Guacamole behind Traefik v3.3.4 / Pb with PathPrefix

Hello,

My Guacamole is working well behinf my traefik. Except I have to add '/guacamole' at the end of his URL like: https://guacamole.domain.tls/guacamole

I had during this day fight with labels, none are working.

I have add the middleware in my dynamic file

add-prefix-guacamole:
      addPrefix:
        prefix: "/guacamole"

Labels is my Guacamole compose file:

- "traefik.enable=true"
      - "traefik.http.routers.guacamole-rtr.entrypoints=https-external"
      - "traefik.http.routers.guacamole-rtr.tls=true"
      - "traefik.http.routers.guacamole-rtr.tls.certresolver=dns-cloudflare"
      - "traefik.http.routers.guacamole-rtr.service=guacamole"
      - "traefik.http.routers.guacamole-rtr.rule=Host(`guacamole.domain.org`)" # && PathPrefix(`/guacamole/`)"
      - "traefik.http.routers.guacamole-rtr.rule=PathPrefix(`/guacamole`)"
      - "traefik.http.middlewares.add-prefix-guacamole=/guacamole"
      #- "traefik.http.routers.guacamole-rtr.middlewares=authentik@file"
      - "traefik.http.services.guacamole.loadBalancer.server.port=8080"
      - "traefik.docker.network=my-net"

Thx

Create an additional router with rule=Host(…) && Path(`/`) and send a redirect to /guacamole. So the initial request to domain will automatically go to the required path.

You can’t simply add a prefix to every request, as the page will load dependencies like scripts and images, which will not work anymore.

By the way, this does not work, it will probably just overwrite the first router:

labels:
      - "traefik.enable=true"

  # Router for Root URL Redirection
      - "traefik.http.routers.redirect-root-router.rule=Path(`/`)"
      - "traefik.http.routers.guacamole-router.rule=Host(`guacamole.domain.org`)"
      - "traefik.http.routers.redirect-root-router.entrypoints=https-external"
      - "traefik.http.routers.redirect-root-router.middlewares=redirect-root-to-guacamole"
      - "traefik.http.routers.redirect-root-router.tls=true"
      - "traefik.http.routers.redirect-root-router.tls.certresolver=dns-cloudflare"

  # Middleware to Redirect from / to /guacamole/
      - "traefik.http.middlewares.redirect-root-to-guacamole.redirectregex.regex=^/$"
      - "traefik.http.middlewares.redirect-root-to-guacamole.redirectregex.replacement=/guacamole/"
      - "traefik.http.middlewares.redirect-root-to-guacamole.redirectregex.permanent=true"

  # Main Guacamole Router
      - "traefik.http.routers.guacamole-router.rule=PathPrefix(`/guacamole`)"
      - "traefik.http.routers.guacamole-router.entrypoints=https-external"
      - "traefik.http.routers.guacamole-router.tls=true"
      - "traefik.http.routers.guacamole-router.tls.certresolver=dns-cloudflare"

  # Guacamole Service
      - "traefik.http.services.guacamole.loadbalancer.server.port=8080"

Still error 404, I am not very confortable with redirect and regex

Tested and working

  guacamole:
    image: guacamole/guacamole
    networks:
      - proxy
      - database
    labels:
      - traefik.enable=true
      - traefik.docker.network=proxy

      # regular guacamole router
      - traefik.http.routers.myguacamole.rule=Host(`guacamole.example.com`)
      - traefik.http.services.myguacamole.loadbalancer.server.port=8080

      # redirect guacamole router for request without path, from / to /guacamole
      - traefik.http.routers.myguacamole-redir.rule=Host(`guacamole.example.com`) && Path(`/`)
      - traefik.http.routers.myguacamole-redir.middlewares=myguacamole-redir
      - traefik.http.middlewares.myguacamole-redir.redirectregex.regex=(.*)
      - traefik.http.middlewares.myguacamole-redir.redirectregex.replacement=$${1}guacamole

    environment:
      - GUACD_HOSTNAME=localhost
      - POSTGRESQL_DATABASE=localhost
      - POSTGRESQL_HOSTNAME=localhost
      - POSTGRESQL_USER=a
      - POSTGRESQL_PASSWORD=b
      - POSTGRESQL_DATABASE=c

You can enter guacamole.example.com into your client/browser, Traefik will automatically redirect you to guacamole.example.com/guacamole, so you never have to type in the path.

I still do have the same pb ...
I have to add the TLS config to your config ...

Place TLS config on entrypoint, reduces repeated config on routers.

- "traefik.enable=true"
      - "traefik.docker.network=mynet"

      # regular guacamole router
      - "traefik.http.routers.myguacamole.entrypoints=https-external"
      - "traefik.http.routers.myguacamole.tls=true"
      - "traefik.http.routers.myguacamole.tls.certresolver=dns-cloudflare"
      #- "traefik.http.routers.myguacamole.rule=Host(`guacamole.domain.org`)"
      - "traefik.http.services.myguacamole.loadbalancer.server.port=8080"
      

      # redirect guacamole router for request without path, from / to /guacamole
      - "traefik.http.routers.myguacamole-redir.rule=Host(`guacamole.domain.org`) && Path(`/`)"
      - "traefik.http.routers.myguacamole-redir.middlewares=myguacamole-redir"
      - "traefik.http.middlewares.myguacamole-redir.redirectregex.regex=(.*)"
      - "traefik.http.middlewares.myguacamole-redir.redirectregex.replacement=$${1}guacamole"

I didn't understood what you have "said" ... sorry

Your labels are incomplete. You have two routers. Both need a rule. And if you set TLS on routers (not globally on entrypoint), then both need tls.

Check simple Traefik example for a best practice configuration.

So I have two routers: guacamole and guacamole-redir
I have add for each router:

- "traefik.http.routers.guacamole-redir.tls=true" or - "traefik.http.routers.guacamole.tls=true" and the resolver for each

I hope this is correct.
I do have a change concerning my pb. Now when typing https://guacamole.domain.ff it forward it to https://guacamole.domain.ff/guacamole (what I want) but I still have an error 404.

labels:
      - "traefik.enable=true"
      - "traefik.docker.network=mynet"
      # regular guacamole router
      - "traefik.http.routers.guacamole.entrypoints=https-external"
      - "traefik.http.services.guacamole.loadbalancer.server.port=8080"
      - "traefik.http.routers.guacamole.tls=true"
      # redirect guacamole router for request without path, from / to /guacamole
      - "traefik.http.routers.guacamole-redir.rule=Host(`guacamole.domain.org`) && Path(`/`)"
      - "traefik.http.routers.guacamole-redir.tls=true"
      - "traefik.http.routers.guacamole-redir.middlewares=guacamole-redir"
      - "traefik.http.middlewares.guacamole-redir.redirectregex.regex=(.*)"
      - "traefik.http.middlewares.guacamole-redir.redirectregex.replacement=$${1}guacamole"

2025-03-05T17:57:52+02:00 ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [guacamole-guacamole]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for \"guacamole-guacamole\": Domain name needs at least one dot" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["guacamole-guacamole"] providerName=dns-cloudflare.acme routerName=guacamole@docker rule=Host(`guacamole-guacamole`)

Is it the problem when not using staging for the ssl ? To many request ?

Cannot issue for \"guacamole-guacamole\": Domain name needs at least one dot 

Where is that coming from ??

labels:
      - "traefik.enable=true"
      - "traefik.docker.network=mynet"
      # regular guacamole router
      - "traefik.http.routers.guacamole.entrypoints=https-external"
      - "traefik.http.services.guacamole.loadbalancer.server.port=8080"
      - "traefik.http.routers.guacamole.tls=true"
      - "traefik.http.routers.guacamole.tls.certresolver=dns-cloudflare"
      # redirect guacamole router for request without path, from / to /guacamole
      - "traefik.http.routers.guacamole.rule=Host(`guacamole.domain.org`) && Path(`/`)"
      - "traefik.http.routers.guacamole.middlewares=guacamole@docker"
      - "traefik.http.middlewares.guacamole.redirectregex.regex=(.*)"
      - "traefik.http.middlewares.guacamole.redirectregex.replacement=$${1}guacamole"

I have removed the second router (guacamole-redir) to make this config a bit less messy ...
I do not have anymore the SSL error 400 .... But still the 404.

I would recommend to follow my instructions:

Yes I do apologie, I haven't very well undertand the concept of a traefik router. I have add the 2 rules for each router, it is now working.
Thx a lot for your support.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.