We have been testing guacamole for a few days now and its been working beautifully. The combination of guacamole and multi-wan(and both of them working) has made things a lot easier.
I want to share some stats and see if it makes sense. The server we are running NS and guacamole is running on server:
Model
ProLiant DL380 G6
CPU model
16 x Intel® Xeon® CPU E5530 @ 2.40GH
8GB RAM.
We ran a test with three users with 6 remote desktop connections each and the memory usage peaked at 93%, and the 25th connection caused the connections to reset, and the pages needed to be reloaded. CPU usage remained less than 10% the whole time. Does this sound right?
i’ll do have a Problem after the update of the Reverse Proxy also nethserver.
After the last updates for the reverse proxy i only get a blank page for the Guacamole
i checked everything and it seems OK.
the parameter flushpackets=on is set but for me it seems that it is not used?
as i know this problem if the parameter is not set.
what can i do ?
before the update it works absolut fine.
Kindly regards
StephanS
[root@DMZSERVER ~]# rpm -q nethserver-httpd-proxypass
nethserver-httpd-proxypass-3.2.1-1.ns7.noarch
guacamole works perfectly inside my network but as i use it to get to my systems with only https or http possible i used the reverse proxy to use it from external
the message log on the server that has the reverse proxy has nothing unusual.
Proxy conf file has this opion in general defined:
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
and for gucamole it is configured with this opions:
As it is working perfect inside my network if i address the server directly it must be the reverse proxy
and i assume that the flushpackets option is not used however i have no error report
May 14 20:46:34 DMZSERVER control-service: httpd restart
May 14 20:46:34 DMZSERVER systemd: Stopping The Apache HTTP Server…
May 14 20:46:37 DMZSERVER systemd: Starting The Apache HTTP Server…
May 14 20:46:39 DMZSERVER systemd: Started The Apache HTTP Server.
The module works on the same server and does the reverse proxying without need for manual settings or separate reverse proxy. Do you need to reverse proxy to another server?
EDIT:
I tried it with a separate reverse proxy and it worked via web UI:
Nope by me sadly no effect
the config way is as followed:
Router full port forward -> Firewall (Untangle) -> selective portforward to “DMZSERVER” Nethserver with reverse proxy this server forward to my internal sub servers which have different functions like webmail/nextcloud and the one server for guacamole.
I need the reverseproxy to address the different internal machines that have specific functions in my network.
What i do not understand there are some data that are transfered like the logo but nothing else which was every time the case before i activated the flushpackets option after this option all forwards worked perfektly before the update.
And secondly if it works in your case what could went wrong by me as we have the same config for this part.
i will think about it some more if you have any additional ideas i am happy to hear them
regards
Stephan
SSLProxyEngine on
<Location /guacamole/>
SSLRequireSSL
Order allow,deny
Allow from all
ProxyPass https://testserver.cmb.local/guacamole/ flushpackets=on
ProxyPassReverse https://testserver.cmb.local/guacamole/
</Location>
<Location /guacamole/websocket-tunnel>
Order allow,deny
Allow from all
ProxyPass ws://testserver.cmb.local/guacamole/websocket-tunnel
ProxyPassReverse ws://testserver.cmb.local/guacamole/websocket-tunnel
</Location>
okay i will come back to you after the weekend have to solve some problems that now emereged on the dedicated server i think i will create a VM machine for this function but i need more time than a few hours in the night
thanks a lot for helping out i will give you a feedback of the final results
104 is the reververse proxy
83 is an internal client
it seemed they asked differently
but I do not get why.
booth systems are upgraded on patch level yesterday
it must be the that the reverse proxy doing something other than a normal client.
and my second thought is why you can not replicate this problem?
again I think the problem is the flushpacket option but i do not find any error messages
kindly regards
stephan
The module link is already there. I kept the howto to share the technical details and the way we solved problems but you are right. I am going to have a look and tidy up the howto.
I try to fix with the previous support of @mrmarkuz, but always shows the same error, however, I have a doubt with the mariadb service I understand that not start because another daemon its running with the same socket.
[root@xxxx conf.d]# systemctl status mariadb -l
● mariadb.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2018-08-29 13:27:58 CST; 16min ago
Aug 29 13:27:58 xxx.xxxx.localdomain systemd[1]: Starting MariaDB database server…
Aug 29 13:27:58 xxx.xxxx.localdomain mariadb-prepare-db-dir[11661]: Socket file /var/lib/mysql/mysql.sock exists.
Aug 29 13:27:58 xxx.xxxx.localdomain mariadb-prepare-db-dir[11661]: Is another MySQL daemon already running with the same unix socket?
Aug 29 13:27:58 xxx.xxxx.localdomain systemd[1]: mariadb.service: control process exited, code=exited status=1
Aug 29 13:27:58 xxx.xxxx.localdomain systemd[1]: Failed to start MariaDB database server.
Aug 29 13:27:58 xxx.xxxx.localdomain systemd[1]: Unit mariadb.service entered failed state.
Aug 29 13:27:58 xxx.xxxx.localdomain systemd[1]: mariadb.service failed.
[root@motodo conf.d]# systemctl status mysqld -l
● mysqld.service - MariaDB database server
Loaded: loaded (/usr/lib/systemd/system/mysqld.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2018-08-29 13:43:16 CST; 46min ago
Main PID: 13981 (mysqld_safe)
CGroup: /system.slice/mysqld.service
├─13981 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
└─14154 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/mariadb.log --pid-file=/var/run/mariadb/mariadb.pid --socket=/var/lib/mysql/mysql.sock
Aug 29 13:43:14 motodo.central.localdomain systemd[1]: Starting MariaDB database server…
Aug 29 13:43:14 motodo.central.localdomain mariadb-prepare-db-dir[13949]: Database MariaDB is probably initialized in /var/lib/mysql already, nothing is done.
Aug 29 13:43:14 motodo.central.localdomain mariadb-prepare-db-dir[13949]: If this is not the case, make sure the /var/lib/mysql is empty before running mariadb-prepare-db-dir.
Aug 29 13:43:14 motodo.central.localdomain mysqld_safe[13981]: 180829 13:43:14 mysqld_safe Logging to ‘/var/log/mariadb/mariadb.log’.
Aug 29 13:43:14 motodo.central.localdomain mysqld_safe[13981]: 180829 13:43:14 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Aug 29 13:43:16 motodo.central.localdomain systemd[1]: Started MariaDB database server.
this is the result to see mysql status
I use ocsinventory and it was the same error but I dont use that from outside