OK, thanks Nick.I'll see what I should do with the links you sent me.For now I
thank you.Bye.
Il domenica 18 febbraio 2024 alle ore 13:32:57 CET, Nick Couchman
<vn...@apache.org> ha scritto:
On Sun, Feb 18, 2024 at 3:21 AM Andrea Miconi
<whitetiger_it...@yahoo.it.invalid> wrote:
I've made some progress.
I configured ha-proxy in my small personal laboratory.Listening to 0.0.0.0:443
and calling IP-LAN:8080
Now if I type https://MyDomain.TLD/guacamole on a PC on the Internet, the
Guacamole login page appears.
However, I still have doubts.
I now call the service with HTTPS and see the padlock marking the certificate
with Let's Encrypt.However, I would like there to be the redirect from 80 to
443, but I think this is a problem with how the certificate is generated in the
firewall.
This is entirely possible, but depends on what you're using for a reverse
proxy. Here are a couple of quick references for Nginx, Apache httpd, and
HAProxy:https://serversforhackers.com/c/redirect-http-to-https-nginx
https://www.ssl.com/how-to/redirect-http-to-https-with-apache/
https://www.haproxy.com/blog/redirect-http-to-https-with-haproxy
Furthermore, I didn't understand if I should also install the certificate on
the PC on which guacamole runs.I generated a certificate for *.mydomain.tld and
therefore it is also valid for the PC, but I don't know how to bring the
certificate here.
If I solve it I would have access to Guacamole via HTTPS also from the LAN and
not just from the Internet.
However, this is also not a HA Proxy problem.
If you're running the reverse-proxy for the Internet on a different system from
where Guacamole is installed, and want the HTTPS configuration with that
wildcard certificate in both places, then you'd need to install the certificate
on that system, as well. However, you don't need just the generated
certificate, you also need the private key that you used for that certificate.
Once you have that pair, you can copy them to the system where Guacamole is
installed and use them on it, as well.
As far as how to configure HTTPS on that system, it all depends on how you want
to do that. You could:* Install HAProxy on that system, as well, and configure
it with the same certificate.* Install Nginx or Apache httpd and configure one
of them as a reverse proxy using that certificate.* Install the certificate
into Tomcat and configure Tomcat for HTTPS, as long as you're okay with it
running on the non-standard port numbers. I still don't recommend this approach.
-Nick
