before Unraid implemented docker by docker IP allocations.  I tried to mimic this by setting the network type for this docker to Bridge; magically it all worked and I am able to connect to my virtual machines now.

 

What I have to figure out now is how to make it work with Letsencrypt so I can reverse proxy it.

I realized in the last week that the linuxserver guys had redone their letsencrypt docker to use files in the nginx/proxy-confs folder. I moved things around and created a conf file specifically for Guacamole. If you follow Spaceinvader One's directions on how to configure letsencrypt he has you create a docker network. In his case he calls it "proxynet". This enables Docker's internal DNS resolution for any containers you place on that virtual network. One of the caveats I found is that the DNS is case sensitive but Nginx is not. As a result I had to change the name of my containers to change the uppercase characters to lowercase.

 

Here is the "guacamole.subfolder.conf" file I created and placed into the proxy-confs folder. This assumes that the folder you want to link to is called guacamole and that your container is called "apacheguacamole". If you would like to instead link it to a subdomain there are examples in that folder that you can use to create a conf file.

location ^~ /guacamole {
    # enable the next two lines for http auth
    #auth_basic "Restricted";
    #auth_basic_user_file /config/nginx/.htpasswd;

    # enable the next two lines for ldap auth
    #auth_request /auth;
    #error_page 401 =200 /login;

    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    access_log off;
    resolver 127.0.0.11 valid=30s;
    set $upstream_guacamole apacheguacamole;
    proxy_pass http://$upstream_guacamole:8080;
}

Here is the link to Spaceinvader One's video: https://www.youtube.com/watch?v=I0lhZc25Sro&t=955s

Share this post


Link to post

Thank you very much @Taddeusz.  What you suggested worked wonders.

 

I was hoping to use a subdomain rather than a folder to proxy ApacheGuacamole.  As you said I scavenged bits and pieces from other examples and I came up with something that is working for me.  I thought I should share it here in case anyone else is looking to do the same.

"guacamole.subdomain.conf"

server {
    listen 80;
    server_name guacamole.domain.org;
    return 301 https://$host$request_uri;
}
server {
    listen 443 ssl http2;
    server_name guacamole.domain.org;
    root html;
    index index.html index.htm;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
    access_log  /var/log/nginx/guacamole.access.log;
    location / {
    proxy_pass http://[IP Address]:[Port]/guacamole/;
    proxy_buffering off;
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_cookie_path /guacamole/ /;
    }
}

 

Edited by bambino53

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now