Tldr: "ERROR_PAGE_UNAVAILABLE" on iOS Safari, if guacamole is behind a reverse proxy with client certificate authentication (even without validation)
Hi, I have a problem where I am stuck. I ran guacamole on a Ubuntu 22.04 Container and followed the installation manual (with Mariadb for user authentication). Works all as expected. Then I add nginx as a reverse proxy in front of tomcat. Enabling SSL and still, all works fine. At last, I add: ssl_client_certificate /root/ca.crt; ssl_verify_client optional; to the nginx config. On my Linux Chromium and Windows Edge, it still works fine. But if I try to connect from my iPhone (iOS Safari), I get the "ERROR_PAGE_UNAVAILABLE" error. Could not see any hint in nginx/tomcat9 logs. If I use iOS Chrome (there is no client certificate), it works too (as long as I did not verify the client cert) Maybe useful information, maybe not. I had some client certificate related trouble with the nextcloud iOS app too. If I enabled client certificate authentication, the iOS App ``detect" on every usage of a certificate changes (Server Cert --> client Cert --> Server Cert --> Client Cert). Maybe, there is some "flapping" in the guacamole-client too? However, for nextcloud I disabled client authentication on the proxy side, but for guacamole, I would prefer to use it. I also tried haproxy instead nginx, but got the same behaviour. Can anybody give me some advice, to track down this issue? Or may it be a "bug". Thanks Henning --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
