Caddy reverse proxy Guacamole - Clipboard issue

1. The problem I’m having:

In Guacamole (Using Guacamole — Apache Guacamole Manual v1.5.3) we can directly copy paste content without using the clipboard field (CTRL+SHIFT+ALT) on the page using this method on Firefox (async clipboard) : Firefox copy and paste with Apache Guacamole - sudoedit.com! (I tried
enabling more clipboard functionnality but still won’t work)

  • This method is working well with Guacamole behind Nginx Reverse Proxy Manager in Docker (latest no tweak install).
  • However with Caddy (2.7.4) Reverse proxy in Docker this feature is not working anymore.
  • I’m using Authentik (goauthentik.io) forward auth.

2. Error messages and/or full log output:

No error logs in log even in debug mode (both Guacamole and Caddy)

3. Caddy version:

docker pull caddy:2.7.4

4. How I installed and ran Caddy:

linux x86_64 CentOS Stream 8
Docker Standalone (23.0.2 - API: 1.42)

docker-compose.yml :

version: "3.4"

services:
  caddy:
    image: [Docker local registry]/caddy:2.7.4
    container_name: caddy
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - /opt/docker/caddy/Caddyfile:/etc/caddy/Caddyfile
      - /opt/docker/caddy/ssl:/etc/caddy/ssl                                                          #SSL directory
      - /opt/docker/caddy/caddyfile.conf.d:/etc/caddy/caddyfile.conf.d             #Currently Not used
      - caddy_data:/data
      - caddy_config:/config

volumes:
  caddy_data:
  caddy_config:

b. Command:

docker compose up -d

c. Service/unit/compose file:

d. My complete Caddy config:

{
	debug
}

(R-authentik) {
    # always forward outpost path to actual outpost
    reverse_proxy /outpost.goauthentik.io/* https://10.0.0.5 {
        #header_up Host 443
        transport http {
            tls_insecure_skip_verify
        }
    }
    # forward authentication to outpost
    forward_auth https://10.0.0.5 {
        uri /outpost.goauthentik.io/auth/caddy
        transport http {
            tls_insecure_skip_verify
        }

        # capitalization of the headers is important, otherwise they will be empty
        copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Meta-Jwks X-Authentik-Meta-Outpost X-Authentik-Meta-Provider X-Authentik-Meta-App X-Authentik-Meta-Version authorization

        # optional, in this config trust all private ranges, should probably be set to the outposts IP
        #trusted_proxies private_ranges
    }
}

(ssl) {
    tls /etc/caddy/ssl/caddy_pem.pem /etc/caddy/ssl/caddy_key.pem
}

https://guacamole.external.[].intra {
    import ssl
    import R-authentik
    redir / /guacamole/ 308
    reverse_proxy http://guacamole.internal.[].intra:8080 {
        flush_interval -1
    }
}

5. Links to relevant resources:

Thank you for your help !

I don’t understand how that has anything to do with the server you’re using. That’s a browser/javascript feature, isn’t it?

We can’t really help debug application-level problems. You’ll need to get help from the guacamole team unless you can show evidence of it being a problem caused by Caddy.

Hello

Ok, so I did some other tests. As we are using some proxy settings on Firefox, I didn’t tried on another web browser.

  • The problem is present on Firefox 118.0.2 (64-bit)
  • The problem is not present on Chrome 117.0.5938.150
  • The problem is not present on Edge 117.0.2045.60

So the problem is coming from Firefox :smiley:

Thank you for your quick response and help :slight_smile: @francislavoie

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.