Quantcast

WebSockets enablement issue --> SSL Scanning issue

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

WebSockets enablement issue --> SSL Scanning issue

bsavard
Hi,

I have a working setup using GUAC 0.9.9 / Apache 2.4.23 / Tomcat 7.0.52 / Ubuntu Server 14.04 / Java 1.7.0_121 to access a VM running Windows 7 (RDP connection).

I'm having issue with user connecting with an Anti-Virus like Bitdefender or Kaspersky which do SSL Scanning.  When disabling this option, it works fine.

I read in a post that if WebSockets are used, this is no longer an issue.  

If I look in Tomcat access log, I see a bunch of /tunnel?write and /tunnel?read during an active connection.  Which, I think, indicate me that I'm not using a WebSocket.  Right?

The traffic is (proxy) going through Apache but even if I bypass it, still no WebSocket.

I build my own Guacamole application using the below tutorial and I'm wondering if this is not the source of the problem.  Is WebSocket working if I do this?

https://guacamole.incubator.apache.org/doc/gug/writing-you-own-guacamole-app.html

I reviewed my configuration many times, and tried different things but still no success.  Any help will be welcome.

Thanks,
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: WebSockets enablement issue --> SSL Scanning issue

bsavard
I did some extra testing and I confirm that my setup is ok to support WebSockets.  If I use the guacamole-client (guacamole.war), I see that I'm using WebSockets and no more issues with Anti-Virus.

I tried to copy my custom-client files over the guacamole-client setup, and same issue.  No WebSockets.
 
So it really come down to my custom-client app that I built based on the tutorial.  

So, I would like to know if the tutorial-client app is suppose to support WebSockets.  If yes, then I made a mistake and I will find out.  If not, how can I enable it?

Thanks,
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: WebSockets enablement issue --> SSL Scanning issue

bsavard
I tried again using a vanilla setup with the tutorial and I'm still getting the same issue. No WebSocket.

With the Tutorial, I'm getting the following sequence in tomcat access log.
"GET /tutorial/index.html HTTP/1.1" 304 -
"POST /tutorial/tunnel?connect HTTP/1.1" 200 36
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1" 200 -
"GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:0 HTTP/1.1" 200 639
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1" 200 -
"GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:1 HTTP/1.1" 200 8217
"GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:2 HTTP/1.1" 200 23377
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1" 200 -
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1" 200 -
....


With Guacamole Client, I'm getting the following sequence, which clearly show that we are using websocket (last line).
"GET /guacamole/ HTTP/1.1" 304 -
"GET /guacamole/app.css?v=0.9.9 HTTP/1.1" 200 44382
"GET /guacamole/app.js?v=0.9.9 HTTP/1.1" 200 656348
"GET /guacamole/api/languages?token=3215a5e3e4c4106cefd6bc6bd47e6d7d09171136ba3c9e93d8ca6d8 HTTP/1.1" 200 115
"GET /guacamole/translations/en.json HTTP/1.1" 200 33115
"POST /guacamole/api/tokens HTTP/1.1" 200 168
"DELETE /guacamole/api/tokens/3215a5e3e4c4106cefd6bc6bd47e6d7d09171136ba3c9e93d8ca6d8 HTTP/1.1" 404 74
"GET /guacamole/api/data/default/connectionGroups/ROOT/tree?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe HTTP/1.1" 200 266
"POST /guacamole/api/tokens HTTP/1.1" 200 168
"GET /guacamole/api/data/default/connections/xxxxxxxx?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe HTTP/1.1" 200 147
"HEAD /guacamole/app/element/templates/blank.html HTTP/1.1" 200 -
"HEAD /guacamole/app/element/templates/blank.html HTTP/1.1" 200 -
"GET /guacamole/api/data/default/users/xxxxxxxx/permissions?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe HTTP/1.1" 200 188
"GET /guacamole/websocket-tunnel?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe&GUAC_DATA_SOURCE=default&GUAC_ID=xxxxxxxx&GUAC_TYPE=c&GUAC_WIDTH=1238&GUAC_HEIGHT=800&GUAC_DPI=114&GUAC_IMAGE=image%2Fjpeg&GUAC_IMAGE=image%2Fpng HTTP/1.1" 101 -
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: WebSockets enablement issue --> SSL Scanning issue

Mike Jumper
The tutorial hasn't been updated with respect to WebSocket, and still only describes how to set up the HTTP tunnel. If you want to add WebSocket support to your Guacamole-driven application, you will need to add an implementation of GuacamoleWebSocketTunnelEndpoint (the WebSocket anology to GuacamoleHTTPTunnelServlet):


Beware that Java support for WebSockets is different from servlets. If you're already experienced with using Java servlets, WebSocket endpoints will have bit of a learning curve. Definitely give it a shot and let us know if you run into any trouble while you do. Perhaps we can use that feedback to update the tutorial.

By the way, the dev@ mailing list is a better place for development discussion, rather than the Nabble interface to the user@ list:


- Mike

On Tue, Mar 21, 2017 at 2:02 PM, bsavard <[hidden email]> wrote:
I tried again using a vanilla setup with the tutorial and I'm still getting
the same issue. No WebSocket.

With the Tutorial, I'm getting the following sequence in tomcat access log.
"GET /tutorial/index.html HTTP/1.1" 304 -
"POST /tutorial/tunnel?connect HTTP/1.1" 200 36
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1"
200 -
"GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:0 HTTP/1.1"
200 639
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1"
200 -
"GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:1 HTTP/1.1"
200 8217
"GET /tutorial/tunnel?read:97c6e4c5-b86a-4ede-9961-daa9be5b728c:2 HTTP/1.1"
200 23377
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1"
200 -
"POST /tutorial/tunnel?write:97c6e4c5-b86a-4ede-9961-daa9be5b728c HTTP/1.1"
200 -
....


With Guacamole Client, I'm getting the following sequence, which clearly
show that we are using websocket (last line).
"GET /guacamole/ HTTP/1.1" 304 -
"GET /guacamole/app.css?v=0.9.9 HTTP/1.1" 200 44382
"GET /guacamole/app.js?v=0.9.9 HTTP/1.1" 200 656348
"GET
/guacamole/api/languages?token=3215a5e3e4c4106cefd6bc6bd47e6d7d09171136ba3c9e93d8ca6d8
HTTP/1.1" 200 115
"GET /guacamole/translations/en.json HTTP/1.1" 200 33115
"POST /guacamole/api/tokens HTTP/1.1" 200 168
"DELETE
/guacamole/api/tokens/3215a5e3e4c4106cefd6bc6bd47e6d7d09171136ba3c9e93d8ca6d8
HTTP/1.1" 404 74
"GET
/guacamole/api/data/default/connectionGroups/ROOT/tree?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe
HTTP/1.1" 200 266
"POST /guacamole/api/tokens HTTP/1.1" 200 168
"GET
/guacamole/api/data/default/connections/xxxxxxxx?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe
HTTP/1.1" 200 147
"HEAD /guacamole/app/element/templates/blank.html HTTP/1.1" 200 -
"HEAD /guacamole/app/element/templates/blank.html HTTP/1.1" 200 -
"GET
/guacamole/api/data/default/users/xxxxxxxx/permissions?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe
HTTP/1.1" 200 188
"GET
/guacamole/websocket-tunnel?token=bc03bd7a4ff3499c7e72247795cb54b7c485c27b0e9fc34805157fe&GUAC_DATA_SOURCE=default&GUAC_ID=xxxxxxxx&GUAC_TYPE=c&GUAC_WIDTH=1238&GUAC_HEIGHT=800&GUAC_DPI=114&GUAC_IMAGE=image%2Fjpeg&GUAC_IMAGE=image%2Fpng
HTTP/1.1" 101 -




--
View this message in context: http://apache-guacamole-incubating-users.2363388.n4.nabble.com/WebSockets-enablement-issue-SSL-Scanning-issue-tp524p625.html
Sent from the Apache Guacamole (incubating) - Users mailing list archive at Nabble.com.

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: WebSockets enablement issue --> SSL Scanning issue

bsavard
Thanks Mike.  This is exactly the confirmation and information I was looking for.   I will give it a try and let you know how it goes.   Also, I will be pleased to contribute and enhance the tutorial to make it WebSocket ready.

Thanks again.

Bruno Savard
Loading...