Your cart is currently empty!
How to Set Up Guacamole Behind Nginx for Secure Remote Access ๐ฅ๐
Are you looking for a secure and efficient way to access your remote desktop or server? Guacamole is an open-source remote desktop gateway that provides easy access to your remote resources from anywhere. In this article, we will guide you through the process of setting up Guacamole behind Nginx for secure remote access.
Before we start, let’s take a look at the configuration file provided:
# upstream gauc {
# # The keepalive parameter sets the maximum number of idle keepalive connections
# # to upstream servers that are preserved in the cache of each worker process. When
# # this number is exceeded, the least recently used connections are closed.
# keepalive 100;
# server 127.0.0.1:8443;
# }
server {
listen 443 ssl; # managed by Certbot
server_name www.tekonline.com.au;
ssl_certificate /etc/letsencrypt/live/www.tekonline.com.au/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.tekonline.com.au/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# set the maximum upload size to 64MB
client_max_body_size 64M;
# proxy_redirect off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:9000;
}
# proxy_redirect off;
location /article/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://localhost:8443/;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_buffering off;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Remove the Connection header if the client sends it,
# it could be "close" to close a keepalive connection
proxy_set_header Connection "";
}
}
server {
if ($host = www.tekonline.com.au) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = tekonline.com.au) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name tekonline.com.au www.tekonline.com.au;
listen 80;
return 404; # managed by Certbot
}
As you can see, there are two server blocks in the configuration file. The first one listens on port 443 and handles requests for www.tekonline.com.au
. It uses SSL certificates provided by Certbot and proxies requests to the Guacamole server running on localhost:9000
.
This the setup working for me. I will try and get some more info around my complete working build ๐
Leave a Reply