root@guacamole:/etc/nginx# cat /etc/nginx/nginx.confuser www-data;worker_pro

1. root@guacamole:/etc/nginx# cat /etc/nginx/nginx.conf
2. user www-data;
3. worker_processes 4;
4. pid /run/nginx.pid;
5.  
6. events {
7. worker_connections 768;
8. # multi_accept on;
9. }
10.  
11. http {
12.  
13. ##
14. # Basic Settings
15. ##
16.  
17. sendfile on;
18. tcp_nopush on;
19. tcp_nodelay on;
20. keepalive_timeout 65;
21. types_hash_max_size 2048;
22. # server_tokens off;
23.  
24. # server_names_hash_bucket_size 64;
25. # server_name_in_redirect off;
26.  
27. include /etc/nginx/mime.types;
28. default_type application/octet-stream;
29.  
30. ##
31. # Logging Settings
32. ##
33.  
34. access_log /var/log/nginx/access.log;
35. error_log /var/log/nginx/error.log;
36.  
37. ##
38. # Gzip Settings
39. ##
40.  
41. gzip on;
42. gzip_disable "msie6";
43.  
44. # gzip_vary on;
45. # gzip_proxied any;
46. # gzip_comp_level 6;
47. # gzip_buffers 16 8k;
48. # gzip_http_version 1.1;
49. # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
50.  
51. ##
52. # nginx-naxsi config
53. ##
54. # Uncomment it if you installed nginx-naxsi
55. ##
56.  
57. #include /etc/nginx/naxsi_core.rules;
58.  
59. ##
60. # nginx-passenger config
61. ##
62. # Uncomment it if you installed nginx-passenger
63. ##
64.  
65. #passenger_root /usr;
66. #passenger_ruby /usr/bin/ruby;
67.  
68. ##
69. # Virtual Host Configs
70. ##
71.  
72. include /etc/nginx/conf.d/*.conf;
73. include /etc/nginx/sites-enabled/*;
74. }
75.  
76.  
77. #mail {
78. # # See sample authentication script at:
79. # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
80. #
81. # # auth_http localhost/auth.php;
82. # # pop3_capabilities "TOP" "USER";
83. # # imap_capabilities "IMAP4rev1" "UIDPLUS";
84. #
85. # server {
86. # listen localhost:110;
87. # protocol pop3;
88. # proxy on;
89. # }
90. #
91. # server {
92. # listen localhost:143;
93. # protocol imap;
94. # proxy on;
95. # }
96. #}
97.  
98.  
99.  
100. root@guacamole:/etc/nginx# cat /etc/nginx/nginx.conf
101. user www-data;
102. worker_processes 4;
103. pid /run/nginx.pid;
104.  
105. events {
106. worker_connections 768;
107. # multi_accept on;
108. }
109.  
110. http {
111.  
112. ##
113. # Basic Settings
114. ##
115.  
116. sendfile on;
117. tcp_nopush on;
118. tcp_nodelay on;
119. keepalive_timeout 65;
120. types_hash_max_size 2048;
121. # server_tokens off;
122.  
123. # server_names_hash_bucket_size 64;
124. # server_name_in_redirect off;
125.  
126. include /etc/nginx/mime.types;
127. default_type application/octet-stream;
128.  
129. ##
130. # Logging Settings
131. ##
132.  
133. access_log /var/log/nginx/access.log;
134. error_log /var/log/nginx/error.log;
135.  
136. ##
137. # Gzip Settings
138. ##
139.  
140. gzip on;
141. gzip_disable "msie6";
142.  
143. # gzip_vary on;
144. # gzip_proxied any;
145. # gzip_comp_level 6;
146. # gzip_buffers 16 8k;
147. # gzip_http_version 1.1;
148. # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
149.  
150. ##
151. # nginx-naxsi config
152. ##
153. # Uncomment it if you installed nginx-naxsi
154. ##
155.  
156. #include /etc/nginx/naxsi_core.rules;
157.  
158. ##
159. # nginx-passenger config
160. ##
161. # Uncomment it if you installed nginx-passenger
162. ##
163.  
164. #passenger_root /usr;
165. #passenger_ruby /usr/bin/ruby;
166.  
167. ##
168. # Virtual Host Configs
169. ##
170.  
171. include /etc/nginx/conf.d/*.conf;
172. include /etc/nginx/sites-enabled/*;
173. }
174.  
175.  
176. #mail {
177. # # See sample authentication script at:
178. # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
179. #
180. # # auth_http localhost/auth.php;
181. # # pop3_capabilities "TOP" "USER";
182. # # imap_capabilities "IMAP4rev1" "UIDPLUS";
183. #
184. # server {
185. # listen localhost:110;
186. # protocol pop3;
187. # proxy on;
188. # }
189. #
190. # server {
191. # listen localhost:143;
192. # protocol imap;
193. # proxy on;
194. # }
195. #}
196. root@guacamole:/etc/nginx# cat sites-available/default
197. # ANOTHER SERVER LISTENING ON PORT 443 (SSL) to secure the Guacamole traffic and proxy the requests to Tomcat7
198. server {
199. listen 443 ssl;
200.  
201. server_name guacamole.localdomain.local;
202.  
203. # This part is for SSL config only
204. ssl on;
205. ssl_certificate /etc/nginx/ssl/nginx.crt;
206. ssl_certificate_key /etc/nginx/ssl/nginx.key;
207. ssl_session_cache shared:SSL:10m;
208. ssl_ciphers 'AES256+EECDH:AES256+EDH:!aNULL';
209. ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
210. ssl_stapling on;
211. ssl_stapling_verify on;
212. ssl_prefer_server_ciphers on;
213. # ssl_dhparam /etc/ssl/certs/dhparam.pem;
214.  
215. # Found below settings to be performing best but it will work with your own
216. tcp_nodelay on;
217. tcp_nopush off;
218. sendfile on;
219. client_body_buffer_size 10K;
220. client_header_buffer_size 1k;
221. client_max_body_size 8m;
222. large_client_header_buffers 2 1k;
223. client_body_timeout 12;
224. client_header_timeout 12;
225. keepalive_timeout 15;
226. send_timeout 10;
227.  
228. # HINT: You might want to enable access_log during the testing!
229. access_log off;
230.  
231. # Don't turn ON proxy_buffering!; this will impact the line quality
232. proxy_buffering off;
233. proxy_redirect off;
234.  
235. # Enabling websockets using the first 3 lines; Check /var/log/tomcat8/catalina.out while testing; guacamole will show you a fallback message if websockets fail to work.
236. proxy_http_version 1.1;
237. proxy_set_header Upgrade $http_upgrade;
238. proxy_set_header Connection "upgrade";
239.  
240. # Just something that was advised by someone from the dev team; worked fine without it too.
241. proxy_cookie_path /guacamole/ /;
242.  
243. location / {
244. # I am running the Tomcat7 and Guacamole on the local server
245. proxy_pass http://ts.bpdm.com:8080;
246. break;
247. }
248. }