I originally had an Apache2 server that I was using as a proxy to various internal sites. That server was being decommissioned, and I decided to use Caddy this time around. 5 out of 6 HTTPS sites are working perfectly, but I’m having issues with Guacamole. The page loads, and I am able to log in, but once I attempt to start an RDP, VNC, or SSH connection, it disconnects almost immediately.
On the original proxy server (apache2) the virtual host config was as follows:
<VirtualHost *:443>
ServerName remote.example.com
# SSL Config
SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# Proxy
ProxyPreserveHost On
ProxyPass / https://10.0.50.149:443/ flushpackets=on
ProxyPassReverse / https://10.0.50.149:443/
# Certs
SSLCertificateFile /etc/letsencrypt/live/remote.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/remote.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/remote.example.com/chain.pem
</VirtualHost>
gzip
ipfilter / {
rule allow
ip 10.0.50.0/24
ip 10.0.20.0/24
country CA US
database /opt/caddy/GeoLite2/GeoLite2-Country.mmdb
blockpage /var/www/static/access_denied.html
}
I tried adding a few different options nested under proxy, with no success:
I was wondering if anyone can offer any insight as to what might be different between the apache and caddy configs. One thing I can’t seem to find any information on is the “flushpackets=on” parameter.
Hi, thanks for the suggestion, but it didn’t work. I even pointed the the caddyfile to the original port advertised by Tomcat (8080):
https://remote.badin.network {
import common.conf
proxy / http://10.0.50.149:8080/guacamole/ {
insecure_skip_verify
transparent
websocket
}
}
```
After some further digging, I found the manual for Guacamole.It looks like for Apache, the "proxypass" needs to have the following option turned on:
```
flushpackets=on
```
For Nginx, the equivalent appears to be:
```
proxy_buffering off
```
Does Caddy have anything like this?
I have tested an RDP session to a Windows 2012 r2 server, I was able to keep the connection open for at least 15 minutes before I logged off as I definitely don’t seem to have the same issue as you’re describing.
Only thing I can think of is that I handle the path (/guacamole) a little differently than you do.
To answer this one - no, I don’t believe it does have a setting for this. But I don’t think Caddy suffers from the issue described by the Guacamole manual to begin with, as demonstrated by my above example.
However, I get the same result. At this point, it looks like the problem may be how my Guacamole instance is set up. I’ll rebuild it from scratch and report back.
I’ve built my new Guacamole VM (CentOS7). I am using Guacamole version 0.9.12. Guacamole is available and working on port 8080. On my proxy server, I’m using the following caddyfile:
When I connect directly to the Guacamole server, on port 8080, I am able to use RDP without any disconnections. However, once I use the proxy server to access Guacamole, the connection times out after 5-15 seconds.