TekOnline

How to Set Up Guacamole Behind Nginx for Secure Remote Access ๐Ÿฅ‘๐Ÿ”’

Are you looking for a secure and efficient way to access your remote desktop or server? Guacamole is an open-source remote desktop gateway that provides easy access to your remote resources from anywhere. In this article, we will guide you through the process of setting up Guacamole behind Nginx for secure remote access.

Before we start, let’s take a look at the configuration file provided:

# upstream gauc {
#     # The keepalive parameter sets the maximum number of idle keepalive connections
#   # to upstream servers that are preserved in the cache of each worker process. When
#   # this number is exceeded, the least recently used connections are closed.
#   keepalive 100;

#   server 127.0.0.1:8443;
# }

server {
    listen 443 ssl; # managed by Certbot

    server_name www.tekonline.com.au;

    ssl_certificate /etc/letsencrypt/live/www.tekonline.com.au/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.tekonline.com.au/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # set the maximum upload size to 64MB
    client_max_body_size 64M;

    # proxy_redirect off;
    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://localhost:9000;       
    }
    # proxy_redirect off;
    location /article/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass https://localhost:8443/;  
        proxy_read_timeout     300;
        proxy_connect_timeout  300;
        proxy_buffering off;
        # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Remove the Connection header if the client sends it,
        # it could be "close" to close a keepalive connection
        proxy_set_header Connection "";     
    }
    

}

server {
    if ($host = www.tekonline.com.au) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = tekonline.com.au) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name tekonline.com.au www.tekonline.com.au;
    listen 80;
    return 404; # managed by Certbot
}

As you can see, there are two server blocks in the configuration file. The first one listens on port 443 and handles requests for www.tekonline.com.au. It uses SSL certificates provided by Certbot and proxies requests to the Guacamole server running on localhost:9000.

This the setup working for me. I will try and get some more info around my complete working build ๐Ÿ™‚

Posted

in

,

by

jcianci12

Tags:

, , ,

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *