Thank you Mike for the prompt response. Indeed I can see quite a bit of http traffic if I go to localhost:8080/guacamole, but no warning in the tomcat logs (catalina). Also I can see that upon connection there's a request to guacamole/api/tokens but the server is responding with 403, though everything seems to be working normally.
I've browsed through logs a bit more - can't see anything else worrying apart from maybe this (which seems unrelated?) in catalina.log: 31-Mar-2021 18:31:48.771 INFO [Thread-3] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8080"] 31-Mar-2021 18:31:49.029 INFO [Thread-3] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina] 31-Mar-2021 18:31:52.031 WARNING [Thread-3] org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web application [guacamole] appears to have started a thread named [com.google.inject.internal.util.$Finalizer] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread: java.base@11.0.10/java.lang.Object.wait(Native Method) java.base@11.0.10 /java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:155) java.base@11.0.10 /java.lang.ref.ReferenceQueue.remove(ReferenceQueue.java:176) com.google.inject.internal.util.$Finalizer.run(Finalizer.java:114) Sounds like i'll be stuck with http for now - but performance is acceptable, not much slower than ssh/vnc. Thanks again for a fantastic project. On Wed, Mar 31, 2021 at 6:32 PM Mike Jumper <mike.jum...@glyptodon.com> wrote: > On Wed, Mar 31, 2021 at 9:52 AM Alexandre Almosni < > alexandre.almo...@gmail.com> wrote: > >> ... >> AH01144: No protocol handler was valid for the URL >> /guacamole/websocket-tunnel/ (scheme 'ws'). If you are using a DSO version >> of mod_proxy, make sure the proxy submodules are included in the >> configuration using LoadModule. >> > > The error suggests that the relevant proxy module is not loaded, but as > you note, it does look like the "proxy_wstunnel" module is installed and > loaded. Perhaps the "apache2ctl" tool is reading a different set of > configuration information than the running Apache service? > > Browsing the web I've also tried adding “/“ in various places, or adding >> lines such as: >> >> RewriteEngine On >> ProxyPreserveHost On >> ProxyRequests Off >> RewriteCond %{HTTP:Upgrade} =websocket [NC] >> RewriteRule /(.*) ws://localhost:5000/$1 [P,L] >> RewriteCond %{HTTP:Upgrade} !=websocket [NC] >> RewriteRule /(.*) http://localhost:5000/$1 [P,L] >> > > You do not need to add anything extra for this beyond that single > WebSocket-specific "Location" section. > > but to no avail. I've also tried the Chrome websocket Test Client on the >> server and can't connect to ws://localhost:8080/guacamole/websocket-tunnel. >> I'm actually wondering what is that address pointing to - do I need to >> change something in Tomcat? could it be something wrong with my guacamole >> installation? >> > > No, WebSocket is always enabled and there are no configuration options on > the Guacamole side which would influence WebSocket. If there were any > options, that wouldn not account for the error being logged by Apache, > which appears to be failing well before any WebSocket requests are received > by Tomcat. > > The reason that you cannot connect to websocket-tunnel directly using an > arbitrary test client is likely all the other credentials and information > required by Guacamole's websocket-tunnel. It's not just an arbitrary > WebSocket endpoint that will accept any inbound connection. It expects the > WebSocket subprotocol to be set to a specific value ("guacamole"), it > expects a valid authentication token to be present, and it expects several > additional parameters that describe client details (initial display size, > supported audio encodings, etc.) as well as the desired Guacamole > connection. > > If you connect directly to http://localhost:8080/guacamole/, log in as a > Guacamole user, and select a connection, that should be a decent test of > whether WebSocket works at all (there will be a warning logged by Guacamole > in the Tomcat logs if you are not using WebSocket, and you will also see a > lot of HTTP network traffic in Chrome dev tools from the HTTP variation of > the tunnel), but it's very unlikely that this is an issue. That would > require WebSocket to be fundamentally broken within Guacamole, and such a > problem would certainly have been noticed. > > Michael Jumper > CEO, Lead Developer > Glyptodon Inc <https://enterprise.glyptodon.com/>. >