1

Total nginx noob here. I've scoured the internet and all the instructions and examples I find are for more complex use cases than I have.

What I'm trying to do:

Proxy http://BAREIP/guacamole/ to respond as if http://BAREIP:8080/guacamole/ was in the address bar, but so that the request goes to the server entirely on port 80.

Background: Trying to set up some training servers for a short-term class, which will be torn down at the end of the day. No domain, no need for SSL or anything. Need to be able to expose an RDP interface for the class for students that are on a corporate locked down network so they only have (for sure) ports 80 and 443 open to the internet. I have the guacamole part set up perfectly and working well over 8080. But we can't be sure 8080 is open so we want to use port 80. (it's amazing for this use case with MySQL authentication) but I'm struggling with the nginx part. I have not done any AJP stuff.

What my nginx.conf file looks like:

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        # server_tokens off;

        # server_names_hash_bucket_size 64;
        # server_name_in_redirect off;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_disable "msie6";

        # gzip_vary on;
        # gzip_proxied any;
        # gzip_comp_level 6;
        # gzip_buffers 16 8k;
        # gzip_http_version 1.1;
        # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;

        server{
                location /guacamole/ {
                    proxy_pass http://localhost:8080/guacamole/;
                    proxy_buffering off;
                    proxy_http_version 1.1;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection $http_connection;
                    proxy_cookie_path /guacamole/ /;
                    access_log off;
                }
        }
}

What's happening:

When I go to http://BAREIP/guacamole/ , I get 404 not found. When I go to http://BAREIP/, I get the generic "nginx is on" page. When I go to http://BAREIP:8080/guacamole/ I get the guacamole log in page, and when I go to http://BAREIP:8080/ I get the generic "tomcat is on" page.

What step am I missing to make this proxying work?

Thanks.

Except of access.log:

MY_IP - - [05/Feb/2017:03:08:33 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
MY_IP - - [05/Feb/2017:03:08:50 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
MY_IP - - [05/Feb/2017:03:08:54 +0000] "GET /guacamole HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
MY_IP - - [05/Feb/2017:03:08:57 +0000] "GET /guacamole/ HTTP/1.1" 404 209 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36"
TerminalDilettante
  • 595
  • 1
  • 6
  • 24

1 Answers1

0

You're missing listen 80; in the server block

Faisal Memon
  • 1,047
  • 7
  • 7
  • Didn't work. :( OK I edited the server block to include listen 80; right before location and restarted nginx; no dice. Also isn't listen 80 implied? Like that's the default port, right? – TerminalDilettante Feb 05 '17 at 02:44
  • Could also be that /etc/nginx/conf.d/default.conf is taking all port 80 requests. Try removing that file. – Faisal Memon Feb 05 '17 at 03:01
  • the conf.d subdirectory is empty. – TerminalDilettante Feb 05 '17 at 03:04
  • How about /etc/nginx-sites-enabled/ ? Something is listening on port 80 to be able to serve the generic NGINX is on page. One other thing to try is to put `listen 80 default_server;` in your server block. – Faisal Memon Feb 05 '17 at 03:09
  • AHA! sites-enabled had a symlink to sites-available/default and that had a config in there. I'll try editing that file? – TerminalDilettante Feb 05 '17 at 03:26
  • I would recommend removing it and moving your server {} config into /etc/nginx/conf.d/guacamole.conf. – Faisal Memon Feb 05 '17 at 03:29
  • First of all, adding that location block to sites-available/defailt worked.How do I reference guacamole.conf? Also to be clear, the only reason this server exists is for guacamole, and the only reason nginx is on there is to proxy 80/guacamole->8080/guacamole. – TerminalDilettante Feb 05 '17 at 03:30
  • Everything in conf.d folder is automatically included. See include directive in your config. – Faisal Memon Feb 05 '17 at 03:31
  • BTW I tried removing that location block from default into a guacamole.conf file (I added a server block around it) and it didn't work. – TerminalDilettante Feb 05 '17 at 03:50
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/134901/discussion-between-terminaldilettante-and-faisal-memon). – TerminalDilettante Feb 05 '17 at 14:54