Bitnami Guacamole bncert-tool “resolves to a different IP” - behind proxy servers

Keywords: Apache Guacamole - Virtual Machines - Technical issue - Domain Name (DNS)
bnsupport ID: 6c7a9ba5-308f-533f-0cec-b5111a95a5db
Description:
Hi,

I am trying to use the bncert-tool to configure certificates for Apache Guacamole.
This is running the VMWare virtual machine on my ESXi server, runs perfectly fine and is publicly accessible at remote.mydomain.co.uk.

When running the bncert-tool it asks for the domain (remote.mydomain.co.uk for example). prompts me if I want to also add www.remote.mydomain.co.uk - yes.
Then fails as it days the DNS entry does not match the current IP.

My problem here is that this server is in a school behind a large proxy farm hosted by our ISP. They have NAT’d a public IP address down to our internal IP address. This works perfectly fine.
Outbound however, as it goes out through a proxy farm, it does see a different public IP depending on which proxy server it has gone out of. Even if I do a “WhatsMyIP” on my office PC it changes the IP address every so often.

I need it to skip this check or something as it is publicly accessible using my DNS entry on my domain.

Is there any way of skipping this check, or telling it the public IP address that is accessible?

Many Thanks,
ITManLT

Hi @ITManLT,

The tool just checks if the domain resolves to the machine’s IP. I don’t know if it’s using a different IP due to your network configuration. However, you can follow the manual approach to generate your certificates

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach

Important note: The paths are different in this solution. The Bitnami Apache Guacamole solution uses a different technology so you will need to use the proper paths to configure the certificate (/opt/bitnami/apache vs /opt/bitnami/apache2, /opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf vs /opt/bitnami/apache/conf/bitnami/bitnami.conf, …)

Let us know if you have any questions.

Hi Jota,

Thanks for your help, however I also tried this one.
I get stuck where it gives me the steps for Apache2 because this VM doesn’t seem to have Apache2 on it…

In the /opt/bitnami/ folder there is apache or apache-tomcat. So I tried replacing apache2 in the commands with just apache but that didn’t work.

There don’t seem to be any guides that point to apache… only apache2 so I’m a bit stuck.

I’ve actually bought an SSL Certificate now to just install this but I don’t know where I should place this. Again all guides seem to point to somewhere in an apache2 folder…

Any ideas?

Thanks,
Lee.

Keywords: Apache Guacamole - Virtual Machines - How to - Secure Connections (SSL/HTTPS)
Description:
I have downloaded the Apache Guacamole Virtual Appliance to run on VMWare (ESXi).
Appliance is running fine so I want to secure with an SSL Certificate.

I have tried following the guide here:
https://docs.bitnami.com/aws/apps/guacamole/administration/create-ssl-certificate-apache/
And also tried LetsEncrypt (didn’t work behind our ISPs proxy farm) so I’ve bought our own.

I need help where to put my certificate files that I have now received.
All guides seem to point to /opt/bitnami/apache2/blahblahblah.
For some reason on my VM there is no Apache2… In the above location /opt/bitnami/ I see apache or apache-tomcat.

All of the guides point me to Apache2 so I’m a bit stuck as to what to do.

Any help securing this would be greatly appreciated.

Thanks,
Lee.

Hi @ITManLT,

Please share the Bitnami Support tool code again.

How to Run the Bitnami Support Tool

We understand you generated new certificate files but you only need to configure them in the /opt/bitnami/apache/conf/vhosts/guacamole-https-vhost.conf file

  SSLCertificateFile "/opt/bitnami/letsencrypt/certificates/YOURDOMAIN.crt"
  SSLCertificateKeyFile "/opt/bitnami/letsencrypt/certificates/YOURDOMAIN.key"

Thanks

Hi Jota,

Thanks for your response:
Support Code:
c6d26f01-5650-4838-df70-62f7f4170303

Okay awesome. So from our SSL provider I now have some certificates named as below:
CACertificate-INTERMEDIATE-1.cer
CACertificate-INTERMEDIATE-2.cer
CACertificate-ROOT-3.cer
My_CA_Bundle.ca-bundle
ServerCertificate.cer

Can you confirm which of these I should put where on the server please?

Many Thanks,
Lee.

Hi Jota,

I have put my ServerCertificate.cer on the server and edited /opt/bitnami/apache/conf/vhosts/guacamole-https-vhost.conf to point to the file now so it’s all working thanks.
Can I just ask one final question. How to redirect http:// to https:// now?

I have seen some other topics relating to say WordPress etc but can’t apply the commands to here

Thanks,
Lee.

Hi @ITManLT,

You will need to edit the /opt/bitnami/apache/conf/vhosts/guacamole-http-vhost.conf file and force the redirection

  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
  RewriteRule ^/(.*) https://your_domain.com/$1 [R,L]

You have one example here: https://docs.bitnami.com/aws/apps/guacamole/administration/force-https-apache/

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.