On Thu, Feb 1, 2018 at 7:06 AM, StephenDart <stephen.d...@gmail.com> wrote:
> Has anyone got a successful config for haproxy to enable guacamole > I have a haproxy instance doing ssl offload and reverse proxy, passsing > /guacamole to the server at x.x.x.x:8080/guacamole > I can get to the login page and login successfully, but when presenting a > session, it will produce a 404 after the session is created and a few > tunnel > reads, then the session will disconnect. > > If directly connected to the guacamole server (bypassing haproxy), i can > successfully get a session and it is maintained, so something within > haproxy > is I presume timing the session out. > Does anyone run haproxy in front of guacamole and have a config they can > share or suggest what options are required to allow guacamole to work > successfully? > > I have tried using 0.9.13 and 0.9.14 of guacamole > Haproxy i have tried 1.6 and 1.7 > with options: > http-server-close > timeout tunnel 3600s > timeout connect 300s > timeout client 300s > You might want to post your full HAProxy configuration; however, it's important to keep in mind that HTTP is a stateless protocol. So, no matter what your timeout options, here, if you don't configure HAProxy for persistence or session stickiness, each HTTP connection that the web browser makes has the potential to get redirected to a different back-end server. This is likely the reason that you're seeing weird behavior, like the 404 errors and such, because the initial request gets forwarded to one back-end server, then the follow-up requests move on to other servers. This is probably more a question for the HAProxy forums, but I believe HAProxy supports hash tables of various types that can (attempt to) keep track of the client and make sure that the requests from the client go on to the same back-end server. Because Guacamole Client does not currently implement any session tracking across multiple Tomcat instances or servers, you'll need to configure HAProxy appropriately. -Nick
