Question about Separate infrastructure Frontend\Guacd

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Question about Separate infrastructure Frontend\Guacd

Karl Fiabeschi
Hi all.

I have 2 server, one with guacamole-client webapps, and another with guacd (0.9.13 from git)

my configuration:

#guacd
guacd-hostname: fqdn.of.my.server
guacd-port:     4822

1) on the guacd server the stardard guacd init script listen only local on 127.0.0.1, i must run

guacd -b 0.0.0.0

to set listening outside the machine itself. it's the correct behavior ?

2) when i try from frontend a connection i have this error:

 [http-bio-8080-exec-9] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at :4822.
[http-bio-8080-exec-9] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint - Creation of WebSocket tunnel to guacd failed: java.net.ConnectException: Connection refused (Connection refused)
[http-bio-8080-exec-6] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to guacd at :4822.

i don't understand why it say :4822 and not name.of.my.server:4822.

thanks

ps i don't have any firewall on the server or over the network, same subnet.. if i try a telnet from frontend to the 4822 of guacd the result is: connected
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about Separate infrastructure Frontend\Guacd

Mike Jumper
On Wed, Jun 7, 2017 at 3:00 PM, Karl Fiabeschi <[hidden email]> wrote:

> Hi all.
>
> I have 2 server, one with guacamole-client webapps, and another with guacd
> (0.9.13 from git)
>
> my configuration:
>
> #guacd
> guacd-hostname: fqdn.of.my.server
> guacd-port:     4822
>
> 1) on the guacd server the stardard guacd init script listen only local on
> 127.0.0.1, i must run
>
> guacd -b 0.0.0.0
>
> to set listening outside the machine itself. it's the correct behavior ?
>

Yes.

Alternatively, you can override this via /etc/guacamole/guacd.conf:

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#guacd.conf

> 2) when i try from frontend a connection i have this error:
>
>  [http-bio-8080-exec-9] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to
> guacd at :4822.
> [http-bio-8080-exec-9] ERROR o.a.g.w.GuacamoleWebSocketTunnelEndpoint -
> Creation of WebSocket tunnel to guacd failed: java.net.ConnectException:
> Connection refused (Connection refused)
> [http-bio-8080-exec-6] DEBUG o.a.g.net.InetGuacamoleSocket - Connecting to
> guacd at :4822.
>
> i don't understand why it say :4822 and not name.of.my.server:4822.
>

The hostname must (somehow) have been explicitly set to an empty string.

Can you upload an unaltered copy of your guacamole.properties somewhere?

- Mike
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about Separate infrastructure Frontend\Guacd

Karl Fiabeschi


2017-06-08 0:32 GMT+02:00 Mike Jumper <[hidden email]>:

Yes.

Alternatively, you can override this via /etc/guacamole/guacd.conf:

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#guacd.conf

Ok, perfect, It worked as I expected.
Thanks


The hostname must (somehow) have been explicitly set to an empty string.

Can you upload an unaltered copy of your guacamole.properties somewhere?

- Mike

my actual configuration: (only faked personal information)

---------------

#guacd
guacd-hostname: guacd-xxxx.yyyy.zz.com
guacd-port: 4822

#mysql

mysql-hostname: db.xxxx.yyyy.zz.com
mysql-port: 3306
mysql-database: guacdb
mysql-username: fakeuser
mysql-password: fakepassword

# Additional settings
#mysql-default-max-connections-per-user: 0
#mysql-default-max-group-connections-per-user: 0


########################## LDAP

ldap-hostname: ldap.yyyy.zzz.com
ldap-port: 636
ldap-user-base-dn: ou=tech,o=users,dc=yyyy,dc=zzzz,dc=com
ldap-encryption-method: ssl
ldap-username-attribute: uid
ldap-config-base-dn: dc=yyyy,dc=zzzz,dc=com
ldap-search-bind-dn: cn=userbind,ou=users,dc=yyyy,dc=zzzz,dc=com
ldap-search-bind-password: fakepassword123
###
 
------------

what i tried:

i put a tcpdump listen on guacd server and one on the guacamole tomcat server:

1)guacd-hostname:guacd-xxxx.yyyy.zz.com
error code:
[http-bio-8080-exec-10] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
[http-bio-8080-exec-10] DEBUG o.a.g.s.GuacamoleHTTPTunnelServlet - Internal error in HTTP tunnel.
guacamole server: org.apache.guacamole.GuacamoleServerException: java.net.ConnectException: Connection refused (Connection refused)

no tcpdump logs/activity


2)guacd-hostname:guacd-xxxx                            #nofqdn

error code:
[http-bio-8080-exec-9] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
[http-bio-8080-exec-9] DEBUG o.a.g.s.GuacamoleHTTPTunnelServlet - Internal error in HTTP tunnel.
 guacamole server: org.apache.guacamole.GuacamoleServerException: java.net.ConnectException: Connection refused (Connection refused)

no tcpdump logs/activity


guacd-hostname: "guacd-xxxx.yyyy.zz.com"

[http-bio-8080-exec-9] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
[http-bio-8080-exec-9] DEBUG o.a.g.s.GuacamoleHTTPTunnelServlet - Internal error in HTTP tunnel.
 guacamole server: org.apache.guacamole.GuacamoleServerException: java.net.ConnectException: Connection refused (Connection refused)

no tcpdump logs/activity

guacd-hostname: 172.bbb.ccc.ddd (ip address).

[http-bio-8080-exec-9] ERROR o.a.g.s.GuacamoleHTTPTunnelServlet - HTTP tunnel request failed: java.net.ConnectException: Connection refused (Connection refused)
[http-bio-8080-exec-9] DEBUG o.a.g.s.GuacamoleHTTPTunnelServlet - Internal error in HTTP tunnel.
 guacamole server: org.apache.guacamole.GuacamoleServerException: java.net.ConnectException: Connection refused (Connection refused)

no tcpdump logs/activity


The funny things is if i put on the connection proprieties from the guacamole tomcat webapps the hostname and ip of guacd server WORKS!! (attach) :D

How i can fix this or how i can set on the "new connection" interfaces some standard proprieties like guacd hostname, port, encryption etc?
what file i must modified to do this?

tomorrow i must present to my boss this project solution.. thanks
K

success.png (16K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about Separate infrastructure Frontend\Guacd

Karl Fiabeschi
Ok found the problem: if i use the guacamole client v 0.9-12 works well, with the 0.9-13 i have the same error..

bug?
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about Separate infrastructure Frontend\Guacd

Mike Jumper
Possibly. There were indeed recent changes on git regarding the handling of the guacd-hostname, etc. properties.

With no changes to the properties file, deploying 0.9.12 solves things?

And redeploying a build from git master breaks them again?

- Mike


On Jun 8, 2017 12:05 PM, "Karl Fiabeschi" <[hidden email]> wrote:
Ok found the problem: if i use the guacamole client v 0.9-12 works well, with
the 0.9-13 i have the same error..

bug?



--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Question-about-Separate-infrastructure-Frontend-Guacd-tp1087p1094.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about Separate infrastructure Frontend\Guacd

Karl Fiabeschi


2017-06-08 23:09 GMT+02:00 Mike Jumper <[hidden email]>:
Possibly. There were indeed recent changes on git regarding the handling of the guacd-hostname, etc. properties.

With no changes to the properties file, deploying 0.9.12 solves things?
Yes
 

And redeploying a build from git master breaks them again?
 
Yes

my guess? it' a little bug..

more specifically: if the field "proxy_hostname" form guacamole_connections is NULL it doesn't get the info from guacamole.properties

should i report this to jira?
 

- Mike


On Jun 8, 2017 12:05 PM, "Karl Fiabeschi" <[hidden email]> wrote:
Ok found the problem: if i use the guacamole client v 0.9-12 works well, with
the 0.9-13 i have the same error..

bug?



--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/Question-about-Separate-infrastructure-Frontend-Guacd-tp1087p1094.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about Separate infrastructure Frontend\Guacd

Mike Jumper
On Jun 8, 2017 2:19 PM, "Karl Fiabeschi" <[hidden email]> wrote:
...

more specifically: if the field "proxy_hostname" form guacamole_connections is NULL it doesn't get the info from guacamole.properties

should i report this to jira?

Yes, please.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Question about Separate infrastructure Frontend\Guacd

Karl Fiabeschi
2017-06-08 23:50 GMT+02:00 Mike Jumper <[hidden email]>:
On Jun 8, 2017 2:19 PM, "Karl Fiabeschi" <[hidden email]> wrote:
...

more specifically: if the field "proxy_hostname" form guacamole_connections is NULL it doesn't get the info from guacamole.properties

should i report this to jira?

Yes, please.


https://issues.apache.org/jira/browse/GUACAMOLE-320
Loading...