Sorry. I got confused. I found the tomcat server.xml file, added the <Valve
entry and modified the existing <Connector port="8080" protocol="HTTP/1.1”
entry to contain URIEncoding="UTF-8”. I removed the <Valve and <Connector
entrees from the VirtualHost block. I then restarted apache2 and tomcat9, and
guacd. Still no luck.
If possible, could you suggest logs that I might look in to isolate the problem?
>
> <Connector .../> and <Valve .../> are elements used within Tomcat's
> server.xml configuration file, not the configuration of the Apache HTTP
> server.
>
> - Mike
>
>
> On Sun, Dec 18, 2022, 4:46 PM Dan Nessett <dness...@yahoo.com.invalid> wrote:
> OK. I changed the port to which apache proxies to 8080. Here is the resultant
> VirtualHost block:
>
> <VirtualHost localhost:4443>
> ServerName server
> DocumentRoot /mnt/raid5/webserver/sites/MOserver
> Header always unset X-Frame-Options
>
> ErrorLog ${APACHE_LOG_DIR}/error.log
> CustomLog ${APACHE_LOG_DIR}/access.log combined
>
> <Location /guacamole/>
> Order allow,deny
> Allow from all
> ProxyPass http://127.0.0.1:8080/guacamole/
> <http://127.0.0.1:8080/guacamole/> flushpackets=on
> ProxyPassReverse http://127.0.0.1:8080/guacamole/
> <http://127.0.0.1:8080/guacamole/>
> </Location>
>
> <Location /websocket-tunnel>
> Order allow,deny
> Allow from all
> #Require all granted
> ProxyPass ws://127.0.0.1:8080/guacamole/websocket-tunnel <>
> ProxyPassReverse ws://127.0.0.1:8080/guacamole/websocket-tunnel <>
> </Location>
>
> <Connector port="8080" protocol="HTTP/1.1"
> connectionTimeout="20000"
> URIEncoding="UTF-8"
> redirectPort="8443" />
>
> <Valve className="org.apache.catalina.valves.RemoteIpValve"
> internalProxies="127.0.0.1"
> remoteIpHeader="x-forwarded-for"
> remoteIpProxiesHeader="x-forwarded-by"
> protocolHeader="x-forwarded-proto" />
>
> SSLEngine on
> SSLCertificateFile /root/.acme.sh/*
> <http://acme.sh/*>.mountolive.com/fullchain.cer
> <http://mountolive.com/fullchain.cer>
> SSLCertificateKeyFile /root/.acme.sh/*
> <http://acme.sh/*>.mountolive.com/*.mountolive.com.key
> <http://mountolive.com/*.mountolive.com.key>
> </VirtualHost>
>
> Note that I added <Connector> and <Valve> blocks as is directed in the
> guacamole documentation. I didn’t know if the <Valve> block was necessary, so
> I added it as a precaution. However, apache2 then threw the following error:
>
> dnessett@Mount:/etc/apache2/sites-enabled$ sudo systemctl status apache2
> ● apache2.service - The Apache HTTP Server
> Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor
> preset: enabled)
> Drop-In: /lib/systemd/system/apache2.service.d
> └─apache2-systemd.conf
> Active: failed (Result: exit-code) since Sun 2022-12-18 17:33:38 MST; 30s
> ago
> Process: 3695 ExecStop=/usr/sbin/apachectl stop (code=exited,
> status=1/FAILURE)
> Process: 1827 ExecReload=/usr/sbin/apachectl graceful (code=exited,
> status=0/SUCCESS)
> Process: 3838 ExecStart=/usr/sbin/apachectl start (code=exited,
> status=1/FAILURE)
> Main PID: 3439 (code=exited, status=0/SUCCESS)
>
> Dec 18 17:33:37 Mount systemd[1]: Starting The Apache HTTP Server...
> Dec 18 17:33:37 Mount apachectl[3838]: apache2: Syntax error on line 223 of
> /etc/apache2/apache2.conf: Syntax error on line 72 of
> /etc/apache2/sites-enabled/000-default.conf: Expected </Valve> but saw
> Dec 18 17:33:38 Mount apachectl[3838]: Action 'start' failed.
> Dec 18 17:33:38 Mount apachectl[3838]: The Apache error log may have more
> information.
> Dec 18 17:33:38 Mount systemd[1]: apache2.service: Control process exited,
> code=exited status=1
> Dec 18 17:33:38 Mount systemd[1]: apache2.service: Failed with result
> 'exit-code'.
> Dec 18 17:33:38 Mount systemd[1]: Failed to start The Apache HTTP Server
>
>
>> On Dec 18, 2022, at 3:53 PM, Michael Jumper <mjum...@apache.org
>> <mailto:mjum...@apache.org>> wrote:
>>
>> On Sun, Dec 18, 2022, 1:52 PM Dan Nessett <dness...@yahoo.com.invalid
>> <mailto:dness...@yahoo.com.invalid>> wrote:
>> ...
>>
>> I tried to follow the instructions here:
>> https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache
>> <https://guacamole.apache.org/doc/0.9.7/gug/proxying-guacamole.html#apache>
>>
>> You should always look at the current version of the manual unless you have
>> a specific need to look at the version-specific snapshot. The above link is
>> for the 0.9.7 release which is 7 years old.
>>
>> https://guacamole.apache.org/doc/gug/ <https://guacamole.apache.org/doc/gug/>
>>
>> However, the port suggested for guacamole listening (8080) is used by
>> Tomcat, so I changed it to 4822, which is the default port for guacamole.
>>
>> No, this is wrong. Port 4822 is the guacd port and has nothing to do with
>> the webapp. Tomcat indeed should listen on port 8080, and therefore should
>> be the port that Apache forwards its received data to.
>>
>> Overall:
>>
>> Browser <-- HTTPS (443) --> Apache <-- HTTP (8080) --> Tomcat
>>
>> The webapp establishes connections internally to guacd via port 4822 as
>> needed. These are not publicly exposed through Apache any more than
>> connections to the database are publicly exposed.
>>
>> - Mike
>
