OK. I changed the port to which apache proxies to 8080. Here is the resultant
VirtualHost block:
<VirtualHost localhost:4443>
ServerName server
DocumentRoot /mnt/raid5/webserver/sites/MOserver
Header always unset X-Frame-Options
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Location /guacamole/>
Order allow,deny
Allow from all
ProxyPass http://127.0.0.1:8080/guacamole/ flushpackets=on
ProxyPassReverse http://127.0.0.1:8080/guacamole/
</Location>
<Location /websocket-tunnel>
Order allow,deny
Allow from all
#Require all granted
ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel
ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel
</Location>
<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
<Valve className="org.apache.catalina.valves.RemoteIpValve"
internalProxies="127.0.0.1"
remoteIpHeader="x-forwarded-for"
remoteIpProxiesHeader="x-forwarded-by"
protocolHeader="x-forwarded-proto" />
SSLEngine on
SSLCertificateFile /root/.acme.sh/*.mountolive.com/fullchain.cer
SSLCertificateKeyFile
/root/.acme.sh/*.mountolive.com/*.mountolive.com.key
</VirtualHost>
Note that I added <Connector> and <Valve> blocks as is directed in the
guacamole documentation. I didn’t know if the <Valve> block was necessary, so I
added it as a precaution. However, apache2 then threw the following error:
dnessett@Mount:/etc/apache2/sites-enabled$ sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset:
enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: failed (Result: exit-code) since Sun 2022-12-18 17:33:38 MST; 30s ago
Process: 3695 ExecStop=/usr/sbin/apachectl stop (code=exited,
status=1/FAILURE)
Process: 1827 ExecReload=/usr/sbin/apachectl graceful (code=exited,
status=0/SUCCESS)
Process: 3838 ExecStart=/usr/sbin/apachectl start (code=exited,
status=1/FAILURE)
Main PID: 3439 (code=exited, status=0/SUCCESS)
Dec 18 17:33:37 Mount systemd[1]: Starting The Apache HTTP Server...
Dec 18 17:33:37 Mount apachectl[3838]: apache2: Syntax error on line 223 of
/etc/apache2/apache2.conf: Syntax error on line 72 of
/etc/apache2/sites-enabled/000-default.conf: Expected </Valve> but saw
Dec 18 17:33:38 Mount apachectl[3838]: Action 'start' failed.
Dec 18 17:33:38 Mount apachectl[3838]: The Apache error log may have more
information.
Dec 18 17:33:38 Mount systemd[1]: apache2.service: Control process exited,
code=exited status=1
Dec 18 17:33:38 Mount systemd[1]: apache2.service: Failed with result
'exit-code'.
Dec 18 17:33:38 Mount systemd[1]: Failed to start The Apache HTTP Server
> On Dec 18, 2022, at 3:53 PM, Michael Jumper <mjum...@apache.org> wrote:
>
> On Sun, Dec 18, 2022, 1:52 PM Dan Nessett <dness...@yahoo.com.invalid> wrote:
> ...
>
> I tried to follow the instructions here:
> https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache
> <https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache>
>
> You should always look at the current version of the manual unless you have a
> specific need to look at the version-specific snapshot. The above link is for
> the 0.9.7 release which is 7 years old.
>
> https://guacamole.apache.org/doc/gug/ <https://guacamole.apache.org/doc/gug/>
>
> However, the port suggested for guacamole listening (8080) is used by Tomcat,
> so I changed it to 4822, which is the default port for guacamole.
>
> No, this is wrong. Port 4822 is the guacd port and has nothing to do with the
> webapp. Tomcat indeed should listen on port 8080, and therefore should be the
> port that Apache forwards its received data to.
>
> Overall:
>
> Browser <-- HTTPS (443) --> Apache <-- HTTP (8080) --> Tomcat
>
> The webapp establishes connections internally to guacd via port 4822 as
> needed. These are not publicly exposed through Apache any more than
> connections to the database are publicly exposed.
>
> - Mike
