Reverse Proxy Guacamole

1. Caddy version (caddy version):

2.0.0

2. How I run Caddy:

I use caddy start with a Caddyfile

a. System environment:

Caddy installed via apt install on Ubuntu Server 18.04

b. Command:

caddy start

c. Service/unit/compose file:

N/A

d. My complete Caddyfile or JSON config:

files.DOMAIN.org {
reverse_proxy ubuntu_nextcloud:80
}

guac.DOMAIN.org {
    rewrite * /guacamole/{path}
    reverse_proxy guac:8080 {
        flush_interval -1
    }
}

I’m sorry about the domain redaction. I’d rather not give it out.

3. The problem I’m having:

I’m having issues reverse proxying guacamole. I got some help on a separate forum which is how I ended up with the config I have now for guacamole. That did stop me from getting errors but it’s still not working.

I get a white page, valid certificate and all, but no guacamole login like I’m expecting (I DO get the login page when I access the server locally via http://guac:8080/guacamole.

4. Error messages and/or full log output:

AFAICT, I’m not getting errors in Caddy anymore - they were coming up right after running caddy start when I attempted to access the site but they’re not anymore. I’m more than willing to dig up a file or turn up the log level if shown how.

5. What I already tried:

I’ve tried a bunch of variations of the config in the Caddyfile based on other threads I’ve seen here. Many of them didn’t work because they’re for the older version and the syntax didn’t quite match up. I’ve tried just changing them to the newer syntax but that didn’t work.

Some configuration seems to be required on the guacamole side (tomcat) which I think I have correct. I can post that config too if someone knows enough about it for it to matter.

My thread on reddit where some helpful people got me at least to the point of no longer getting Caddy errors… At least I think.

6. Links to relevant resources:

I think I have the relevant links within the text.

So if you remove that rewrite and access the site at guac.DOMAIN.org/guacamole/ in your browser, does it work?

I’m thinking you could just use a redirect from / to /guacamole/ to make it work on the root, and the rest should just work?

… I’m kicking myself right now.

Yes that works!

But can you help me understand why? Can I write something to just make it accessible from guac.DOMAIN.org without the / ?

I think all you’d need to add is redir / /guacamole/ 308. This’ll return an HTTP 308 response with the Location header set to /guacamole/. 308 means “permanent redirect”.

It would be possible to rewrite URLs to prepend /guacamole/ all the time, but there may be unintended side effects for that depending on how the app serves its files. I think it’s probably best to go the simple route.

1 Like

I guess I’ll just go really simple and just keep adding /guacamole when I type it… No big deal.

Thanks a ton!

Why not add the redirect? :stuck_out_tongue:

Haha you’re right. For completeness sake, here’s my working section for guacamole:

guac.DOMAIN.org {
    redir / /guacamole/ 308
    reverse_proxy guac:8080 {
        flush_interval -1
    }
}

Works exactly as expected now. Thanks again. Huge help.

3 Likes

Just chiming in here - you could make this a little bit more comprehensive with a named matcher.

With the latest config, a request to /foo isn’t explicitly handled.

Something like this would handle it all:

guac.example.com {
  @notGuac {
    not path /guacamole/*
  }
  redir @notGuac /guacamole/
  reverse_proxy guac:8080 {
    flush_interval -1
  }
}
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.