Issues with secure file transfer

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Issues with secure file transfer

Giorgio
Problem with : 
File upload 
File Download 
Printing 

1, Should I access the guacamole server using http  all works well. 
2, Should I access it using https then 
a. I can upload a file with max size 1Mbyte 
any file bigger than 1Mbyte will receive  and error You do not have permission to upload this file. If you require access, please check your system settings, or check with your system administrator. 
b. Downloading from the RDP to the client machine always gives an error 
Disconnected : you have been disconnected however it gives the options to go home, reconnect or logout 
c. Printing does not work 

I can see the following error line into my guacamole error log : 
reported that client prematurely closed connection, so upstream connection is closed too while sending to client 

By the way the above scenario is for both private and public domain (I tried it with both and same behavior) 

Could someone  please help ?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Issues with secure file transfer

Mike Jumper
Is Guacamole behind a reverse proxy like Nginx or Apache?

- Mike


On Jul 12, 2017 14:38, "Giorgio" <[hidden email]> wrote:
Problem with : 
File upload 
File Download 
Printing 

1, Should I access the guacamole server using http  all works well. 
2, Should I access it using https then 
a. I can upload a file with max size 1Mbyte 
any file bigger than 1Mbyte will receive  and error You do not have permission to upload this file. If you require access, please check your system settings, or check with your system administrator. 
b. Downloading from the RDP to the client machine always gives an error 
Disconnected : you have been disconnected however it gives the options to go home, reconnect or logout 
c. Printing does not work 

I can see the following error line into my guacamole error log : 
reported that client prematurely closed connection, so upstream connection is closed too while sending to client 

By the way the above scenario is for both private and public domain (I tried it with both and same behavior) 

Could someone  please help ?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Issues with secure file transfer

Giorgio
Yes it is ngix


Guacamole file below: 

server {
        listen 443 ssl;
        server_name myservername;

        access_log   /var/log/nginx/guacamole.access.log ;
        error_log    /var/log/nginx/guacamole.error.log info ;

        ssl_certificate /etc/letsencrypt/live/myservername/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/myservername/privkey.pem;
        
        location ~ /.well-known {
                allow all;
        }
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
        location / {
        proxy_buffering off;
        proxy_pass  http://127.0.0.1:8080/guacamole;
        }
}



Regards
Giorgio
From: Mike Jumper <[hidden email]>
To: <[hidden email]>
Sent: 7/12/2017 11:54 PM
Subject: Re: Issues with secure file transfer

Is Guacamole behind a reverse proxy like Nginx or Apache?

- Mike


On Jul 12, 2017 14:38, "Giorgio" <[hidden email]> wrote:
Problem with : 
File upload 
File Download 
Printing 

1, Should I access the guacamole server using http  all works well. 
2, Should I access it using https then 
a. I can upload a file with max size 1Mbyte 
any file bigger than 1Mbyte will receive  and error You do not have permission to upload this file. If you require access, please check your system settings, or check with your system administrator. 
b. Downloading from the RDP to the client machine always gives an error 
Disconnected : you have been disconnected however it gives the options to go home, reconnect or logout 
c. Printing does not work 

I can see the following error line into my guacamole error log : 
reported that client prematurely closed connection, so upstream connection is closed too while sending to client 

By the way the above scenario is for both private and public domain (I tried it with both and same behavior) 

Could someone  please help ?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Issues with secure file transfer

Giorgio
Also my nginx.conf file content is :

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}



From: Giorgio <[hidden email]>
To: <[hidden email]>
Sent: 7/13/2017 10:56 AM
Subject: Re: Issues with secure file transfer

Yes it is nginx


Guacamole file below: 

server {
        listen 443 ssl;
        server_name myservername;

        access_log   /var/log/nginx/guacamole.access.log ;
        error_log    /var/log/nginx/guacamole.error.log info ;

        ssl_certificate /etc/letsencrypt/live/myservername/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/myservername/privkey.pem;
        
        location ~ /.well-known {
                allow all;
        }
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
        location / {
        proxy_buffering off;
        proxy_pass  http://127.0.0.1:8080/guacamole;
        }
}



Regards
Giorgio
From: Mike Jumper <[hidden email]>
To: <[hidden email]>
Sent: 7/12/2017 11:54 PM
Subject: Re: Issues with secure file transfer

Is Guacamole behind a reverse proxy like Nginx or Apache?

- Mike


On Jul 12, 2017 14:38, "Giorgio" <[hidden email]> wrote:
Problem with : 
File upload 
File Download 
Printing 

1, Should I access the guacamole server using http  all works well. 
2, Should I access it using https then 
a. I can upload a file with max size 1Mbyte 
any file bigger than 1Mbyte will receive  and error You do not have permission to upload this file. If you require access, please check your system settings, or check with your system administrator. 
b. Downloading from the RDP to the client machine always gives an error 
Disconnected : you have been disconnected however it gives the options to go home, reconnect or logout 
c. Printing does not work 

I can see the following error line into my guacamole error log : 
reported that client prematurely closed connection, so upstream connection is closed too while sending to client 

By the way the above scenario is for both private and public domain (I tried it with both and same behavior) 

Could someone  please help ?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Issues with secure file transfer

Mike Jumper
You'll need to set "client_max_body_size" to increase Nginx's default limit for file uploads:


By default, Nginx limits file uploads to 1 MB.

- Mike


On Thu, Jul 13, 2017 at 2:34 AM, Giorgio <[hidden email]> wrote:
Also my nginx.conf file content is :

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}



From: Giorgio <[hidden email]>
To: <[hidden email]>
Sent: 7/13/2017 10:56 AM
Subject: Re: Issues with secure file transfer

Yes it is nginx


Guacamole file below: 

server {
        listen 443 ssl;
        server_name myservername;

        access_log   /var/log/nginx/guacamole.access.log ;
        error_log    /var/log/nginx/guacamole.error.log info ;

        ssl_certificate /etc/letsencrypt/live/myservername/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/myservername/privkey.pem;
        
        location ~ /.well-known {
                allow all;
        }
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
        location / {
        proxy_buffering off;
        proxy_pass  http://127.0.0.1:8080/guacamole;
        }
}



Regards
Giorgio
From: Mike Jumper <[hidden email]>
To: <[hidden email]>
Sent: 7/12/2017 11:54 PM
Subject: Re: Issues with secure file transfer

Is Guacamole behind a reverse proxy like Nginx or Apache?

- Mike


On Jul 12, 2017 14:38, "Giorgio" <[hidden email]> wrote:
Problem with : 
File upload 
File Download 
Printing 

1, Should I access the guacamole server using http  all works well. 
2, Should I access it using https then 
a. I can upload a file with max size 1Mbyte 
any file bigger than 1Mbyte will receive  and error You do not have permission to upload this file. If you require access, please check your system settings, or check with your system administrator. 
b. Downloading from the RDP to the client machine always gives an error 
Disconnected : you have been disconnected however it gives the options to go home, reconnect or logout 
c. Printing does not work 

I can see the following error line into my guacamole error log : 
reported that client prematurely closed connection, so upstream connection is closed too while sending to client 

By the way the above scenario is for both private and public domain (I tried it with both and same behavior) 

Could someone  please help ?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Issues with secure file transfer

Giorgio
Thank you Mike for the tip. It worked well from the upload (upstream) from my computer to the remote session.
Hence half of my problem is solved.

The downstream is still not working. Say I print to guacamole redirect printer or I try to download a file from my RDP to my computer
I still cannot .
b. Downloading from the RDP to the client machine always gives an error 
Disconnected : you have been disconnected however it gives the options to go home, reconnect or logout 
c. Printing does not work 

I noticed that it does start downloading but it times out and the downloaded file size is always 4Kb

Hope you could also help in closing this issue.

Giorgio


From: Mike Jumper <[hidden email]>
To: <[hidden email]>
Sent: 7/17/2017 5:58 AM
Subject: Re: Issues with secure file transfer

You'll need to set "client_max_body_size" to increase Nginx's default limit for file uploads:


By default, Nginx limits file uploads to 1 MB.

- Mike


On Thu, Jul 13, 2017 at 2:34 AM, Giorgio <[hidden email]> wrote:
Also my nginx.conf file content is :

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}



From: Giorgio <[hidden email]>
To: <[hidden email]>
Sent: 7/13/2017 10:56 AM
Subject: Re: Issues with secure file transfer

Yes it is nginx


Guacamole file below: 

server {
        listen 443 ssl;
        server_name myservername;

        access_log   /var/log/nginx/guacamole.access.log ;
        error_log    /var/log/nginx/guacamole.error.log info ;

        ssl_certificate /etc/letsencrypt/live/myservername/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/myservername/privkey.pem;
        
        location ~ /.well-known {
                allow all;
        }
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
        location / {
        proxy_buffering off;
        proxy_pass  http://127.0.0.1:8080/guacamole;
        }
}



Regards
Giorgio
From: Mike Jumper <[hidden email]>
To: <[hidden email]>
Sent: 7/12/2017 11:54 PM
Subject: Re: Issues with secure file transfer

Is Guacamole behind a reverse proxy like Nginx or Apache?

- Mike


On Jul 12, 2017 14:38, "Giorgio" <[hidden email]> wrote:
Problem with : 
File upload 
File Download 
Printing 

1, Should I access the guacamole server using http  all works well. 
2, Should I access it using https then 
a. I can upload a file with max size 1Mbyte 
any file bigger than 1Mbyte will receive  and error You do not have permission to upload this file. If you require access, please check your system settings, or check with your system administrator. 
b. Downloading from the RDP to the client machine always gives an error 
Disconnected : you have been disconnected however it gives the options to go home, reconnect or logout 
c. Printing does not work 

I can see the following error line into my guacamole error log : 
reported that client prematurely closed connection, so upstream connection is closed too while sending to client 

By the way the above scenario is for both private and public domain (I tried it with both and same behavior) 

Could someone  please help ?

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Issues with secure file transfer

Giorgio
Kind reminder I hope to get a reply to this issue.


From: Giorgio <[hidden email]>
To: <[hidden email]>
Sent: 7/17/2017 11:20 AM
Subject: Re: Issues with secure file transfer

Thank you Mike for the tip. It worked well from the upload (upstream) from my computer to the remote session.
Hence half of my problem is solved.

The downstream is still not working. Say I print to guacamole redirect printer or I try to download a file from my RDP to my computer
I still cannot .
b. Downloading from the RDP to the client machine always gives an error 
Disconnected : you have been disconnected however it gives the options to go home, reconnect or logout 
c. Printing does not work 

I noticed that it does start downloading but it times out and the downloaded file size is always 4Kb

Hope you could also help in closing this issue.

Giorgio


From: Mike Jumper <[hidden email]>
To: <[hidden email]>
Sent: 7/17/2017 5:58 AM
Subject: Re: Issues with secure file transfer

You'll need to set "client_max_body_size" to increase Nginx's default limit for file uploads:


By default, Nginx limits file uploads to 1 MB.

- Mike


On Thu, Jul 13, 2017 at 2:34 AM, Giorgio <[hidden email]> wrote:
Also my nginx.conf file content is :

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 768;
# multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}



From: Giorgio <[hidden email]>
To: <[hidden email]>
Sent: 7/13/2017 10:56 AM
Subject: Re: Issues with secure file transfer

Yes it is nginx


Guacamole file below: 

server {
        listen 443 ssl;
        server_name myservername;

        access_log   /var/log/nginx/guacamole.access.log ;
        error_log    /var/log/nginx/guacamole.error.log info ;

        ssl_certificate /etc/letsencrypt/live/myservername/cert.pem;
        ssl_certificate_key /etc/letsencrypt/live/myservername/privkey.pem;
        
        location ~ /.well-known {
                allow all;
        }
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
        location / {
        proxy_buffering off;
        proxy_pass  http://127.0.0.1:8080/guacamole;
        }
}



Regards
Giorgio
From: Mike Jumper <[hidden email]>
To: <[hidden email]>
Sent: 7/12/2017 11:54 PM
Subject: Re: Issues with secure file transfer

Is Guacamole behind a reverse proxy like Nginx or Apache?

- Mike


On Jul 12, 2017 14:38, "Giorgio" <[hidden email]> wrote:
Problem with : 
File upload 
File Download 
Printing 

1, Should I access the guacamole server using http  all works well. 
2, Should I access it using https then 
a. I can upload a file with max size 1Mbyte 
any file bigger than 1Mbyte will receive  and error You do not have permission to upload this file. If you require access, please check your system settings, or check with your system administrator. 
b. Downloading from the RDP to the client machine always gives an error 
Disconnected : you have been disconnected however it gives the options to go home, reconnect or logout 
c. Printing does not work 

I can see the following error line into my guacamole error log : 
reported that client prematurely closed connection, so upstream connection is closed too while sending to client 

By the way the above scenario is for both private and public domain (I tried it with both and same behavior) 

Could someone  please help ?

Loading...