Caddy reverse proxy Guacamole - Clipboard issue

Guear · October 13, 2023, 8:46am

1. The problem I’m having:

In Guacamole (Using Guacamole — Apache Guacamole Manual v1.5.3) we can directly copy paste content without using the clipboard field (CTRL+SHIFT+ALT) on the page using this method on Firefox (async clipboard) : Firefox copy and paste with Apache Guacamole - sudoedit.com! (I tried
enabling more clipboard functionnality but still won’t work)

This method is working well with Guacamole behind Nginx Reverse Proxy Manager in Docker (latest no tweak install).
However with Caddy (2.7.4) Reverse proxy in Docker this feature is not working anymore.
I’m using Authentik (goauthentik.io) forward auth.

2. Error messages and/or full log output:

No error logs in log even in debug mode (both Guacamole and Caddy)

3. Caddy version:

docker pull caddy:2.7.4

4. How I installed and ran Caddy:

linux x86_64 CentOS Stream 8
Docker Standalone (23.0.2 - API: 1.42)

docker-compose.yml :

version: "3.4"

services:
  caddy:
    image: [Docker local registry]/caddy:2.7.4
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /opt/docker/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /opt/docker/caddy/ssl:/etc/caddy/ssl                                                          #SSL directory
      - /opt/docker/caddy/caddyfile.conf.d:/etc/caddy/caddyfile.conf.d             #Currently Not used
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

b. Command:

docker compose up -d

c. Service/unit/compose file:

d. My complete Caddy config:

{
	debug
}

(R-authentik) {
    # always forward outpost path to actual outpost
    reverse_proxy /outpost.goauthentik.io/* https://10.0.0.5 {
        #header_up Host 443
        transport http {
            tls_insecure_skip_verify
        }
    }
    # forward authentication to outpost
    forward_auth https://10.0.0.5 {
        uri /outpost.goauthentik.io/auth/caddy
        transport http {
            tls_insecure_skip_verify
        }

        # capitalization of the headers is important, otherwise they will be empty
        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version authorization

        # optional, in this config trust all private ranges, should probably be set to the outposts IP
        #trusted_proxies private_ranges
    }
}

(ssl) {
    tls /etc/caddy/ssl/caddy_pem.pem /etc/caddy/ssl/caddy_key.pem
}

https://guacamole.external.[].intra {
    import ssl
    import R-authentik
    redir / /guacamole/ 308
    reverse_proxy http://guacamole.internal.[].intra:8080 {
        flush_interval -1
    }
}

5. Links to relevant resources:

Thank you for your help !

francislavoie · October 13, 2023, 12:00pm

I don’t understand how that has anything to do with the server you’re using. That’s a browser/javascript feature, isn’t it?

We can’t really help debug application-level problems. You’ll need to get help from the guacamole team unless you can show evidence of it being a problem caused by Caddy.

Guear · October 13, 2023, 12:22pm

Hello

Ok, so I did some other tests. As we are using some proxy settings on Firefox, I didn’t tried on another web browser.

The problem is present on Firefox 118.0.2 (64-bit)
The problem is not present on Chrome 117.0.5938.150
The problem is not present on Edge 117.0.2045.60

So the problem is coming from Firefox

Thank you for your quick response and help @francislavoie

system · November 12, 2023, 12:23pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.