Hello Shigeki, When using your apache2 .conf, configtest fails.
Invalid command 'RequestHeader', perhaps misspelled or defined by a module not included in the server configuration Action 'configtest' failed. Thanks, On Thursday, 25 May, 2023, 11:43:38 am IST, Shigeki Sawamura <shig...@whitestars.ne.jp> wrote: Hello. If you have "000-default-le-ssl", try "$ sudo a2ensite 000-default-le-ssl". I believe Guacamole supports AJP. I have built 8 Guacamole servers from 1.3.0 to 1.5.1 so far, but they are all accessed by AJP via Apache2. Best Regards, On 2023/05/25 木 午後 02:33, Eby Mani wrote: > Hi, > > Yes, it is ubuntu 22 LTS. I installed snap version of certbot. > > After "$ sudo certbot --apache", there were no files created for > "piitpl.co.in-le-ssl" at all, it had file for "000-default-le-ssl", thus i've > missed "$ sudo a2ensite piitpl.co.in-le-ssl". > > https://guacamole.apache.org/doc/gug/reverse-proxy.html#preparing-your-servlet-container > According to this, Using Guacamole over AJP is unsupported. > > Anyway, will try your suggestions. > > Thanks, > > On Thursday, 25 May, 2023, 02:41:02 am IST, Shigeki Sawamura > <shig...@whitestars.ne.jp> wrote: > > > Hello. > > I will talk about it assuming that it is an Ubuntu system. > > I assume you have certbot and python3-certbot-apache installed and run sudo > certbot --apache. > Then, I think that you will be prompted to enter various things at first, but > does /var/log/letsencrypt/letsencrypt.log indicate that it is being processed > correctly? > > After executing the following, does sudo systemctrl status apache2 work > without errors? > $ sudo systemctl reload apache2 > $ sudo certbot --apache > $ sudo a2enmod ssl > $ sudo a2ensite piitpl.co.in-le-ssl > $ sudo systemctl restart apache2 > > > 2, enabled guacamole.html > > 3, disabled 000-default > > I don't need this, I think it changed automatically. > With sudo certbot --apache, the above process will be performed without > permission. > Instead, sudo a2ensite piitpl.co.in-le-ssl is always required. > The domain is tailored for you. > > Execute sudo certbot --apache and when the process is completed successfully, > /etc/letsencrypt/renewal/piitpl.co.in.conf > Wasn't it written out to ? > Check with sudo certbot renew --dry-run. > > > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on > > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/ > teeth, > $ sudo vi /var/lib/tomcat9/conf/server.xml > and > <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" /> > <Connector port="8009" protocol="AJP/1.3" redirectPort="8080" > enableLookups="false" secretRequired="false" /> > is enabled when > > I've only set this up once, so sorry if I'm wrong. > > Best Regards, > > > On 2023/05/25 木 午前 02:48, Eby Mani wrote: > > Hi, > > > > Running "certbot --apache" generates the certificate and inserts the ssl >certificate related lines to apache2 sites .conf file and create required >ssl.conf file (e.g. 000-default.conf, 000-default-ssl.conf, etc....) > > > > Can you explain these lines(i don't see them in documentation) ?. Do i >have to configure anything in guacamole for these ?. > > > > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on > > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/ > > > > Thanks, > > > > > > On Wednesday, 24 May, 2023, 04:34:40 am IST, Shigeki Sawamura ><shig...@whitestars.ne.jp <mailto:shig...@whitestars.ne.jp>> wrote: > > > > > > Hello. > > > > I haven't used Let's Encrypt much, so sorry if I'm off the mark. > > > > The Apache2 setting at the time of Let's Encrypt remained in the memo that >was set once. > > It looks like you did something like this: > > > > <IfModule mod_ssl.c> > > <VirtualHost *:443> > > ServerName <DOMAIN> > > ServerAlias www.<DOMAIN> > > ServerAdmin info@<DOMAIN> > > > > DocumentRoot /var/www/html > > ErrorLog ${APACHE_LOG_DIR}/error.<DOMAIN>.log > > CustomLog ${APACHE_LOG_DIR}/access.<DOMAIN>.log combined > > > > Include /etc/letsencrypt/options-ssl-apache.conf > > SSLCertificateFile /etc/letsencrypt/live/piitpl.co.in/fullchain.pem > > SSLCertificateKeyFile /etc/letsencrypt/live/piitpl.co.in/privkey.pem > > > > Proxy Requests off > > <Location /guacamole/> > > ProxyPass ajp://127.0.0.1:8009/guacamole/ keepalive=on > > ProxyPassReverse ajp://127.0.0.1:8009/guacamole/ > > RequestHeader set X-Forwarded-Proto https > > RequestHeader set X-Forwarded-Port 443 > > ProxyPreserveHost On > > </Location> > > <Location /guacamole/websocket-tunnel> > > Order allow, deny > > Allow from all > > ProxyPass ws://localhost:8080/guacamole/websocket-tunnel > > ProxyPassReversews://localhost:8080/guacamole/websocket-tunnel > > ProxyPreserveHost On > > </Location> > > </VirtualHost> > > </IfModule> > > > > I hope this helps. > > > > Best Regards, > > > > > > On 2023/05/23 火 午後 04:22, Eby Mani wrote: > > > Are there any proper guide on how to setup guacamole with apache2 https >reverse proxy ?. > > > > > > I tried setting up guacamole with apache2, with >"https://example-domain-name" the default ubuntu apache2 webpage would open. > > > > > > "https:///example-domain-name/guacamole" will throw some certificate >error. Had to remove apache2 and setup guacamole with ngnix, reverse proxy is >working fine over https !!!!. > > > > > > my old apache2 config, > > > > > > 1, /etc/apache2/sites-available/guacamole.html > > > 2, enabled guacamole.html > > > 3, disabled 000-default > > > 4, restarted apache2 > > > 5, ran certbot --apache > > > 6, restarted guacd, tomcat9 and apache2 > > > > > > contents of guacamole.html > > > > > > <VirtualHost *:80> > > > ServerName "example-domain-name" > > > ServerAlias "example-domain-name" > > > > > > Redirect permanent / https://example-domain-namee/ ><https://example-domain-namee/> <https://example-domain-namee/ ><https://example-domain-namee/>> > > > </VirtualHost> > > > > > > <VirtualHost *:443> > > > ServerName "example-domain-name" > > > ServerAlias "example-domain-name" > > > > > > <If "%{HTTP_HOST} == 'www.example-domain-name'"> > > > Redirect permanent / https://"example-domain-name"/ > > > </If> > > > > > > ErrorLog /var/log/apache2/example-domain-name-error.log > > > CustomLog /var/log/apache2/example-domain-name-access.log combined > > > > > > SSLEngine On > > > SSLCertificateFile /etc/letsencrypt/live/piitpl.co.in/fullchain.pem > > > SSLCertificateKeyFile >/etc/letsencrypt/live/piitpl.co.in/privkey.pem > > > > > > <Location /guacamole/> > > > Order allow,deny > > > Allow from all > > > ProxyPass http://127.0.0.1:8080/guacamole/ ><http://127.0.0.1:8080/guacamole/> <http://127.0.0.1:8080/guacamole/ ><http://127.0.0.1:8080/guacamole/>> flushpackets=on > > > ProxyPassReverse http://127.0.0.1:8080/guacamole/ ><http://127.0.0.1:8080/guacamole/> <http://127.0.0.1:8080/guacamole/ ><http://127.0.0.1:8080/guacamole/>> > > > </Location> > > > > > > <Location /guacamole/websocket-tunnel> > > > Order allow,deny > > > Allow from all > > > ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel > > > ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel > > > </Location> > > > > > > </VirtualHost> > > > > > > > > > Thanks, > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org ><mailto:user-unsubscr...@guacamole.apache.org> ><mailto:user-unsubscr...@guacamole.apache.org> > > > For additional commands, e-mail: user-h...@guacamole.apache.org ><mailto:user-h...@guacamole.apache.org> <mailto:user-h...@guacamole.apache.org> > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org ><mailto:user-unsubscr...@guacamole.apache.org> ><mailto:user-unsubscr...@guacamole.apache.org> > > For additional commands, e-mail: user-h...@guacamole.apache.org ><mailto:user-h...@guacamole.apache.org> <mailto:user-h...@guacamole.apache.org> > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org > <mailto:user-unsubscr...@guacamole.apache.org> > For additional commands, e-mail: user-h...@guacamole.apache.org > <mailto:user-h...@guacamole.apache.org> > --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org