Guacamole Problem

guacamole
german

#1

Ich habe hier ein frisch installiertes Cuacamole (Version 0.9.13-univention14) in der aktuellen UCS Version 4.3-3 errata419, was ich nicht zum Laufen bringe.

Öffne ich Guacamole, werde ich mit:

# Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request *[GET /guacamole/](https://192.168.xx.x/guacamole/)* .

Reason: **Error reading from remote server**

konfrontiert. Ändere ich von https://192.168.xx.x/guacamole/ auf http://192.168.xx.x/guacamole/

komme ich zumindest in die Einstiegsmaske. Nach der Anmeldung heisst es: " Verbindungsaufbau zu Guacamole. Bitte warten…". Dann geht nichts mehr weiter …

Der Rest, wie ich eine Konfiguration anlege und einem Benutzer zuteile, wäre mir ansonsten klar. Auch hatte ich schon auf einem Ubuntu Server 18.04 ein Guacamole erfolgreich aufgesetzt. Nur hier im UCS stosse ich auf Widerstände.

Nutze zusätzlich Nextcloud - ohne Probleme.

Vielleicht hat jemand eine Idee?


Can't get Guacamole working
#2

Eine Idee hab ich nicht.

Aber den gleichen Fehler mit Guacamole. :no_mouth:

Habe auch Nextcloud als weitere App installiert und der UCS-Server ist Mitglied einer Windows-Domäne.


#3

same here … installed Guacamole from the app-center and created the configuration as adviced. Result is:

Proxy Error

The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request GET /guacamole/ .

Reason: Error reading from remote server

Can someone from the UCS experts have a look or advice please?


#4

I assume Guacamole app is installed as docker.
Can you check as root on UCS server with docker ps if the Guacamole Container is running?

If not use docker logs <containerid> to check for error messages.
If that gives not relevant hint you can check with docker inspect <containerid> for mounted volumes.
Some UCS apps mount a directory for logfiles.

BR,
Jörn


#5

thx for your quick reply.

Docker containers are up- and running (first thing i have checked):

a120fd92459a docker.software-univention.de/guacamole-guacamole:0.9.13-univention13 “/opt/guacamole/bi…” 31 minutes ago Up 18 minutes 0.0.0.0:40001->8080/tcp guacamole_guacamole_1
64269927899f docker.software-univention.de/guacamole-guacd:0.9.13-univention13 “/usr/local/sbin/g…” 31 minutes ago Up 18 minutes 4822/tcp guacamole_guacd_1

Anything else I can/should check myself?


#6

Next thing I would check is the reverse proxy rule at /etc/apache2/sites-enabled
There should be some config regarding guacamole.

And would start looking into UCR for variables on guacamole: ucr search guac


#7

Hi,

this is what I have found under /etc/apache2/sites-enabled:

default-ssl.conf:
ProxyPass /guacamole http://127.0.0.1:40001/guacamole retry=0
ProxyPassReverse /guacamole http://127.0.0.1:40001/guacamole

000-default.conf:
ProxyPass /guacamole/ http://127.0.0.1:40001/guacamole/ retry=0
ProxyPassReverse /guacamole/ http://127.0.0.1:40001/guacamole/

ucr search guac gives me:
appcenter/apps/guacamole/container: a120fd92459ab50a3f7ef671678b2c0533909a1f6db20d4c32c1016ef43f5233

appcenter/apps/guacamole/hostdn: cn=guaca-14076491,cn=memberserver,cn=computers,dc=xxxdomain,dc=intranet

appcenter/apps/guacamole/image: docker.software-univention.de/guacamole-guacamole:0.9.13-univention13

appcenter/apps/guacamole/ports/8080: 40001

appcenter/apps/guacamole/status: installed

appcenter/apps/guacamole/ucs: 4.3

appcenter/apps/guacamole/version: 0.9.13-univention14

guacamole/autostart: yes

ucs/web/overview/entries/service/guacamole/description/de: Guacamole ist ein clientloses fern Desktop-Gateway
Defines the description of the corresponding entry of the UCS start site (optionally localized). Full format: ucs/web/overview/entries/{admin,service}//description[/].

ucs/web/overview/entries/service/guacamole/description: Guacamole is a clientless remote desktop gateway
Defines the description of the corresponding entry of the UCS start site (optionally localized). Full format: ucs/web/overview/entries/{admin,service}//description[/].

ucs/web/overview/entries/service/guacamole/icon: /univention/js/dijit/themes/umc/icons/scalable/apps-guacamole_20180525181438.svg
Defines the URL for the icon of the corresponding entry of the UCS start site (can also be a data URL). Full format: ucs/web/overview/entries/{admin,service}//icon.

ucs/web/overview/entries/service/guacamole/label/de: Guacamole
Defines the label of the corresponding entry of the UCS start site (optionally localized). Full format: ucs/web/overview/entries/{admin,service}//label[/].

ucs/web/overview/entries/service/guacamole/label: Guacamole
Defines the label of the corresponding entry of the UCS start site (optionally localized). Full format: ucs/web/overview/entries/{admin,service}//label[/].

ucs/web/overview/entries/service/guacamole/link: /guacamole/
Defines the link URL of the corresponding entry of the UCS start site. Full format: ucs/web/overview/entries/{admin,service}//link.

ucs/web/overview/entries/service/guacamole/port_http: 80
Forces the port for URL of the corresponding entry of the UCS start site. Used when the start site is opened with HTTP or when no port_https variable is set. Full format: ucs/web/overview/entries/{admin,service}//port_http.

ucs/web/overview/entries/service/guacamole/port_https: 443
Same as ucs/web/overview/entries/.*/port_http, but used when opening the start site with HTTPS or when no port_http variable is set. Full format: ucs/web/overview/entries/{admin,service}//port_https.


#8

Have you tried to access Guacamole on the exposed port directly without reverse proxy?


#9

Hi,

I was now able to land on the Guacamole login-page (by using the local IP-address or local machine name): e.g. https://192.168.0.xx/guacamole/#/

Accessing the page with external IP or DNS name is still not possible.

But now I’m not able to login, neither the configured users or Administrator are accepted. All I got is a message saying “Anmeldungsfehler”.

Any logs that can be checked for the root cause?


#10

Hi,

did a “docker logs” once more and found this in the log file:

09:51:57.936 [http-nio-8080-exec-3] ERROR o.a.g.a.ldap.LDAPConnectionService - Unable to connect to LDAP server: Connect Error
09:51:57.936 [http-nio-8080-exec-3] ERROR o.a.g.a.l.AuthenticationProviderService - Unable to bind using search DN “cn=guaca-14076491,cn=memberserver,cn=computers,dc=domainxxx,dc=intranet”

The according LDAP-object (cn=guaca-14076491,cn=memberserver,cn=computers,dc=domainxxx,dc=intranet) exists.

For me it seems the Guacamole UCS release package is pretty outdated and broken … :frowning:


#11

Any news on this issue ?


#12

no news :frowning:

Browsing through the forum gives me the impression, that this package is generally broken and not working for anyone - please correct me if I’m wrong …

It seems there are also issues with uninstalling the app (remaining containers).
I’m not sure how to proceed from here. At least it would be great if someone could provide instructions for “clean” uninstall.


#13

Well, you can take a look at this post. But I’m not sure if it helps a lot. Guacamole is working as it is supposed to on a member-server while it didn’t on a slave-server.
But I can’t really tell if this has something to do with server roles or the other apps that are installed on the slave (I mentioned samba4 but perhaps the mailserver and anti-virus are even more relevant - some indications towards this can be found with a web search).


#14

Hello lebernd, thank you for your feedback!

But I’m not sure how this can be helpful in my situation.
Like for the other official apps from the UCS appstore, my expectation was that it can be deployed easily without any further manuel adjustments or configuration. There were also nothing mentioned about excepetions (server role) or any other preconditions.

To spend further efforts for investigations/troubleshooting doesn’t makes sense for me, for the time being I’m only interested in how to do a “clean” uninstall.