I have to admit my knowledge of reverse proxy is very limited here. So no I haven’t tried this from the guacamole howto. And I will add or ask why I would need too? My understanding is that I can use reverse proxy module from Nethserver and easily point to my http:// guacamole local website and enforce https using the ssl certificate from my Nethserver. So in my understanding I don’t need to do anything on guacamole.
But if you are saying that I do need to make changes to guacamole to use reverse proxy on Nethserver, please confirm because this was not my understanding. In the end I’ll make the changes I need to make where I need to make them.
The end result is this:
I will not be adding my ssl certificate to my guacamole server. It’s not that I don’t want too, but that I’ve tried and couldn’t make it work.
From what I’ve learned about reverse proxy and Nethserver today…I don’t need to add my ssl certificate to my guacamole server. I can use the Nethserver reverse proxy instead and through the reverse proxy I will be able to connect to my guacamole server using my Nethserver ssl certificate.
Please correct me if I’ve misunderstood any of how this can be setup using Nethserver.
Correct. It’s a common proxy usage scenario: ssl between client and proxy on the internet and plain http in lan between proxy and internal server.
The client connects to proxy, so the certificate has to be valid for proxy (read: CN should be that of proxy).
I pointed to the guacamole howto simply because it contains a section related to the reverse proxy, which could be used as an example
In the howto the setup is slightly different: guacamole is hosted on the same machine and the reverse proxy is just there to change the url to what you need it to be and to provide https to guacamole (which runs on tomcat) through apache
I think you could try with adding this file to your nethserver acting as a reverse proxy, from command line:
vi /etc/httpd/conf.d/guacamole_reverse.conf
and paste the content above changing the parts related to the FQDN with your guacamole server local ip address
Hello @edi, your help is greatly appreciated here. Although I would prefer to use the reverse proxy fields on the Nethserver page I’ll give this a try. Perhaps I can ask @giacomo or @davidep to give the details on how I populate the fields on revere proxy in Nethserver so that I may point to my Guacamole server using my Nethserver ssl cert.
I access my Guacamole server using the following address: http://10.101.243.10:8080/guacamole
My nethserver uses the following address: https://nethserver.company.ca:980
But to try Davide’s suggestion I did the following:
I’ve created a new file on my nethserver as you’ve suggested - /etc/httpd/conf.d/guacamole_reverse.conf
And I’ve populated this file with your example (updating the IP Address to my actual Guacamole Server IP). I then restarted my Nethserver and tried connecting to guacamole using my nethserver name:
Another question for you @edi, how do you restart Apache on Nethserver? I’ve created a guacamole_reverse.conf file as you’ve suggested and updated it as per your suggestion. I didn’t know how to restart just Apache on Nethserver so I rebooted my Nethserver but I’m not able to access my guacamole using my nethserver address:
Do you have any other suggestions on what I may be doing wrong in the guacamole_reverse.conf file I created that wouldn’t allow this reverse proxy to work?
@dev_team, could provide some details for me on how I can use reverse proxy so that my guacamole server can use our Nethserver SSL certificate?