Guac 1.2.0 Nginx: 1.18.0 Tomcat: 9.0.37 (CentOS/RHEL 8.x) I am not talking about HTTPS in relation to accessing the domain/ip via a browser, this I have setup and working via Nginx.
I am asking about: 1) Encrpytion between guac client and guac server (guacd) via the guacd-ssl property in guacamole.properties 2) Encryption between Tomcat and Guac, via the server.xml file for tomcat in a connector tag 2) Encryption for the MariaDB database via the mysql-ssl-* properties in guacamole.properties (using MariaDB and MariaDB Connector J) So the gist for above is basically whats the proper approach to each? In more detail... For #1: https://guacamole.apache.org/doc/gug/configuring-guacamole.html says: "guacd-ssl...Note that if you enable this option, you must also configure guacd to use SSL via command line options. These options are documented in the manpage of guacd. You will need an SSL certificate and private key." Would this mean its nessasary to modify the guacd service (when set to enabled/auto start) to use certain switches in the commands used to launch it? Whats the proper place to put the keys (import to JKS or place in dir, etc)? Most importantly, how do you confirm this is working once configured? For #2: I know in server.xml I can have a connector set to use TLS/https, etc. Would I do this on the connector entry for port 8080 (not encrypted by default) or would I do this as another connector block using another port (like 8443) and then modify my Ngix config proxy_pass parameters to use 8443 (Ex: proxy_pass http://${GUAC_LAN_IP}:8443/guacamole/;)? Again, how would I confirm communication was being encrypted properly after setting this up? For #3: https://guacamole.apache.org/doc/gug/jdbc-auth.html says: "mysql-ssl-mode...This property sets the SSL mode that the JDBC driver will attempt to use when communicating with the remote MySQL server..." My concern here is it states "remote" server. My MariaDB database for guacamole is on the guacamole server, do these settings still apply then? As with before, how can it be confirmed that encryption is working here? Thanks -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
