On Wed, Mar 31, 2021 at 9:52 AM Alexandre Almosni <
[email protected]> wrote:
> ...
> AH01144: No protocol handler was valid for the URL
> /guacamole/websocket-tunnel/ (scheme 'ws'). If you are using a DSO version
> of mod_proxy, make sure the proxy submodules are included in the
> configuration using LoadModule.
>
The error suggests that the relevant proxy module is not loaded, but as you
note, it does look like the "proxy_wstunnel" module is installed and
loaded. Perhaps the "apache2ctl" tool is reading a different set of
configuration information than the running Apache service?
Browsing the web I've also tried adding “/“ in various places, or adding
> lines such as:
>
> RewriteEngine On
> ProxyPreserveHost On
> ProxyRequests Off
> RewriteCond %{HTTP:Upgrade} =websocket [NC]
> RewriteRule /(.*) ws://localhost:5000/$1 [P,L]
> RewriteCond %{HTTP:Upgrade} !=websocket [NC]
> RewriteRule /(.*) http://localhost:5000/$1 [P,L]
>
You do not need to add anything extra for this beyond that single
WebSocket-specific "Location" section.
but to no avail. I've also tried the Chrome websocket Test Client on the
> server and can't connect to ws://localhost:8080/guacamole/websocket-tunnel.
> I'm actually wondering what is that address pointing to - do I need to
> change something in Tomcat? could it be something wrong with my guacamole
> installation?
>
No, WebSocket is always enabled and there are no configuration options on
the Guacamole side which would influence WebSocket. If there were any
options, that wouldn not account for the error being logged by Apache,
which appears to be failing well before any WebSocket requests are received
by Tomcat.
The reason that you cannot connect to websocket-tunnel directly using an
arbitrary test client is likely all the other credentials and information
required by Guacamole's websocket-tunnel. It's not just an arbitrary
WebSocket endpoint that will accept any inbound connection. It expects the
WebSocket subprotocol to be set to a specific value ("guacamole"), it
expects a valid authentication token to be present, and it expects several
additional parameters that describe client details (initial display size,
supported audio encodings, etc.) as well as the desired Guacamole
connection.
If you connect directly to http://localhost:8080/guacamole/, log in as a
Guacamole user, and select a connection, that should be a decent test of
whether WebSocket works at all (there will be a warning logged by Guacamole
in the Tomcat logs if you are not using WebSocket, and you will also see a
lot of HTTP network traffic in Chrome dev tools from the HTTP variation of
the tunnel), but it's very unlikely that this is an issue. That would
require WebSocket to be fundamentally broken within Guacamole, and such a
problem would certainly have been noticed.
Michael Jumper
CEO, Lead Developer
Glyptodon Inc <https://enterprise.glyptodon.com/>.
