OK, thanks Nick.I'll see what I should do with the links you sent me.For now I thank you.Bye.
Il domenica 18 febbraio 2024 alle ore 13:32:57 CET, Nick Couchman <vn...@apache.org> ha scritto: On Sun, Feb 18, 2024 at 3:21 AM Andrea Miconi <whitetiger_it...@yahoo.it.invalid> wrote: I've made some progress. I configured ha-proxy in my small personal laboratory.Listening to 0.0.0.0:443 and calling IP-LAN:8080 Now if I type https://MyDomain.TLD/guacamole on a PC on the Internet, the Guacamole login page appears. However, I still have doubts. I now call the service with HTTPS and see the padlock marking the certificate with Let's Encrypt.However, I would like there to be the redirect from 80 to 443, but I think this is a problem with how the certificate is generated in the firewall. This is entirely possible, but depends on what you're using for a reverse proxy. Here are a couple of quick references for Nginx, Apache httpd, and HAProxy:https://serversforhackers.com/c/redirect-http-to-https-nginx https://www.ssl.com/how-to/redirect-http-to-https-with-apache/ https://www.haproxy.com/blog/redirect-http-to-https-with-haproxy Furthermore, I didn't understand if I should also install the certificate on the PC on which guacamole runs.I generated a certificate for *.mydomain.tld and therefore it is also valid for the PC, but I don't know how to bring the certificate here. If I solve it I would have access to Guacamole via HTTPS also from the LAN and not just from the Internet. However, this is also not a HA Proxy problem. If you're running the reverse-proxy for the Internet on a different system from where Guacamole is installed, and want the HTTPS configuration with that wildcard certificate in both places, then you'd need to install the certificate on that system, as well. However, you don't need just the generated certificate, you also need the private key that you used for that certificate. Once you have that pair, you can copy them to the system where Guacamole is installed and use them on it, as well. As far as how to configure HTTPS on that system, it all depends on how you want to do that. You could:* Install HAProxy on that system, as well, and configure it with the same certificate.* Install Nginx or Apache httpd and configure one of them as a reverse proxy using that certificate.* Install the certificate into Tomcat and configure Tomcat for HTTPS, as long as you're okay with it running on the non-standard port numbers. I still don't recommend this approach. -Nick