Closed MarioRL0 closed 1 year ago
doomedraven
commented
1 year ago hey, you need to use nginx to integrate that properly, follow documentation for that https://capev2.readthedocs.io/en/latest/usage/interactive_desktop.html?highlight=interactive
doomedraven
commented
1 year ago also do a git pull as Enzok fixed one thing
MarioRL0
commented
1 year ago Thanks, I will try it!
MarioRL0
commented
1 year ago Hey, I have used NGINX as a proxy to access the guac-web.service and cape-web.service. However, when I access the Remote session tab, the wait.html page appears, and when the virtual machine is booted, the index.html page appears completely blank. I have tried to find the error by starting the machine and accessing the link with the ID generated by the documentation script, but no errors are shown in the logs. I have done the git pull also.
Also, when trying to access the web application from the browser, I receive the following error message:
"WebSocket connection to 'ws://MY_SRC_IP/guac/websocket-tunnel/53c1d9c6bfab3d4f?guest_ip=MY_GUEST_IP&vncport=5901&recording_name=0000_53c1d9c6bfab3d4f' failed"
Do you know what could be causing this error?
I have been reading and maybe the ASGI 'lifespan' protocol appears unsupported log on the guac-web.service is the cause, but I have not found any solution yet.
doomedraven
commented
1 year ago @enzok did you try guacamole 1.5.0? i have tried to quickly set it yesterday but it doesn't work, it was working just fine with 1.4.0
enzok
commented
1 year ago yes i have 1.5 installed on two instances
On Mon, May 8, 2023 at 4:10 PM doomedraven @.***> wrote:
@enzok https://github.com/enzok did you try guacamole 1.5.0? i have tried to quickly set it yesterday but it doesn't work, it was working just fine with 1.4.0
— Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/1508#issuecomment-1538980290, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB3X3YD476K2AYJIPB5IF6DXFFHJ5ANCNFSM6AAAAAAXXQYFYE . You are receiving this because you were mentioned.Message ID: @.***>
-- Lorenzo
“Happiness is not the absence of problems, but the ability to deal with them." - Albert Einstein
enzok
commented
1 year ago actually - i just checked and it looks like 1.4 is running even though i thought i updated
enzok
commented
1 year ago although it is running 1.5 on the other instance
enzok
commented
1 year ago upgraded the other instance to 1.5 and it is running fine
enzok
commented
1 year ago @MarioRL0 try running developer tools and check the javascript console - it may give more details
doomedraven
commented
1 year ago also ensure that your graphic is set to VNC and not to spice
MarioRL0
commented
1 year ago @doomedraven I have my VNC display configure as it is shown in the image, but I still having a Spice display, because I can't delete it. Could this be the problem source?
enzok
commented
1 year ago try without a password, to rule that out. verify you can connect to the vnc ports with a vnc viewer. just make sure the viewer is running after you test or it will prevent other connections.
doomedraven
commented
1 year ago yes can be a problem,
xml. oneliner something like <sound spicevm. Remove that whole line and search for graphics(don't remember exact field out of memory) or spicevm again and replace it with vncthe best is to configure this properly when you creating the VM
MarioRL0
commented
1 year ago @doomedraven I have followed all the steps that you told me, however, the issue still persists and I am unable to use the VM from the browser. @enzok I also checked whether I was able to connect through VNC using Remmina, and I was able to successfully connect to my VM. Perhaps I should create my VM from scratch?
doomedraven
commented
1 year ago nah you don't need to create another vm. Some other spanish guys working on this issue and they had the same white screen but they got a bit futher, so try on your own or wait till someone else solve that. i don't use this feature, neither sadly have spare time right now to investigate
MarioRL0
commented
1 year ago I will try and let you know if I am able to resolve the issue. Thank you for trying to help.
enzok
commented
1 year ago did you see any messages on the console in dev tools?
enzok
commented
1 year ago you can also run guacd from the command line instead of as running the service, use -L debug args and see if that gives you more clues
that white screen usually means that guacd traffic isn't getting proxied by nginx websocket properly -
you can increase logging for nginx as well
MarioRL0
commented
1 year ago Using the console in the DevTools, I received the following error message
(WebSocket connection to 'ws://192.168.100.52/guac/websocket-tunnel/53c1d9c6bfab3d4f?guest_ip=192.168.50.91&vncport=5900&recording_name=0000_53c1d9c6bfab3d4f' failed:
connect @ guacamole-1.4.0-all.min.js:148 on line)This error is related to the following section of code in the guacamole-1.4.0-all.min.js file
this.connect = function(f) {
a();
c.setState(Guacamole.Tunnel.State.CONNECTING);
e = new WebSocket(b + "?" + f,"guacamole"); <--- this line
e.onopen = function(b) {
a();
m = setInterval(function() {
c.sendMessage(Guacamole.Tunnel.INTERNAL_DATA_OPCODE, "ping", (new Date).getTime())
}, 500)
}
;I will attempt to debug guacd since I do not believe that NGINX is the cause of the issue. I have already tried using it without NGINX by binding an address on guac-web.service, but it still isn't working.
doomedraven
commented
1 year ago enable debug in web/web/local_settings.py you can copy variable from settings.py and put it in local_settings.py with set to True maybe that will tell you why it returns error 500
enzok
commented
1 year ago do you see the connection attempt in guacd log? should look something like this
May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: Creating new client for protocol "vnc" May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: guacd[1801771]: INFO:#011Creating new client for protocol "vnc" May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: guacd[1801771]: INFO:#011Connection ID is "$caae0f93-86df-416f-b246-d6dc35b80140" May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: Connection ID is "$caae0f93-86df-416f-b246-d6dc35b80140" May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: Cursor rendering: local May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: guacd[1831075]: INFO:#011Cursor rendering: local May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: guacd[1831075]: INFO:#011User "@17471ec3-0093-4f00-b0ea-ff152540361e" joined connection "$caae0f93-86df-416f-b246-d6dc35b80140" (1 users now present) May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: User "@17471ec3-0093-4f00-b0ea-ff152540361e" joined connection "$caae0f93-86df-416f-b246-d6dc35b80140" (1 users now present)
enzok
commented
1 year ago https://chrome.google.com/webstore/detail/websocket-test-client/fgponpodhbmadfljofbimhhlengambbn
you can use this to test the websocket
MarioRL0
commented
1 year ago do you see the connection attempt in guacd log? should look something like this
May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: Creating new client for protocol "vnc" May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: guacd[1801771]: INFO:#011Creating new client for protocol "vnc" May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: guacd[1801771]: INFO:#011Connection ID is "$caae0f93-86df-416f-b246-d6dc35b80140" May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: Connection ID is "$caae0f93-86df-416f-b246-d6dc35b80140" May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: Cursor rendering: local May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: guacd[1831075]: INFO:#011Cursor rendering: local May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: guacd[1831075]: INFO:#011User "@17471ec3-0093-4f00-b0ea-ff152540361e" joined connection "$caae0f93-86df-416f-b246-d6dc35b80140" (1 users now present) May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: User "@17471ec3-0093-4f00-b0ea-ff152540361e" joined connection "$caae0f93-86df-416f-b246-d6dc35b80140" (1 users now present)
Using the web and test web-socket (ws://192.168.100.52/guac/websocket-tunnel/53c1d9c6bfab3d4f?guest_ip=192.168.50.121&vncport=5900&recording_name=0000_53c1d9c6bfab3d4f) I don't find any connection attempts in the guacd log. It seems as though the connection to guacd.service don't even initialize.
May 10 14:26:41 userv guacd[329002]: Guacamole proxy daemon (guacd) version 1.5.0 started
May 10 14:26:41 userv guacd[329002]: guacd[329002]: INFO: Guacamole proxy daemon (guacd) version 1.5.0 started
May 10 14:26:41 userv guacd[329002]: guacd[329002]: INFO: Listening on host 127.0.0.1, port 4822
May 10 14:26:41 userv guacd[329002]: Listening on host 127.0.0.1, port 4822
But if I test the web-socket, specifying the web port (ws://192.168.100.52:8000/guac/websocket-tunnel/53c1d9c6bfab3d4f?guest_ip=192.168.50.121&vncport=5900&recording_name=0000_53c1d9c6bfab3d4f). I connection attempts on guacd.service:
May 10 15:48:59 userv guacd[359647]: guacd[359647]: INFO: Listening on host 127.0.0.1, port 4822
May 10 15:49:38 userv guacd[359647]: Creating new client for protocol "vnc"
May 10 15:49:38 userv guacd[359647]: guacd[359647]: INFO: Creating new client for protocol "vnc"
May 10 15:49:38 userv guacd[359647]: guacd[359647]: INFO: Connection ID is "$0303440c-2009-411a-9448-196a963a97eb"
May 10 15:49:38 userv guacd[359647]: Connection ID is "$0303440c-2009-411a-9448-196a963a97eb"
May 10 15:49:38 userv guacd[359885]: Cursor rendering: local
May 10 15:49:38 userv guacd[359885]: guacd[359885]: INFO: Cursor rendering: local
May 10 15:49:38 userv guacd[359885]: guacd[359885]: INFO: User "@3b182083-b713-47a1-945e-592f2c2f25da" joined connection "$0303440c-2009-411a-9448-196a963a97eb" (1 users now present)
May 10 15:49:38 userv guacd[359885]: User "@3b182083-b713-47a1-945e-592f2c2f25da" joined connection "$0303440c-2009-411a-9448-196a963a97eb" (1 users now present)
May 10 15:49:38 userv guacd[359885]: VNC server supports protocol version 3.8 (viewer 3.8)
May 10 15:49:38 userv guacd[359885]: We have 1 security types to read
May 10 15:49:38 userv guacd[359885]: 0) Received security type 1
May 10 15:49:38 userv guacd[359885]: Selecting security type 1 (0/1 in the list)
May 10 15:49:38 userv guacd[359885]: Selected Security Scheme 1
May 10 15:49:38 userv guacd[359885]: No authentication needed
May 10 15:49:38 userv guacd[359885]: VNC authentication succeeded
May 10 15:49:38 userv guacd[359885]: Desktop name "QEMU (win10)"
May 10 15:49:38 userv guacd[359885]: Connected to VNC server, using protocol version 3.8
May 10 15:49:38 userv guacd[359885]: VNC server default format:
May 10 15:49:38 userv guacd[359885]: 32 bits per pixel.
May 10 15:49:38 userv guacd[359885]: Least significant byte first in each pixel.
May 10 15:49:38 userv guacd[359885]: TRUE colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0
May 10 15:49:38 userv guacd[359885]: Creation of recording failed: Permission denied
May 10 15:49:38 userv guacd[359885]: guacd[359885]: ERROR: Creation of recording failed: Permission denied
May 10 15:49:53 userv guacd[359885]: User is not responding.
May 10 15:49:53 userv guacd[359885]: guacd[359885]: ERROR: User is not responding.
May 10 15:49:53 userv guacd[359885]: guacd[359885]: INFO: User "@3b182083-b713-47a1-945e-592f2c2f25da" disconnected (0 users remain)
May 10 15:49:53 userv guacd[359885]: guacd[359885]: INFO: Last user of connection "$0303440c-2009-411a-9448-196a963a97eb" disconnected
May 10 15:49:53 userv guacd[359885]: User "@3b182083-b713-47a1-945e-592f2c2f25da" disconnected (0 users remain)
May 10 15:49:53 userv guacd[359885]: Last user of connection "$0303440c-2009-411a-9448-196a963a97eb" disconnected
May 10 15:49:53 userv guacd[359885]: Internal VNC client disconnected
May 10 15:49:53 userv guacd[359885]: guacd[359885]: INFO: Internal VNC client disconnected
May 10 15:49:53 userv guacd[359647]: Connection "$0303440c-2009-411a-9448-196a963a97eb" removed.
May 10 15:49:53 userv guacd[359647]: guacd[359647]: INFO: Connection "$0303440c-2009-411a-9448-196a963a97eb" removed.
dgsecnet
commented
1 year ago Hello,
I'm the other spanish guy looking for a solution of the interactive session in cape.
In my case digging into de guacd logs the following error is shown:
guacd[613283]: INFO: Creating new client for protocol "vnc" guacd[613283]: INFO: Connection ID is "$52a6f714-9dcc-43b5-9124-22b2fef7c55c" guacd[614881]: DEBUG: Processing instruction: size guacd[614881]: DEBUG: Processing instruction: audio guacd[614881]: DEBUG: Processing instruction: video guacd[614881]: DEBUG: Processing instruction: image guacd[614881]: INFO: Cursor rendering: local guacd[614881]: DEBUG: Parameter "swap-red-blue" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "read-only" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "color-depth" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "force-lossless" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "dest-port" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "encodings" omitted. Using default value of "zrle ultra copyrect hextile zlib corre rre raw". guacd[614881]: DEBUG: Parameter "autoretry" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "reverse-connect" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "listen-timeout" omitted. Using default value of 5000. guacd[614881]: DEBUG: Parameter "enable-audio" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "enable-sftp" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "sftp-hostname" omitted. Using default value of "localhost". guacd[614881]: DEBUG: Parameter "sftp-port" omitted. Using default value of "22". guacd[614881]: DEBUG: Parameter "sftp-username" omitted. Using default value of "". guacd[614881]: DEBUG: Parameter "sftp-password" omitted. Using default value of "". guacd[614881]: DEBUG: Parameter "sftp-passphrase" omitted. Using default value of "". guacd[614881]: DEBUG: Parameter "sftp-root-directory" omitted. Using default value of "/". guacd[614881]: DEBUG: Parameter "sftp-server-alive-interval" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "sftp-disable-download" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "sftp-disable-upload" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "recording-exclude-output" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "recording-exclude-mouse" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "recording-include-keys" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "create-recording-path" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "disable-copy" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "disable-paste" omitted. Using default value of 0. guacd[614881]: DEBUG: Parameter "wol-send-packet" omitted. Using default value of 0. guacd[614881]: INFO: User "@15d1198d-470f-4751-975a-4026b9fe80d0" joined connection "$52a6f714-9dcc-43b5-9124-22b2fef7c55c" (1 users now present) guacd[614881]: DEBUG: Client has not defined its protocol version. guacd[614881]: ERROR: Unable to connect to VNC server. guacd[614881]: ERROR: User is not responding. guacd[614881]: INFO: User "@15d1198d-470f-4751-975a-4026b9fe80d0" disconnected (0 users remain) guacd[614881]: INFO: Last user of connection "$52a6f714-9dcc-43b5-9124-22b2fef7c55c" disconnected guacd[614881]: DEBUG: Requesting termination of client... guacd[614881]: DEBUG: Client terminated successfully. guacd[613283]: INFO: Connection "$52a6f714-9dcc-43b5-9124-22b2fef7c55c" removed
this connection is made with the chrome extension
doomedraven
commented
1 year ago Sound like you just need to add port to nginx?
El mié, 10 may 2023 17:56, Mario Romeo Lázaro @.***> escribió:
do you see the connection attempt in guacd log? should look something like this
May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: Creating new client for protocol "vnc" May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: guacd[1801771]: INFO:#011Creating new client for protocol "vnc" May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: guacd[1801771]: INFO:#011Connection ID is "$caae0f93-86df-416f-b246-d6dc35b80140" May 10 14:41:17 cfc-cuckoo01 guacd[1801771]: Connection ID is "$caae0f93-86df-416f-b246-d6dc35b80140" May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: Cursor rendering: local May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: guacd[1831075]: INFO:#011Cursor rendering: local May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: guacd[1831075]: INFO:#011User @." joined connection "$caae0f93-86df-416f-b246-d6dc35b80140" (1 users now present) May 10 14:41:17 cfc-cuckoo01 guacd[1831075]: User @." joined connection "$caae0f93-86df-416f-b246-d6dc35b80140" (1 users now present)
Using the web and test web-socket (ws:// 192.168.100.52/guac/websocket-tunnel/53c1d9c6bfab3d4f?guest_ip=192.168.50.121&vncport=5900&recording_name=0000_53c1d9c6bfab3d4f) I don't find any connection attempts in the guacd log. It seems as though the connection to guacd.service don't even initialize.
May 10 14:26:41 userv guacd[329002]: Guacamole proxy daemon (guacd) version 1.5.0 started May 10 14:26:41 userv guacd[329002]: guacd[329002]: INFO: Guacamole proxy daemon (guacd) version 1.5.0 started May 10 14:26:41 userv guacd[329002]: guacd[329002]: INFO: Listening on host 127.0.0.1, port 4822 May 10 14:26:41 userv guacd[329002]: Listening on host 127.0.0.1, port 4822
But if I test the web-socket, specifying the web port (ws:// 192.168.100.52:8000/guac/websocket-tunnel/53c1d9c6bfab3d4f?guest_ip=192.168.50.121&vncport=5900&recording_name=0000_53c1d9c6bfab3d4f). I connection attempts on guacd.service:
May 10 15:48:59 userv guacd[359647]: guacd[359647]: INFO: Listening on host 127.0.0.1, port 4822 May 10 15:49:38 userv guacd[359647]: Creating new client for protocol "vnc" May 10 15:49:38 userv guacd[359647]: guacd[359647]: INFO: Creating new client for protocol "vnc" May 10 15:49:38 userv guacd[359647]: guacd[359647]: INFO: Connection ID is "$0303440c-2009-411a-9448-196a963a97eb" May 10 15:49:38 userv guacd[359647]: Connection ID is "$0303440c-2009-411a-9448-196a963a97eb" May 10 15:49:38 userv guacd[359885]: Cursor rendering: local May 10 15:49:38 userv guacd[359885]: guacd[359885]: INFO: Cursor rendering: local May 10 15:49:38 userv guacd[359885]: guacd[359885]: INFO: User @." joined connection "$0303440c-2009-411a-9448-196a963a97eb" (1 users now present) May 10 15:49:38 userv guacd[359885]: User @." joined connection "$0303440c-2009-411a-9448-196a963a97eb" (1 users now present) May 10 15:49:38 userv guacd[359885]: VNC server supports protocol version 3.8 (viewer 3.8) May 10 15:49:38 userv guacd[359885]: We have 1 security types to read May 10 15:49:38 userv guacd[359885]: 0) Received security type 1 May 10 15:49:38 userv guacd[359885]: Selecting security type 1 (0/1 in the list) May 10 15:49:38 userv guacd[359885]: Selected Security Scheme 1 May 10 15:49:38 userv guacd[359885]: No authentication needed May 10 15:49:38 userv guacd[359885]: VNC authentication succeeded May 10 15:49:38 userv guacd[359885]: Desktop name "QEMU (win10)" May 10 15:49:38 userv guacd[359885]: Connected to VNC server, using protocol version 3.8 May 10 15:49:38 userv guacd[359885]: VNC server default format: May 10 15:49:38 userv guacd[359885]: 32 bits per pixel. May 10 15:49:38 userv guacd[359885]: Least significant byte first in each pixel. May 10 15:49:38 userv guacd[359885]: TRUE colour: max red 255 green 255 blue 255, shift red 16 green 8 blue 0 May 10 15:49:38 userv guacd[359885]: Creation of recording failed: Permission denied May 10 15:49:38 userv guacd[359885]: guacd[359885]: ERROR: Creation of recording failed: Permission denied May 10 15:49:53 userv guacd[359885]: User is not responding. May 10 15:49:53 userv guacd[359885]: guacd[359885]: ERROR: User is not responding. May 10 15:49:53 userv guacd[359885]: guacd[359885]: INFO: User @." disconnected (0 users remain) May 10 15:49:53 userv guacd[359885]: guacd[359885]: INFO: Last user of connection "$0303440c-2009-411a-9448-196a963a97eb" disconnected May 10 15:49:53 userv guacd[359885]: User @." disconnected (0 users remain) May 10 15:49:53 userv guacd[359885]: Last user of connection "$0303440c-2009-411a-9448-196a963a97eb" disconnected May 10 15:49:53 userv guacd[359885]: Internal VNC client disconnected May 10 15:49:53 userv guacd[359885]: guacd[359885]: INFO: Internal VNC client disconnected May 10 15:49:53 userv guacd[359647]: Connection "$0303440c-2009-411a-9448-196a963a97eb" removed. May 10 15:49:53 userv guacd[359647]: guacd[359647]: INFO: Connection "$0303440c-2009-411a-9448-196a963a97eb" removed.
— Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/1508#issuecomment-1542446281, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH36K25V6L2FBGJLF2V3XFO3EDANCNFSM6AAAAAAXXQYFYE . You are receiving this because you were mentioned.Message ID: @.***>
dgsecnet
commented
1 year ago I think that in the case of @MarioRL0 there is a permission problem:
May 10 15:49:38 userv guacd[359885]: Creation of recording failed: Permission denied May 10 15:49:38 userv guacd[359885]: guacd[359885]: ERROR: Creation of recording failed: Permission denied
enzok
commented
1 year ago can you share the websocket settings for your nginx config?
I think maybe you're proxying to the wrong port
that permission denied error for recordings is related to the account that guacd is starting with
MarioRL0
commented
1 year ago @doomedraven @enzok On nginx I just follow the documentation template:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream nodeserver1 {
# CAPE
server 127.0.0.1:8000;
}
upstream nodeserver2 {
# guac-session
server 127.0.0.1:8008;
}
server {
listen 192.168.153.5:8000;
client_max_body_size 1g;
location / {
proxy_pass http://nodeserver1;
proxy_set_header Host $http_host;
proxy_set_header X-Remote-User $remote_user;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /static/ {
alias /opt/CAPEv2/web/static/;
}
location /guac {
proxy_pass http://nodeserver2;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
client_max_body_size 1g;
}
location /guac/playback/recfile {
alias /var/www/guacrecordings/;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream nodeserver1 {
# CAPE
server 127.0.0.1:8000;
}
upstream nodeserver2 {
# guac-session
server 127.0.0.1:8008;
}
server {
listen 80;
server_name _;
return 404;
}
server {
listen 443;
server_name _;
return 404;
}
server {
# SSL best practices from https://mozilla.github.io/server-side-tls/ssl-config-generator/
listen <INTERNAL_IP>:443 ssl http2 default_server;
ssl_certificate /etc/nginx/ssl/cape.crt;
ssl_certificate_key /etc/nginx/ssl/cape.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
add_header Strict-Transport-Security "max-age=31536000" always;
client_max_body_size 101M;
# Uncomment this next line if you are using a signed, trusted cert
#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
#add_header X-Frame-Options SAMEORIGIN;
#add_header X-Content-Type-Options nosniff;
#root /usr/share/nginx/html;
#index index.html index.htm;
#client_max_body_size 101M;
#auth_basic "Login required";
#auth_basic_user_file /etc/nginx/htpasswd;
location / {
proxy_pass http://nodeserver1;
#client_max_body_size 32M;
#client_body_buffer_size 512k;
proxy_send_timeout 90;
proxy_read_timeout 300;
proxy_buffers 32 4k;
proxy_connect_timeout 90;
proxy_set_header Host $http_host;
proxy_set_header X-Remote-User $remote_user;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /static/ {
alias /opt/CAPEv2/web/static/;
}
location /guac {
proxy_pass http://nodeserver2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
}
location /guac/playback/recfile {
alias /var/www/guacrecordings/;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
}
server {
listen <INTERNAL_IP>:80;
return 301 https://$server_name$request_uri;
}from your post -> ws://192.168.100.52:8000 that shouldn't have connected
what does your guac-web.service look like?
enzok
commented
1 year ago guac-web should be running on 8008
enzok
commented
1 year ago is that service running? what do you see from the following: journalctl -u guac-web
MarioRL0
commented
1 year ago from your post -> ws://192.168.100.52:8000 that shouldn't have connected
what does your guac-web.service look like?
When I test the web-sock it looks like this, but when I connect from the web there aren't logs:
May 10 16:16:39 userv poetry[369493]: Client connected with guacd server (localhost, 4822, 20)
May 10 16:16:39 userv poetry[369493]: INFO:guacamole:Client connected with guacd server (localhost, 4822, 20)
May 10 16:16:39 userv poetry[369493]: [2023-05-10 16:16:39 +0000] [369493] [INFO] ('192.168.100.250', 0) - "WebSocket /guac/websocket-tunnel/53c1d9c6bfab3d4f" [accepted]
May 10 16:16:39 userv poetry[369493]: [2023-05-10 16:16:39 +0000] [369493] [INFO] connection open
May 10 16:16:39 userv poetry[369493]: [2023-05-10 16:16:39 +0000] [369493] [INFO] connection closed
May 10 16:16:39 userv poetry[369493]: Connection closed.
May 10 16:16:39 userv poetry[369493]: INFO:guacamole:Connection closed.
guac-web should be running on 8008
It is running on localhost:8008
enzok
commented
1 year ago stop the service and run from command line
cd /opt/CAPEv2/web poetry run python3 manage.py runserver --settings=web.guac_settings localhost:8008
this should give you better logging
enzok
commented
1 year ago if you're using the websocket extension, you need to specify the port (8008)
also make sure you have allowed the traffic to virbr interface
enzok
commented
1 year ago for that permissions issue on the recording file, make sure you don't have a guacd.conf file anywhere in /etc
I seem to remember that being an issue
MarioRL0
commented
1 year ago I think the issue is that the web interface is not specifying the port to use for the socket-web. When connecting from the web interface, I don't see any logs in the guacd and guac-web services, and the connection that gives an error is the following: ws://SERVER_IP/guac/websocket-tunnel/53c1d9c6bfab3d4f?guest_ip=192.168.50.121&vncport=5900&recording_name=0000_53c1d9c6bfab3d4f. However, when I test the connection using the extension recommended by @enzok and specifying the web socket with my web port ws://SERVER_IP:8000/guac/websocket-tunnel/53c1d9c6bfab3d4f?guest_ip=192.168.50.121&vncport=5900&recording_name=0000_53c1d9c6bfab3d4f, I do get connection logs in the guacd and guac-web services. I don't believe the issue is with NGINX since the configuration matches that of @enzok.
Also I don't have a guacd.conf file in /etc:
root@userver:~$ find / -type f -name "*guacd.conf*"
/tmp/guacamole-1.5.0_builded/usr/local/share/man/man5/guacd.conf.5
/tmp/guac-build/guacamole-server-1.5.0/src/guacd/man/guacd.conf.5.in
/tmp/guac-build/guacamole-server-1.5.0/src/guacd/man/guacd.conf.5
/usr/local/share/man/man5/guacd.conf.5Guac-web is not listening on 8000 and won't serve the session. Nginx will proxy to localhost:8008/guac if its working properly.
MarioRL0
commented
1 year ago I understand that Guac-web is listening on port 8008 on the localhost, but I opened a session on port 8000 because I configured NGINX to proxy it to port 8008, isn't that correct?
enzok
commented
1 year ago No. It's based on the path /guac goes to 8008 over and / goes to 8000.
On Wed, May 10, 2023 at 1:26 PM Mario Romeo Lázaro @.***> wrote:
I understand that Guac-web is listening on port 8008 on the localhost, but I opened a session on port 8000 because I configured NGINX to proxy it to port 8008, isn't that correct?
— Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/1508#issuecomment-1542562053, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB3X3YFWOV4R6AZFGJS3WFLXFPFVRANCNFSM6AAAAAAXXQYFYE . You are receiving this because you were mentioned.Message ID: @.***>
MarioRL0
commented
1 year ago Sorry, I didn't explain myself properly. I have nginx translating MYSERVER_IP:8000 to localhost:8000 for / and to localhost:8008 for /guac. I use port 8000 with two IPs --> MYSERVER_IP and localhost.
What I meant to say is that when I make a connection to MYSERVER_IP:8000/guac, it seems that the web socket is not being opened (I say this because of the absence of logs), while when I use the web socket extension, a connection is established. It could be that the browser is blocking the web socket connection that is being attempted to be opened from MYSERVER_IP:8000/guac (I have tried with Edge and Mozilla and it doesn't work on either).
No. It's based on the path /guac goes to 8008 over and / goes to 8000. On Wed, May 10, 2023 at 1:26 PM Mario Romeo Lázaro @.> wrote: I understand that Guac-web is listening on port 8008 on the localhost, but I opened a session on port 8000 because I configured NGINX to proxy it to port 8008, isn't that correct? — Reply to this email directly, view it on GitHub <#1508 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB3X3YFWOV4R6AZFGJS3WFLXFPFVRANCNFSM6AAAAAAXXQYFYE . You are receiving this because you were mentioned.Message ID: @.> -- Lorenzo “Happiness is not the absence of problems, but the ability to deal with them." - Albert Einstein
enzok
commented
1 year ago Set the nginx error log to debug and see if there's anything there.
I would tackle it like so:
I would also try changing cape-web service to 8001 so it's not the same as your external port, and make sure that the servers are listening on the specific IP and not on 0.0.0.0
MarioRL0
commented
1 year ago I no longer have a blank screen and can use the interactive session. The problem was that from the web interface, a web-socket was opened to port 80 of the server, and as I had configured this port in the NGINX proxy I use without specifying it, no response was obtained. I just had to change the configuration on the nginx port 80 and it works:
server {
listen 80
server_name _;
location / {
try_files $uri $uri/ =404;
}
location /guac {
proxy_pass http://nodeserver2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
client_max_body_size 1g;
}
location /guac/playback/recfile {
alias /var/www/guacrecordings/;
autoindex on;
autoindex_exact_size off;
autoindex_localtime on;
}
}It still logging this error, but I just want to interact with the sandbox meanwhile the analysis was being done.
May 11 13:24:29 userv guacd[438596]: Creation of recording failed: Permission denied
May 11 13:24:29 userv guacd[438596]: guacd[438596]: ERROR: Creation of recording failed: Permission deniedThanks @enzok @doomedraven !
doomedraven
commented
1 year ago Oh is what i was thinking, permission is probably about save recordings?
El jue, 11 may 2023 15:38, Mario Romeo Lázaro @.***> escribió:
I no longer have a blank screen and can use the interactive session. The problem was that from the web interface, a web-socket was opened to port 80 of the server, and as I had configured this port in the NGINX proxy I use without specifying it, no response was obtained. I just had to change the configuration on the nginx port 80 and it works:
server { listen 80 servername ;
location / { try_files $uri $uri/ =404; } location /guac { proxy_pass http://nodeserver2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; client_max_body_size 1g; } location /guac/playback/recfile { alias /var/www/guacrecordings/; autoindex on; autoindex_exact_size off; autoindex_localtime on; }}
It still logging this error, but I just want to interact with the sandbox meanwhile the analysis was being done.
May 11 13:24:29 userv guacd[438596]: Creation of recording failed: Permission denied May 11 13:24:29 userv guacd[438596]: guacd[438596]: ERROR: Creation of recording failed: Permission denied
Thanks @enzok https://github.com/enzok @doomedraven https://github.com/doomedraven !
— Reply to this email directly, view it on GitHub https://github.com/kevoreilly/CAPEv2/issues/1508#issuecomment-1544023447, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH36SWZZER22WCUE6T5LXFTTWXANCNFSM6AAAAAAXXQYFYE . You are receiving this because you were mentioned.Message ID: @.***>
MarioRL0
commented
1 year ago Oh is what i was thinking, permission is probably about save recordings? El jue, 11 may 2023 15:38, Mario Romeo Lázaro @.> escribió: … I no longer have a blank screen and can use the interactive session. The problem was that from the web interface, a web-socket was opened to port 80 of the server, and as I had configured this port in the NGINX proxy I use without specifying it, no response was obtained. I just had to change the configuration on the nginx port 80 and it works: server { listen 80 servername ; location / { try_files $uri $uri/ =404; } location /guac { proxy_pass http://nodeserver2; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_buffering off; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; client_max_body_size 1g; } location /guac/playback/recfile { alias /var/www/guacrecordings/; autoindex on; autoindex_exact_size off; autoindex_localtime on; } } It still logging this error, but I just want to interact with the sandbox meanwhile the analysis was being done. May 11 13:24:29 userv guacd[438596]: Creation of recording failed: Permission denied May 11 13:24:29 userv guacd[438596]: guacd[438596]: ERROR: Creation of recording failed: Permission denied Thanks @enzok https://github.com/enzok @doomedraven https://github.com/doomedraven ! — Reply to this email directly, view it on GitHub <#1508 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOFH36SWZZER22WCUE6T5LXFTTWXANCNFSM6AAAAAAXXQYFYE . You are receiving this because you were mentioned.Message ID: @.>
I think so
enzok
commented
1 year ago ok so if you would like to use a non-standard server port you can test this:
in guac-main.js:
replace
var prot_map = {
"http:": "ws:",
"https:": "wss:",
}
var terminal_ws_url = prot_map[location.protocol] + '//' + location.hostname;with
var terminal_ws_url = location.origin.replace(/^http(s?):/, function(match, p1) {return (p1 ? 'wss:' : 'ws:');});if this works I can PR it.
doomedraven
commented
1 year ago one important note. at least that happens to me
nginx -V
nginx version: nginx/1.23.4 (nginx-quic-def8e398d7c5)so solution for me is:
sites-enabled, but now i had to put it in config.d/defaultenzok
commented
1 year ago
About accounts on capesandbox.com
This is open source and you are getting free support so be friendly!
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Expected Behavior
Get interactive session working
Current Behavior
Error 404 from the server
Failure Information (for bugs)
Please help provide information about the failure if this is a bug. If it is not a bug, please remove the rest of this template.
Steps to Reproduce
Context
I have activated guacamole on 'web.conf' and followed the steps on the website to use it. However, when I click on the link to the remote session, the server returns a 404 error and there is no log displayed in the guac-web/guacd services. I have CAPE installed on an Ubuntu 22.04 server and am wondering if there is any additional software that needs to be downloaded, which is not included in "./cape2.sh guacamole" command, or if there are any other steps that are not mentioned on the website. The server uses WSGI and I have enabled VNC on my guests. I also checked ALLOWED_HOSTS in web/web/settings.py.
I have attempted to troubleshoot the issue by checking the guacamole logs (but there are no logs :( ) and restarting the guac-web/guacd/cape services, but the problem persists. I am unsure if there is a configuration issue with Guacamole or an underlying problem that is causing the error.
Could someone please provide guidance on how to resolve this issue or suggest any additional steps that need to be taken to configure Guacamole properly on CAPE?
Here is the guacamole web.conf:
Here are the guacd.service and guac-web.service logs:
$ git log \| head -n1to find outFailure Logs
In analysis.log I get "unrecognised key interactive_desktop"