Gateone is installed and seems to be working fine. Current configuration is operating through Apache reverse proxy. When I hit the standard URL, I get the host prompt - and after giving it the host, port and user, everything works just as expected.

However, my next goal is to get this to integrate to support direct launch via URL. When, however, I run the URL:

https:///g1?ssh=ssh://@/

I get redirected back to the standard login - its as though the ssh parameter isn't even being processed. Don't see any error messages in the logs either. The system is currently setup to operate through anonymous access, so that shouldn't be an issue. Config file for review:

locale = "en_US" pam_service = "login" syslog_facility = "daemon" syslog_host = None enable_unix_socket = False port = 4443 uid = "107" url_prefix = "/g1/" user_dir = "/opt/gateone/users" dtach = True certificate = "certificate.pem" log_to_stderr = False session_logs_max_age = "30d" gid = "114" pid_file = "gateone.pid" sso_realm = None cookie_secret = "ZGExOWQ2ODY1NmJiNDk2NmI3Y2JjOWNmNmY5YWJhMDI4M" pam_realm = "est-nagios-core" sso_service = "HTTP" https_redirect = False syslog_session_logging = False disable_ssl = True debug = False session_dir = "/tmp/gateone" auth = "none" address = "" api_timestamp_window = "30s" log_file_num_backups = 10 logging = "info" embedded = False origins = "http://localhost;https://localhost;http://127.0.0.1;https://127.0.0.1;https://;https://;https://;https://127.0.1.1;https://10.133.1.24" session_logging = True unix_socket_path = "/var/run/gateone.sock" ssl_auth = "none" log_file_max_size = 104857600 session_timeout = "5d" command = "/opt/gateone/plugins/ssh/scripts/ssh_connect.py -S '/tmp/gateone/%SESSION%/%SHORT_SOCKET%' --sshfp -a '-oUserKnownHostsFile=%USERDIR%/%USER%/ssh/known_hosts'" ca_certs = None js_init = "" keyfile = "keyfile.pem" log_file_prefix = "/opt/gateone/logs/webserver.log"

Any insight here would be most welcome.

Feb 26 '15 15:02 jvanhoose

Ok, adding some brackets didn't work. THe actual url that was being tried was:

https://url/g1?ssh=ssh://user@host/

Feb 26 '15 15:02 jvanhoose

my understanding was that Apache reverse proxying doesn't support web sockets. has this changed?

https://github.com/liftoff/GateOne/issues/76

Feb 26 '15 17:02 jrellsworth

Yes – it has (at least in Apache 2.4 – the other versions did not work). The Apache configuration that works for me is:

ProxyPreserveHost On

ProxyPass http://localhost:4443/g1 ProxyPassReverse http://localhost:4443/g1 </Location>

<Location /g1/ws> ProxyPass ws://localhost:4443/g1/ws ProxyPassReverse ws://localhost:4443/g1/ws </Location>

For everything except direct URL access, it works just fine (I have run sessions of 1 hour + without issue).

From: jrellsworth [mailto:[email protected]] Sent: Thursday, February 26, 2015 11:25 AM To: liftoff/GateOne Cc: Jeffrey Van Hoose Subject: Re: [GateOne] GateOne host connect via URL doesn't seem to be working (#499)

my understanding was that Apache reverse proxying doesn't support web sockets. has this changed?

#76https://github.com/liftoff/GateOne/issues/76

— Reply to this email directly or view it on GitHubhttps://github.com/liftoff/GateOne/issues/499#issuecomment-76222778.

Feb 26 '15 17:02 jvanhoose

OK, I was just mentioning something I had seen before - I didn't realize that it should work with apache 2.4.

I wish I had a solution, but nothing really comes to mind.

Feb 26 '15 17:02 jrellsworth

Hi,

I am struggling to get reverse proxy work where my Apache 2.4 and gateone are running from single system QNAP. my confs are as follows for reverse proxy, I have added all the ips/hostname in Origins tag of Gateone config.

ProxyPass /ssh https://127.0.0.1:10443/ssh ProxyPassReverse /ssh https://127.0.0.1:10443/ssh ProxyPass /ssh wss://127.0.0.1:10443/ssh ProxyPassReverse /ssh wss://127.0.0.1:10443/ssh

I get the error as per below, btw I tried to disable the ssl and result is same, any help will be much appreciated.

An SSL certificate must be accepted by your browser to continue. Please click here to be redirected. Attempting to connect to the Gate One server...

Aug 20 '18 11:08 idongithub

i seem to have found it working now Steps I took is disable ssl in gateone config, add ip/host names in the origins param below is my apache config enable all proxy modules including wstunnel ProxyPass /ssh http://152.168.1.25:10443/ssh ProxyPassReverse /ssh http://152.168.1.25:10443/ssh

ProxyPass /ssh ws://152.168.1.25:10443/ssh ProxyPassReverse /ssh ws://152.168.1.25:10443/ssh

<Location /ssh/ws> ProxyPass ws://152.168.1.25:10443/ssh/ws ProxyPassReverse ws://152.168.1.25:10443/ssh/ws </Location>

Aug 20 '18 13:08 idongithub

Hi, all. I did all I could, but still get the error: An SSL certificate must be accepted by your browser to continue. Please click here to be redirected. Attempting to connect to the Gate One server...

my Gateone config: "disable_ssl": true, "origins": ["localhost", "127.0.0.1", "10.7.132.25", "http://10.7.132.25:8888", "http://10.7.132.25/ssh"], "port": 8888,

I think it should be the problem of apache 2.4 configuration Here is my config file:

#proxy module LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so

ProxyRequests On ProxyVia On

<Proxy *> Order deny,allow Deny from all Allow from 10.7.132.25 </Proxy>

ProxyPass /ssh http://10.7.132.25:8888/ssh ProxyPassReverse /ssh http://10.7.132.25:8888/ssh

ProxyPass /ssh ws://10.7.132.25:8888/ssh ProxyPassReverse /ssh ws://10.7.132.25:8888/ssh

<Location /ssh/ws> ProxyPass ws://10.7.132.25:8888/ssh/ws ProxyPassReverse ws://10.7.132.25:8888/ssh/ws </Location> <Location /ssh> Order deny,allow Deny from all Allow from all

   ProxyPass http://10.7.132.25:8888/ssh
   ProxyPassReverse http://10.7.132.25:8888/ssh

Mar 26 '21 02:03 T1ANFeng