{"id":2729,"date":"2019-04-29T12:18:50","date_gmt":"2019-04-29T09:18:50","guid":{"rendered":"https:\/\/kifarunix.com\/?p=2729"},"modified":"2024-03-11T22:35:35","modified_gmt":"2024-03-11T19:35:35","slug":"configure-guacamole-ssl-tls-with-nginx-reverse-proxy","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/configure-guacamole-ssl-tls-with-nginx-reverse-proxy\/","title":{"rendered":"Configure Guacamole SSL\/TLS with Nginx Reverse Proxy"},"content":{"rendered":"<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1056\" height=\"592\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-ssl.png\" alt=\"\" class=\"wp-image-18541\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-ssl.png?v=1693511878 1056w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-ssl-768x431.png?v=1693511878 768w\" sizes=\"(max-width: 1056px) 100vw, 1056px\" \/><\/figure><\/div>\n\n\n<p>How can I setup Apache Guacamole with HTTPS? Well, this step by step tutorial will guide you on how to configure Guacamole SSL\/TLS with Nginx Reverse Proxy. If you are going to use Guacamole in production environment, then it is highly recommended that it is placed behind a reverse proxy. The proxy can then be configured to provide SSL\/TLS encryption that provides a secured connection.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#configuring-guacamole-ssl-tls-with-nginx-reverse-proxy\">Configuring Guacamole SSL\/TLS with Nginx Reverse Proxy<\/a><ul><li><a href=\"#install-and-setup-apache-guacamole\">Install and Setup Apache Guacamole<\/a><\/li><li><a href=\"#configure-apache-guacamole-to-listen-on-localhost-only\">Configure Apache Guacamole to Listen on Localhost Only<\/a><\/li><li><a href=\"#install-nginx-web-server\">Install Nginx web server<\/a><\/li><li><a href=\"#generate-ssl-tls-self-signed-certificate\">Generate SSL\/TLS Self-signed Certificate<\/a><ul><li><a href=\"#generate-ca-private-key\">Generate CA Private Key<\/a><\/li><li><a href=\"#generate-ca-self-signed-certificate\">Generate CA self-signed certificate<\/a><\/li><li><a href=\"#generate-server-private-key-and-csr\">Generate Server Private Key and CSR<\/a><\/li><li><a href=\"#generate-and-sign-server-certificate\">Generate and Sign Server Certificate<\/a><\/li><\/ul><\/li><li><a href=\"#configure-nginx-with-https-and-guacamole-reverse-proxy\">Configure Nginx with HTTPS and Guacamole Reverse Proxy<\/a><\/li><li><a href=\"#verify-apache-guacamole-https-access\">Verify Apache Guacamole HTTPS Access<\/a><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"configuring-guacamole-ssl-tls-with-nginx-reverse-proxy\">Configuring Guacamole SSL\/TLS with Nginx Reverse Proxy<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-and-setup-apache-guacamole\">Install and Setup Apache Guacamole<\/h3>\n\n\n\n<p>Before you can proceed, ensure that you have setup Guacamole and is up and running. You can check our previous guide on how to setup Guacamole by following the link below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/?s=install+apache+guacamole\" target=\"_blank\" rel=\"noreferrer noopener\">Install and Setup Apache Guacamole<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-apache-guacamole-to-listen-on-localhost-only\">Configure Apache Guacamole to Listen on Localhost Only<\/h3>\n\n\n\n<p>Chances are, your Guacamole is listening on all interfaces including the public addresses.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep :8080<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN 0      100                     *:8080            *:*    users:((\"java\",pid=32027,fd=43))<\/code><\/pre>\n\n\n\n<p>If that is the case, you can configure Apache Tomcat, which is the Apache Guacamole webserver to listen on the loopback address so that it is only accessible on the host.<\/p>\n\n\n\n<p>Thus, Tomcat <strong><code>server.xml<\/code><\/strong> file, for example <strong><code>\/opt\/tomcat9\/conf\/server.xml<\/code><\/strong>;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/opt\/tomcat9\/conf\/server.xml<\/code><\/pre>\n\n\n\n<p>Update the line;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>    &lt;Connector port=\"8080\" protocol=\"HTTP\/1.1\"<\/code><\/pre>\n\n\n\n<p>To;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>    &lt;Connector <strong>address=\"127.0.0.1\"<\/strong> port=\"8080\" protocol=\"HTTP\/1.1\"<\/code><\/pre>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<p>Restart Tomcat;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl restart tomcat9<\/code><\/pre>\n\n\n\n<p>Confirm the ports and interface it is listening on;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ss -altnp | grep :8080<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>LISTEN 0      100    &#91;::ffff:127.0.0.1]:8080            *:*    users:((\"java\",pid=32113,fd=43))<\/code><\/pre>\n\n\n\n<p>Perfect!<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"install-nginx-web-server\">Install Nginx web server<\/h3>\n\n\n\n<p>Nginx can be simply installed using the command below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">apt install nginx<\/pre>\n\n\n\n<p>Enable Nginx to run on system boot. Note that Nginx is set to run automatically after installation.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl enable  nginx<\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl status nginx<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>\u25cf nginx.service - A high performance web server and a reverse proxy server\n     Loaded: loaded (\/lib\/systemd\/system\/nginx.service; enabled; preset: enabled)\n     Active: active (running) since Thu 2023-08-31 15:01:39 EDT; 1min 26s ago\n       Docs: man:nginx(8)\n   Main PID: 31823 (nginx)\n      Tasks: 2 (limit: 2304)\n     Memory: 1.7M\n        CPU: 15ms\n     CGroup: \/system.slice\/nginx.service\n             \u251c\u250031823 \"nginx: master process \/usr\/sbin\/nginx -g daemon on; master_process on;\"\n             \u2514\u250031824 \"nginx: worker process\"\n\nAug 31 15:01:39 debian systemd[1]: Starting nginx.service - A high performance web server and a reverse proxy server...\nAug 31 15:01:39 debian systemd[1]: Started nginx.service - A high performance web server and a reverse proxy server.\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-ssl-tls-self-signed-certificate\">Generate SSL\/TLS Self-signed Certificate<\/h3>\n\n\n\n<p>In this guide, for demonstration purposes, we are going to use self-signed certificates. You can however obtain the trusted CA certificate, otherwise, this will suffice.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-ca-private-key\">Generate CA Private Key<\/h4>\n\n\n\n<p>Run the following OpenSSL command to generate a private key for your CA:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/etc\/ssl\/guacd<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>openssl genpkey -algorithm RSA -out \/etc\/ssl\/guacd\/ca.key<\/code><\/pre>\n\n\n\n<p>The command generates an RSA private key and saves it in the file&nbsp;<code>\/etc\/ssl\/guacd\/ca.key<\/code>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-ca-self-signed-certificate\">Generate CA self-signed certificate<\/h4>\n\n\n\n<p>Once you have the private key, you can now generate the CA self-signed certificate using the command below. When the command runs, you are prompted to provide information about your CA, such as the common name, organization, and location, contact email e.t.c. Common Name, must be provided.<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>openssl req -x509 \\\n\t-new \\\n\t-key \/etc\/ssl\/guacd\/ca.key \\\n\t-days 3650 \\\n\t-out \/etc\/ssl\/guacd\/ca.crt\n<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>You are about to be asked to enter information that will be incorporated\ninto your certificate request.\nWhat you are about to enter is what is called a Distinguished Name or a DN.\nThere are quite a few fields but you can leave some blank\nFor some fields there will be a default value,\nIf you enter '.', the field will be left blank.\n-----\nCountry Name (2 letter code) [AU]:<strong>US<\/strong>\nState or Province Name (full name) [Some-State]:<strong>California<\/strong>\nLocality Name (eg, city) []:<strong>San Francisco<\/strong>\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:<strong>Kifarunix-Demo Inc<\/strong>\nOrganizational Unit Name (eg, section) []:<strong>Infrastracture<\/strong>\nCommon Name (e.g. server FQDN or YOUR name) []:<strong>guacamole.kifarunix-demo.com<\/strong>\nEmail Address []:\n<\/code><\/pre>\n\n\n\n<p>You can provide all these information from the command line using the&nbsp;<strong>-subj&nbsp;<\/strong>option.<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>openssl req -x509 -new \\\n\t-key \/etc\/ssl\/guacd\/ca.key \\\n\t-days 3560 \\\n\t-out \/etc\/ssl\/guacd\/ca.crt \\\n\t-subj \"\/C=US\/ST=California\/L=San Francisco\/O=Kifarunix-Demo Inc\/CN=guacamole.kifarunix-demo.com\/emailAddress=admin@kifarunix-demo.com\"\n<\/code><\/pre>\n\n\n\n<p>Note that it is not recommended to use wildcard CN. Instead, use SAN to define your other domains\/IPs\/wildcards.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-server-private-key-and-csr\">Generate Server Private Key and CSR<\/h4>\n\n\n\n<p>Next, generate the server private key and certificate signing request (CSR).<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>openssl req -new \\\n\t-newkey rsa:4096 \\\n\t-nodes \\\n\t-keyout \/etc\/ssl\/guacd\/server.key \\\n\t-out \/etc\/ssl\/guacd\/server.csr \\\n\t-subj \"\/C=US\/ST=California\/L=San Francisco\/O=Kifarunix-Demo Inc\/CN=guacamole.kifarunix-demo.com\/emailAddress=admin@kifarunix-demo.com\"\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-and-sign-server-certificate\">Generate and Sign Server Certificate<\/h4>\n\n\n\n<p>Now, you need to generate the server certificate using the CSR, the CA cert and private key.<\/p>\n\n\n\n<p>Note that since OpenSSL command doesn\u2019t include the extensions such as Subject Alternative Names on the certificate, you need to provide this information manually.<\/p>\n\n\n\n<p>SAN extension allows you to include additional subject names, such as domain names or IP addresses, in a single certificate, thus allowing a certificate to be valid for multiple entities or alternative names.<\/p>\n\n\n\n<p>So, create a CNF file with your SAN extensions;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>vim \/etc\/ssl\/guacd\/san.cnf<\/code><\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>authorityKeyIdentifier=keyid,issuer\nbasicConstraints=CA:FALSE\nkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment\nsubjectAltName = @alt_names\n\n[alt_names]\nDNS.1=kifarunix-demo.com\nDNS.2=*.kifarunix-demo.com\n<\/code><\/pre>\n\n\n\n<p>then generate and sign the server certificate;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>openssl x509 -req \\\n\t-in \/etc\/ssl\/guacd\/server.csr \\\n\t-CA \/etc\/ssl\/guacd\/ca.crt \\\n\t-CAkey \/etc\/ssl\/guacd\/ca.key \\\n\t-CAcreateserial \\\n\t-out \/etc\/ssl\/guacd\/server.crt \\\n\t-days 3650 \\\n\t-extfile \/etc\/ssl\/guacd\/san.cnf\n<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Certificate request self-signature ok\nsubject=C = US, ST = California, L = San Francisco, O = Kifarunix-Demo Inc, CN = guacamole.kifarunix-demo.com, emailAddress = admin@kifarunix-demo.com<\/code><\/pre>\n\n\n\n<p>So you now have the server, CA certificate and key under <strong><code>\/etc\/ssl\/guacd\/<\/code><\/strong> in PEM format.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-nginx-with-https-and-guacamole-reverse-proxy\">Configure Nginx with HTTPS and Guacamole Reverse Proxy<\/h3>\n\n\n\n<p>Once you have the keys in place, proceed to configure Nginx with HTTPS by using the SSL\/TLS certificates just generated. While at it, also configure Nginx Guacamole reverse proxy.<\/p>\n\n\n\n<p>In this guide, we will use some of the recommendations on the <a aria-label=\"Cipherli.st (opens in a new tab)\" href=\"https:\/\/cipherli.st\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cipherli.st<\/a>. <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">vim \/etc\/nginx\/sites-available\/nginx-guacamole-ssl<\/pre>\n\n\n\n<pre class=\"scroll-box\"><code>server {\n\tlisten 80;\n\tserver_name guacamole.kifarunix-demo.com;\n\treturn 301 https:\/\/$host$request_uri;\n}\nserver {\n\tlisten 443 ssl;\n\tserver_name guacamole.kifarunix-demo.com;\n\n\troot \/var\/www\/html;\n\n\tindex index.html index.htm index.nginx-debian.html;\n    \n    \tssl_certificate \/etc\/ssl\/guacd\/server.crt;\n\tssl_certificate_key \/etc\/ssl\/guacd\/server.key;\n\n\tssl_protocols TLSv1.2 TLSv1.3;\n\tssl_prefer_server_ciphers on; \n\tssl_dhparam \/etc\/nginx\/dhparam.pem;\n\tssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;\n\tssl_ecdh_curve secp384r1;\n\tssl_session_timeout  10m;\n\tssl_session_cache shared:SSL:10m;\n\tresolver 192.168.42.129 8.8.8.8 valid=300s;\n\tresolver_timeout 5s; \n\tadd_header Strict-Transport-Security \"max-age=63072000; includeSubDomains; preload\";\n\tadd_header X-Frame-Options DENY;\n\tadd_header X-Content-Type-Options nosniff;\n\tadd_header X-XSS-Protection \"1; mode=block\";\n\n\taccess_log  \/var\/log\/nginx\/guac_access.log;\n\terror_log  \/var\/log\/nginx\/guac_error.log;\n\n\tlocation \/ {\n\t\t    proxy_pass http:\/\/127.0.0.1:8080\/guacamole\/;\n\t\t    proxy_buffering off;\n\t\t    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n\t\t    proxy_set_header Upgrade $http_upgrade;\n\t\t    proxy_set_header Connection $http_connection;\n\t\t    proxy_cookie_path \/guacamole\/ \/;\n\t}\n\n}\n<\/code><\/pre>\n\n\n\n<p>Save and exit the file.<\/p>\n\n\n\n<p>As you can see, we are proxying access to Apache Guacamole running on the localhost port 8080\/tcp.<\/p>\n\n\n\n<p>The reverse proxy settings used here are;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><code>location \/ { ... }<\/code>:<\/strong> This block specifies that the configuration applies to requests coming to the root URL (e.g., <code>https:\/\/your-domain.com\/<\/code>). The block contains directives that define how Nginx should handle requests to this URL.<\/li>\n\n\n\n<li><strong><code>proxy_pass http:\/\/127.0.0.1:8080\/guacamole\/;<\/code>:<\/strong> This directive sets up a reverse proxy to forward requests to the Guacamole application running on <code>http:\/\/127.0.0.1:8080\/guacamole\/<\/code>. This means that when users access your domain, Nginx will pass the requests to the Guacamole server and send back the responses to clients.<\/li>\n\n\n\n<li><strong><code>proxy_buffering off;<\/code>:<\/strong> This directive disables proxy buffering. It ensures that Nginx forwards data from the Guacamole server to clients in real-time without buffering the data.<\/li>\n\n\n\n<li><strong><code>proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<\/code>:<\/strong> This directive sets the <code>X-Forwarded-For<\/code> header to include the original client&#8217;s IP address. This is useful for passing the client&#8217;s IP address to the backend server.<\/li>\n\n\n\n<li><strong><code>proxy_set_header Upgrade $http_upgrade;<\/code>:<\/strong> This directive sets the <code>Upgrade<\/code> header to match the value of the <code>Upgrade<\/code> header received from the client. It&#8217;s often used for WebSocket connections, as it allows Nginx to handle WebSocket traffic.<\/li>\n\n\n\n<li><strong><code>proxy_set_header Connection $http_connection;<\/code>:<\/strong> This directive sets the <code>Connection<\/code> header to match the value of the <code>Connection<\/code> header received from the client.<\/li>\n\n\n\n<li><strong><code>proxy_cookie_path \/guacamole\/ \/;<\/code>:<\/strong> This directive modifies the path in cookies. It replaces occurrences of <code>\/guacamole\/<\/code> in cookies&#8217; paths with a single <code>\/<\/code>, which ensures that cookies work correctly with the reverse proxy setup.<\/li>\n<\/ul>\n\n\n\n<p>Next, generate Deffie-Hellman certificate to ensure a secured key exchange. The <a aria-label=\"-dsaparam (opens in a new tab)\" href=\"https:\/\/security.stackexchange.com\/questions\/95178\/diffie-hellman-parameters-still-calculating-after-24-hours\" target=\"_blank\" rel=\"noreferrer noopener\">-dsaparam<\/a> option in the command below is added to speed up the generation.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">openssl dhparam -dsaparam -out \/etc\/nginx\/dhparam.pem 4096<\/pre>\n\n\n\n<p>Once that is done, activate Nginx Guacamole configuration.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">ln -s \/etc\/nginx\/sites-available\/nginx-guacamole-ssl \/etc\/nginx\/sites-enabled\/<\/pre>\n\n\n\n<p>Verify Nginx configuration.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><code>nginx -t<\/code><\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\">nginx: the configuration file \/etc\/nginx\/nginx.conf syntax is ok\nnginx: configuration file \/etc\/nginx\/nginx.conf test is successful<\/pre>\n\n\n\n<p>Restart Nginx if all is good.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart nginx<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"verify-apache-guacamole-https-access\">Verify Apache Guacamole HTTPS Access<\/h3>\n\n\n\n<p>Now, login to Guacamole Dashboard using the URL <strong>https:\/\/server-hostname<\/strong>. You will see a browser warning against the use of self-signed SSL certificates. Add an exception and proceed.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-ssl-tls-https.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1403\" height=\"757\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-ssl-tls-https.png\" alt=\"\" class=\"wp-image-18539\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-ssl-tls-https.png?v=1693511040 1403w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-ssl-tls-https-768x414.png?v=1693511040 768w\" sizes=\"(max-width: 1403px) 100vw, 1403px\" \/><\/a><\/figure>\n\n\n\n<p>Login to your Guacamole.<\/p>\n\n\n\n<p>Guacamole dashboard.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-dash.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1462\" height=\"458\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-dash.png\" alt=\"\" class=\"wp-image-18540\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-dash.png?v=1693511107 1462w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/guacamole-dash-768x241.png?v=1693511107 768w\" sizes=\"(max-width: 1462px) 100vw, 1462px\" \/><\/a><\/figure>\n\n\n\n<p>Sample access to remote systems via Guacamole with HTTPS;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1467\" height=\"658\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/apache-guacamole-ssh.png\" alt=\"Configure Guacamole SSL\/TLS with Nginx Reverse Proxy\" class=\"wp-image-18542\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/apache-guacamole-ssh.png?v=1693512134 1467w, https:\/\/kifarunix.com\/wp-content\/uploads\/2023\/08\/apache-guacamole-ssh-768x344.png?v=1693512134 768w\" sizes=\"(max-width: 1467px) 100vw, 1467px\" \/><\/figure>\n\n\n\n<p>You can read more about Proxying Guacamole <a aria-label=\"here (opens in a new tab)\" href=\"https:\/\/guacamole.apache.org\/doc\/gug\/proxying-guacamole.html#preparing-servlet-container\" target=\"_blank\" rel=\"noreferrer noopener\">here<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p>Hey, you can also check our previous articles on Elasticsearch by following the links below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-apache-kafka-ssl-tls-encryption\/\" target=\"_blank\" rel=\"noreferrer noopener\">Quick Guide: Configure Apache Kafka SSL\/TLS Encryption for Enhanced Security<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/check-ssl-certificate-expiry-date-from-certificate-file\/\" target=\"_blank\" rel=\"noreferrer noopener\">Check SSL Certificate Expiry Date from Certificate File<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>How can I setup Apache Guacamole with HTTPS? Well, this step by step tutorial will guide you on how to configure Guacamole SSL\/TLS with Nginx<\/p>\n","protected":false},"author":1,"featured_media":18541,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[34,917,121,214,1187],"tags":[7213,7214,215,914,916,915],"class_list":["post-2729","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-guacamole","category-howtos","category-remote-desktop","category-ssl-tls","tag-apache-guacamole-http","tag-apache-guacamole-https","tag-guacamole","tag-guacamole-ssl","tag-nginx-reverse-proxy","tag-nginx-ssl","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2729"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=2729"}],"version-history":[{"count":8,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2729\/revisions"}],"predecessor-version":[{"id":21138,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/2729\/revisions\/21138"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/18541"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=2729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=2729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=2729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}