I've setup a proxy for Apache Guacamole in order to facilitate self hosted remote access to my computers.
I've run into the issue whereas official NGINX setup from guacamole documentation has caused websocket connection to fail silently and website generate a constant HTTP traffic and max out the access.log, here is my setup in case someone else find this useful:
server {
listen 443 ssl;
server_name guac.*;
set $rmt guac:8080;
# all ssl related config moved to ssl.conf
include /config/nginx/ssl.conf;
client_max_body_size 0;
location /websocket-tunnel {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://$rmt$request_uri;
proxy_set_header Host $host;
access_log off;
proxy_buffering off;
}
location /tunnel {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://$rmt$request_uri;
proxy_set_header Host $host;
access_log off;
proxy_buffering off;
}
location / {
proxy_buffering off;
proxy_read_timeout 3600;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
sub_filter 'Apache Guacamole' 'Access Gateway';
sub_filter 'Guacamole' 'Gateway';
sub_filter_types application/json;
sub_filter_once off;
proxy_pass http://$rmt;
proxy_set_header Host $host;
}
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
proxy_pass http://$rmt;
proxy_set_header Host $host;
access_log off;
}
}
Ideally, /tunnel location will remain unused, but it's nice not to fill up your access.log in case something happens to make it failover.
---
Now, back to the original question. While I've got it working, I'm curios why URL request data was not passed by default. I've ended up changing the proxy path to "http://$rmt$request_uri;" and that worked, but is it always been necessary to pass the URL parameters?