Moin
https://cert.int.de/
https://cert.int.de/lan.crt
über Browser ist nicht erreichbar , davor wahr mal erreichbar ,
support_data.zip (9,2 KB)
Hallo Jean,
Nach mehreren Reboots , habe ich es hin bekommen mit installieren von Zertifikaten,
habe den Faden verloren , glaube muss jetzt cloud Desktop deinstallieren und neu installieren . mache es heute Nachmittag.
Hallo Jean
Habe jetzt alle deine Vorschläge gefolgt, sprich
sudo apt install libre-workspace-portal --reinstall
Zertifikat in Firefox zugefügt , wird als gesichert angezeigt , mehr mals neu gestartet , gebootet , aber trotzdem will cloud desktop nicht laufen ,
was noch auffällt
wird nicht komplett gelogt nur ein Teil ,später kommt nichts mehr
nucuser@la:~$ sudo journalctl -u libre-workspace-portal -f
[sudo] Passwort für nucuser:
Nov 04 22:00:30 la libre-workspace-portal[1053]: No migrations to apply.
Nov 04 22:00:31 la libre-workspace-portal[1175]: 0 static files copied to '/var/www/libre-workspace-static', 180 unmodified.
Nov 04 22:00:32 la libre-workspace-portal[1218]: RSA key successfully created with kid: e23a82bcd09a5fd3b4482d3972608d9e
Nov 04 22:00:33 la libre-workspace-portal[1324]: File “/usr/lib/libre-workspace/portal/locale/en/LC_MESSAGES/django.po” is already compiled and up to date.
Nov 04 22:00:33 la libre-workspace-portal[1324]: File “/usr/lib/libre-workspace/portal/locale/de/LC_MESSAGES/django.po” is already compiled and up to date.
Nov 04 22:00:34 la libre-workspace-portal[714]: Setting number of workers to 3
Nov 04 22:00:34 la libre-workspace-portal[1626]: [2025-11-04 22:00:34 +0100] [1626] [INFO] Starting gunicorn 23.0.0
Nov 04 22:00:34 la libre-workspace-portal[1626]: [2025-11-04 22:00:34 +0100] [1626] [INFO] Listening at: http://127.0.0.1:11123 (1626)
Nov 04 22:00:34 la libre-workspace-portal[1626]: [2025-11-04 22:00:34 +0100] [1626] [INFO] Using worker: sync
Nov 04 22:00:34 la libre-workspace-portal[1659]: [2025-11-04 22:00:34 +0100] [1659] [INFO] Booting worker with pid: 1659
Nov 04 22:05:14 la libre-workspace-portal[1659]: [2025-11-04 22:05:14 +0100] [1659] [INFO] Worker exiting (pid: 1659)
Nov 04 22:05:14 la systemd[1]: Stopping libre-workspace-portal.service - Libre Workspace Portal Service...
Nov 04 22:05:14 la libre-workspace-portal[1626]: [2025-11-04 22:05:14 +0100] [1626] [INFO] Handling signal: term
Nov 04 22:05:14 la libre-workspace-portal[1626]: [2025-11-04 22:05:14 +0100] [1626] [ERROR] Worker (pid:1659) was sent SIGTERM!
Nov 04 22:05:14 la libre-workspace-portal[1626]: [2025-11-04 22:05:14 +0100] [1626] [INFO] Shutting down: Master
Nov 04 22:05:14 la systemd[1]: libre-workspace-portal.service: Deactivated successfully.
Nov 04 22:05:14 la systemd[1]: Stopped libre-workspace-portal.service - Libre Workspace Portal Service.
Nov 04 22:05:14 la systemd[1]: libre-workspace-portal.service: Consumed 6.643s CPU time, 123M memory peak.
Nov 04 22:05:14 la systemd[1]: Started libre-workspace-portal.service - Libre Workspace Portal Service.
Nov 04 22:05:14 la libre-workspace-portal[4967]: /
Nov 04 22:05:15 la libre-workspace-portal[4976]: Operations to perform:
Nov 04 22:05:15 la libre-workspace-portal[4976]: Apply all migrations: admin, app_dashboard, auth, contenttypes, idm, oidc_provider, otp_hotp, otp_static, otp_totp, sessions
Nov 04 22:05:15 la libre-workspace-portal[4976]: Running migrations:
Nov 04 22:05:15 la libre-workspace-portal[4976]: No migrations to apply.
Nov 04 22:05:15 la libre-workspace-portal[4986]: 0 static files copied to '/var/www/libre-workspace-static', 180 unmodified.
Nov 04 22:05:16 la libre-workspace-portal[4989]: RSA key successfully created with kid: f01e615e52b7440997e543f33f845884
Nov 04 22:05:17 la libre-workspace-portal[4999]: File “/usr/lib/libre-workspace/portal/locale/en/LC_MESSAGES/django.po” is already compiled and up to date.
Nov 04 22:05:17 la libre-workspace-portal[4999]: File “/usr/lib/libre-workspace/portal/locale/de/LC_MESSAGES/django.po” is already compiled and up to date.
Nov 04 22:05:17 la libre-workspace-portal[4967]: Setting number of workers to 3
Nov 04 22:05:17 la libre-workspace-portal[5003]: [2025-11-04 22:05:17 +0100] [5003] [INFO] Starting gunicorn 23.0.0
Nov 04 22:05:17 la libre-workspace-portal[5003]: [2025-11-04 22:05:17 +0100] [5003] [INFO] Listening at: http://127.0.0.1:11123 (5003)
Nov 04 22:05:17 la libre-workspace-portal[5003]: [2025-11-04 22:05:17 +0100] [5003] [INFO] Using worker: sync
Nov 04 22:05:17 la libre-workspace-portal[5004]: [2025-11-04 22:05:17 +0100] [5004] [INFO] Booting worker with pid: 5004
Nov 04 22:07:13 la libre-workspace-portal[5004]: Binding as cn=Administrator,cn=users,dc=int,dc=de
Nov 04 22:07:13 la libre-workspace-portal[5004]: Populating Django user Administrator
Nov 04 22:07:13 la libre-workspace-portal[5004]: Binding as cn=Administrator,cn=users,dc=int,dc=de
Nov 04 22:07:13 la libre-workspace-portal[5004]: cn=Administrator,cn=users,dc=int,dc=de is a member of cn=administrators,cn=builtin,dc=int,dc=de
Nov 04 22:07:13 la libre-workspace-portal[5004]: cn=Administrator,cn=users,dc=int,dc=de is a member of cn=administrators,cn=builtin,dc=int,dc=de
Nov 04 22:11:54 la libre-workspace-portal[5003]: [2025-11-04 22:11:54 +0100] [5003] [INFO] Handling signal: term
Nov 04 22:11:54 la libre-workspace-portal[5004]: [2025-11-04 22:11:54 +0100] [5004] [INFO] Worker exiting (pid: 5004)
Nov 04 22:11:54 la libre-workspace-portal[5004]: Benutzer ist authentifiziert.
Nov 04 22:11:54 la libre-workspace-portal[5004]: $y$j9T$oRVvZDY85rx4dPXZwgbxh.$Bj5aF7XURzan.NreeOxFf1Bpwu.KgP3IRSpl5NGOgk6
Nov 04 22:11:54 la libre-workspace-portal[5004]: Passwort des Linux-Client-Benutzers für Benutzer: Administrator mit neuem Passwort-Hash aktualisiert: $y$j9T$oRVvZDY85rx4dPXZwgbxh.$Bj5aF7XURzan.NreeOxFf1Bpwu.KgP3IRSpl5NGOgk6
Nov 04 22:11:54 la systemd[1]: Stopping libre-workspace-portal.service - Libre Workspace Portal Service...
Nov 04 22:11:54 la libre-workspace-portal[5003]: [2025-11-04 22:11:54 +0100] [5003] [ERROR] Worker (pid:5004) was sent SIGTERM!
Nov 04 22:11:54 la libre-workspace-portal[5003]: [2025-11-04 22:11:54 +0100] [5003] [INFO] Shutting down: Master
Nov 04 22:11:54 la systemd[1]: libre-workspace-portal.service: Deactivated successfully.
Nov 04 22:11:54 la systemd[1]: Stopped libre-workspace-portal.service - Libre Workspace Portal Service.
Nov 04 22:11:54 la systemd[1]: libre-workspace-portal.service: Consumed 20.132s CPU time, 87.2M memory peak.
Nov 04 22:12:08 la systemd[1]: Started libre-workspace-portal.service - Libre Workspace Portal Service.
Nov 04 22:12:08 la libre-workspace-portal[6086]: /
Nov 04 22:12:09 la libre-workspace-portal[6094]: Operations to perform:
Nov 04 22:12:09 la libre-workspace-portal[6094]: Apply all migrations: admin, app_dashboard, auth, contenttypes, idm, oidc_provider, otp_hotp, otp_static, otp_totp, sessions
Nov 04 22:12:09 la libre-workspace-portal[6094]: Running migrations:
Nov 04 22:12:09 la libre-workspace-portal[6094]: No migrations to apply.
Nov 04 22:12:09 la libre-workspace-portal[6121]: 0 static files copied to '/var/www/libre-workspace-static', 180 unmodified.
Nov 04 22:12:10 la libre-workspace-portal[6124]: RSA key successfully created with kid: 82a688cef3e59628301136c821f6c096
Nov 04 22:12:11 la libre-workspace-portal[6134]: File “/usr/lib/libre-workspace/portal/locale/de/LC_MESSAGES/django.po” is already compiled and up to date.
Nov 04 22:12:11 la libre-workspace-portal[6134]: File “/usr/lib/libre-workspace/portal/locale/en/LC_MESSAGES/django.po” is already compiled and up to date.
Nov 04 22:12:11 la libre-workspace-portal[6086]: Setting number of workers to 3
Nov 04 22:12:11 la libre-workspace-portal[6138]: [2025-11-04 22:12:11 +0100] [6138] [INFO] Starting gunicorn 23.0.0
Nov 04 22:12:11 la libre-workspace-portal[6138]: [2025-11-04 22:12:11 +0100] [6138] [INFO] Listening at: http://127.0.0.1:11123 (6138)
Nov 04 22:12:11 la libre-workspace-portal[6138]: [2025-11-04 22:12:11 +0100] [6138] [INFO] Using worker: sync
Nov 04 22:12:11 la libre-workspace-portal[6156]: [2025-11-04 22:12:11 +0100] [6156] [INFO] Booting worker with pid: 6156
Du musst das Cloud Desktop Modul entfernen und wieder installieren.
ich bekomme auch eine redirect schleife.
stimmen deine docker commands? ein docker container ls | grep guac* gibt:
d754cd740393 guacamole/guacamole:1.5.5 "/opt/guacamole/bin/…" 2 hours ago Up 43 minutes 0.0.0.0:28925->8080/tcp, :::28925->8080/tcp desktop-guacamole-1
10ef598d3d05 guacamole/guacd "/opt/guacamole/entr…" 2 hours ago Up 43 minutes (healthy) 4822/tcp desktop-guacd-1
man achte auf desktop-guacamole-1 und desktop-guacd-1
1 „Gefällt mir“
Das musst Du unter “Zertifizierungsstellen” installieren
1 „Gefällt mir“
Die sehen beide sehr gut aus.
Gerne mal F12 aufrufen und da den Netzwerktraffic im Browser zeigen.
Und die Ausgabe von docker compose -f /root/desktop/docker-compose.yml logs posten
1 „Gefällt mir“
ok, ich hatte erwartet, dass die docker commands auch mit “-” anstatt “_” wie bei dir geschrieben werden müssen.
hier ist der log:
[http-nio-8080-exec-4] INFO o.a.g.a.o.t.TokenValidationService - Rejected invalid OpenID token: JWT processing failed. Additional details: [[17] Unable to process JOSE object (cause: org.jose4j.lang.UnresolvableKeyException: Unable to find a suitable verification key for JWS w/ header {"alg":"RS256","kid":"51fe39784be044d0f0ac54e2d601a9f5"} due to an unexpected exception (javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target) while obtaining or using keys from JWKS endpoint at https://portal.int.de/openid/jwks): JsonWebSignature{"alg":"RS256","kid":
und F12:
1 „Gefällt mir“
Guacamole kennt das SSL Zertifikat nicht.
Führe mal:
docker cp /var/www/cert/lan.crt desktop-guacamole-1:/usr/local/share/ca-certificates/lan.crt
# Also copy it to /opt/java/openjdk/jre/lib/security/cacerts inside the guacamole container
docker cp /var/www/cert/lan.crt desktop-guacamole-1:/tmp/lan.crt
docker exec -u 0 -it desktop-guacamole-1 update-ca-certificates
# Trust the certificate in the java keystore
docker exec -u 0 -it desktop-guacamole-1 bash -c "keytool -import -trustcacerts -keystore /opt/java/openjdk/jre/lib/security/cacerts -storepass changeit -noprompt -alias lan -file /tmp/lan.crt"
aus
1 „Gefällt mir“
Jetzt hat es auch bei mir geklappt , Danke @Jean
Hier eine kurze Fassung für die anderen :
1.für FF unter Zertifizierungsstellen ,Das Zertifikat installieren
2 Unten aufgeführten Befehle ausführen
.`docker cp /var/www/cert/lan.crt desktop-guacamole-1:/usr/local/share/ca-certificates/lan.crt
# Also copy it to /opt/java/openjdk/jre/lib/security/cacerts inside the guacamole container
docker cp /var/www/cert/lan.crt desktop-guacamole-1:/tmp/lan.crt
docker exec -u 0 -it desktop-guacamole-1 update-ca-certificates
# Trust the certificate in the java keystore
docker exec -u 0 -it desktop-guacamole-1 bash -c "keytool -import -trustcacerts -keystore /opt/java/openjdk/jre/lib/security/cacerts -storepass changeit -noprompt -alias lan -file /tmp/lan.crt"`
- Debian server neu starten
sudo reboot
4.Libre -workspace neu starten
sudo systemctl restart libre-workspace-portal
5.Browser neu starten
Browser>Libre-workspace> Cloud Desktop > etwas warten bis Cinnamon startet> das wahrs .
Großartig @Jean
1 „Gefällt mir“